LEEWAY

EIGHTH SEMESTER BBA LLB

CYBER CRIMES
CREATED BY
AJITH.V, RATHULDEV.S, MUHAMMED NASEEB P
[BBA LLB FINAL YEARS, MCT LAW COLLEGE]

DISCLAIMER

Leeway is fellowship of MCT College of legal studies, Melmuri Malappuram. This document is a
compilation of extracts from various sources. Material may not cover the entire syllabus of the
subject, but exam oriented. Created on the basis of previous year question papers and important
questions. The material is intended for an absolute educational purpose. Reproduction of the
material for non-educational purpose will not be entertained. Use the material at your own risk.
12 MARKS

Offences Under IT Act, 2000

The Government of India enacted its Information Technology Act, 2000 with the objectives stating officially
as: “to provide legal recognition for transactions carried out by means of electronic data interchange and other
means of electronic communication, commonly referred to as “electronic commerce”, which involve the use of
alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing
of documents with the Government agencies and further to amend the Indian Penal Code, the Indian
Evidence Act, 1872, the Bankers Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and
for matters connected therewith or incidental thereto.”

CYBERCRIME

 Cybercrime is a generic term that refers to all criminal activities done using the medium of computers, the
Internet, cyberspace and the worldwide web. Computer crime, or Cybercrime, refers to any crime that
involves a computer and a network.
 The computer may have been used in the commission of a crime, or it may be the target. Netcrime is
criminal exploitation of the Internet.
 The Indian Law has not given any definition to the term ‘cybercrime’. In fact, the Indian Penal Code does
not use the term ‘cybercrime’ at any point even after its amendment by the Information Technology
(Amendment) Act 2008, the Indian Cyberlaw.
 But “Cyber Security” is defined under Section (2) (b) means protecting information, equipment, devices
computer, computer resource, communication device and information stored therein from unauthorized
access, use, disclosure, disruption, modification or destruction.
 Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by means of electronic
operations that targets the security of computer systems and the data processed by them.[xii]
 Cybercrime in a broader sense (computer-related crime):
o Any illegal behavior committed by means of, or in relation to, a computer system or network,
including such crimes as illegal possession and offering or distributing information by means of a
computer system or network.
o Any contract for the sale or conveyance of immovable property or any interest in such property;
o Any such class of documents or transactions as may be notified by the Central Government
Confidential.

Categories of Cyber Crimes

 Cyber crimes can be classified into the following different categories:

Crimes Against Persons:

 Harassment via E-Mails: Harassment through sending letters, attachments of files & folders i.e. via e-
mails. At present harassment is common as usage of social sites i.e. Orkut, hangout, zapak, Facebook,
Twitter etc. increasing day by day.

2 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 Cracking: It is amongst the gravest cyber crimes known till date. In this a cyber criminal broke into your
computer systems without your knowledge and consent and Tampere with your precious confidential data
and information.
 Cyber-Stalking: It means expressed or implied a physical threat that creates fear through the use to
computer technology such as internet, e-mail, phones, text messages, webcam, websites or videos.
 Hacking: It means unauthorized control/access over computer system and act of hacking completely
destroys the whole data as well as computer program. Hackers usually hacks telecommunication and mobile
network.
 Dissemination of Obscene Material: It includes Indecent exposure/ Pornography (basically child
pornography), hosting of web site containing these prohibited materials. These obscene matters may cause
harm to the mind of the adolescent and tend to deprave or corrupt their mind. This can create a huge blunder
in the society.
 SMS Spoofing: Spoofing is a blocking through spam which means the unwanted uninvited messages. Here
a offender steals identity of another in the form of mobile phone number and sending SMS via internet and
receiver gets the SMS from the mobile phone number of the victim.
 Assault by Threat: it refers to threatening a person with fear for their lives or lives of their families through
the use of a computer network i.e. E-mail, videos or phones.
 Page jacking: when a user, click on a certain link and an unexpected website gets opened through that link
then the ser is said to be ‘pagejacked’. This happens when someone steals part of a real website and uses it
in a fake site. If they use enough of the real site, Internet search engines can be tricked into listing the fake
site and people will visit it accidentally. Unfortunately one cannot prevent page jacking but only can deal
with it.
 Advance fee scams: An advance fee scam is fairly easy to identify as you will be asked for money or goods
upfront in return for giving you credit or money later. These advance fee scams can seem convincing and
have taken in many people.
 Defamation: It is an act of imputing any person with intent to lower down the dignity of the person by
hacking his mail account and sending some mails with using vulgar language to unknown persons mail
account.
 E-Mail Spoofing: A spoofed e-mail may be said to be one, which misrepresents its origin. It shows it’s
origin to be different from which actually it originates.
 Child Pornography: It involves the use of computer networks to create, distribute, or access materials that
sexually exploit underage children.
 Carding: It means false ATM cards i.e. Debit and Credit cards used by criminals for their monetary
benefits through withdrawing money from the victim’s bank account mala-fidely. There is always
unauthorized use of ATM cards in this type of cyber crimes.
 Cheating & Fraud: It means the person who is doing the act of cybercrime i.e. stealing password and data
storage has done it with having guilty mind which leads to fraud and cheating.

Crimes Against Persons Property:

 As a result of rapid growth in the international trade where businesses and consumers are increasingly using
computers to create, transmit and to store information in the electronic form instead of traditional paper
documents there are some of the offenses which affect person’s property:
 Intellectual Property Crimes: Any unlawful act by which the owner is deprived completely or partially of
his rights is an offense. The common form of IPR violation may be said to be software piracy, infringement
of copyright, trademark, patents, designs and service mark violation, theft of computer source code, etc.

3 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 Cybersquatting: It means where two persons claim for the same Domain Name either by claiming that they
had registered the name first on by right of using it before the other or using something similar to that
previously. For example two similar names i.e. www.yahoo.comand www.yaahoo.com.
 Cyber Vandalism: Vandalism means deliberately destroying or damaging property of another. Hence cyber
vandalism means destroying or damaging the data when a network service is stopped or disrupted. It may
include within its purview any kind of physical harm done to the computer of any person. These acts may
take the form of the theft of a computer, some part of a computer or a peripheral attached to the computer.
 Hacking Computer System: Due to the hacking activity there will be loss of data as well as computer.
Also research especially indicates that those attacks were not mainly intended for financial gain too and to
diminish the reputation of particular person or company.
 Transmitting Virus: Viruses are programs that attach themselves to a computer or a file and then circulate
themselves to other files and to other computers on a network. They usually affect the data on a computer,
either by altering or deleting it. Worm attacks plays major role in affecting the computerize system of the
individuals.
 Cyber Trespass: It means to access someone’s computer without the right authorization of the owner and
does not disturb, alter, misuse, or damage data or system by using wireless internet connection.
 Internet Time Thefts: Basically, Internet time theft comes under hacking. It is the use by an unauthorized
person, of the Internet hours paid for by another person. The person who gets access to someone else’s IP
user ID and password, either by hacking or by gaining access to it by illegal means, uses it to access the
Internet without the other person’s knowledge. You can identify time theft if your Internet time has to be
recharged often, despite infrequent usage.

Cyber Crimes Against Government:

 There are certain offenses done by group of persons intending to threaten the international governments by
using internet facilities:
 Cyber Terrorism: Cyber terrorism is a major burning issue in the domestic as well as global concern. The
common form of these terrorist attacks on the Internet is by distributed denial of service attacks, hate
websites and hate e-mails, attacks on sensitive computer networks etc. Cyber terrorism activities endanger
the sovereignty and integrity of the nation.
 Cyber Warfare: It refers to politically motivated hacking to conduct sabotage and espionage. It is a form of
information warfare sometimes seen as analogous to conventional warfare although this analogy is
controversial for both its accuracy and its political motivation.
 Distribution of pirated software: It means distributing pirated software from one computer to another
intending to destroy the data and official records of the government.-25
 Possession of Unauthorized Information: It is very easy to access any information by the terrorists with the
aid of internet and to possess that information for political, religious, social, ideological objectives.

 Cybercrimes Against Society at large:

 An unlawful act done with the intention of causing harm to the cyberspace will affect large number of
persons:
 Child Pornography: It involves the use of computer networks to create, distribute, or access materials that
sexually exploit underage children. It also includes activities concerning indecent exposure and obscenity.
 Cyber Trafficking: It may be trafficking in drugs, human beings, arms weapons etc. which affects large
number of persons. Trafficking in the cyberspace is also a gravest crime.
 Online Gambling: Online fraud and cheating is one of the most lucrative businesses that are growing today
in the cyberspace. There are many cases that have come to light are those pertaining to credit card crimes,
contractual crimes, offering jobs, etc. [3]

4 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 Financial Crimes: This type of offence is common as there is rapid growth in the users of networking sites
and phone networking where culprit will try to attack by sending bogus mails or messages through internet.
Ex: Using credit cards by obtaining password illegally. [4]
 Forgery: It means to deceive large number of persons by sending threatening mails as online business
transactions are becoming the habitual need of today’s life style.

Offenses UNDER THE IT ACT, 2000

 Tampering with computer source documents:

o Section 65 of this Act provides that Whoever knowingly or intentionally conceals, destroys or alters
or intentionally or knowingly causes another to conceal, destroy or alter any computer source code
used for a computer, computer Programme, computer system or computer network, when the
computer source code is required to be kept or maintained by law for the being time in force, shall be
punishable with imprisonment up to three year, or with fine which may extend up to two lakh
rupees, or with both.
o The object of the section is to protect the “intellectual property” invested in the computer. It is an
attempt to protect the computer source documents (codes) beyond what is available under
the Copyright Law.

 Hacking with the computer system:

o Section 66 provides that- (1) Whoever with the intent to cause or knowing that he is likely to cause
wrongful loss or damage to the public or any person destroys or deletes or alters any information
residing in a computer resource or diminishes its value or utility or affects it injuriously by any
means, commits hacking.
o (2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine
which may extend up to two lakh rupees, or with both.

 Publishing of obscene information in electronic form:

o Section 67 of this Act provides that Whoever publishes or transmits or causes to be published in the
electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is
such as to tend to deprave and corrupt persons who are likely, having regard to all relevant
circumstance, to read see or hear the matter contained or embodied in it, shall be punished on first
conviction with imprisonment of either description for a term which may extend to five years and
with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction
with imprisonment of either description for a term which may extend to ten years and also with fine
which may extend to two lakh rupees.

 Power of Controller to give directions:

o Section 68 of this Act provides that (1) The Controller may, by order, direct a Certifying Authority
or any employee of such Authority to take such measures or cease carrying on such activities as
specified in the order if those are necessary to ensure compliance with the provisions of this Act,
rules or any regulations made thereunder.
o (2) Any person who fails to comply with any order under sub-section (1) shall be guilty of an offense
and shall be liable on conviction to imprisonment for a term not exceeding three years or to a fine
not exceeding two lakh rupees or to both

5 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 Directions of Controller to a subscriber to extend facilities to decrypt information:
o Section 69 provides that- (1) If the Controller is satisfied that it is necessary or expedient so to do
in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with
foreign States or public order or for preventing incitement to the commission of any cognizable
offense; for reasons to be recorded in writing, by order, direct any agency of the Government to
intercept any information transmitted through any computer resource

 Protected System:
o Section 70 of this Act provides that –
o The appropriate Government may, by notification in the Official Gazette, declare that any computer,
computer system or computer network to be a protected system.
o The appropriate Government may, by order in writing, authorize the persons who are authorized to
access protected systems notified under sub-section (1).
o (3) Any person who secures access or attempts to secure access to a protected system in
contravention of the provision of this section shall be punished with imprisonment of either
description for a term which may extend to ten years and shall also be liable to fine.

 Penalty for misrepresentation:

o Section 71 provides that- (1) Whoever makes any misrepresentation to, or suppresses any material
fact from, the Controller or the Certifying Authority for obtaining any license or Digital Signature
Certificate, as the case may be, shall be punished with imprisonment for a term which may extend to
two years, or which fine which may extend to one lakh rupees, or with both.

 Penalty for breach of confidentiality and privacy:

o Section 72 provides that- Save as otherwise provide in this Act or any other law for the time being in
force, any person who, in pursuance of any of the powers conferred under this Act, rules or
regulation made thereunder, has secured assess to any electronic record, book, register,
correspondence, information, document or other material without the consent of the person
concerned discloses such material to any other person shall be punished with imprisonment for a
term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

 Penalty for publishing Digital Signature Certificate false in certain particulars:

o Section 73 provides that – (1) No person shall publish a Digital Signature Certificate or otherwise
make it available to any other person with the knowledge that-
 The Certifying Authority listed in the certificate has not issued it; or
(b) The subscriber listed in the certificate has not accepted it; or
(c) The certificate has been revoked or suspended unless such publication is for the purpose
of verifying a digital signature created prior to such suspension or revocation.
 Any person who contravenes the provisions of sub-section (1) shall be punished with
imprisonment for a term which may extend to two years, or with fine which may extend to
one lakh rupees, or with both.

 Publication for fraudulent purpose:

o Section 74 provides that- Whoever knowingly creates, publishes or otherwise makes available a
Digital Signature Certificate for any fraudulent or unlawful purpose shall be punished with
imprisonment for a term which may extend to two years, or with fine which extends to one lakh
rupees, or with both.

Characteristics of Cyber Crime

6 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 The Concept of cyber crime is very different from the traditional crime. Also due to the growth of Internet
Technology, this crime has gained serious and unfettered attention as compared to the traditional crime. So
it is necessary to examine the peculiar characteristics of cyber crime.

 People with specialized knowledge

o Cyber crimes can only be committed through the technology, thus to commit this kind of crime one
has to be very skilled in internet and computers and internet to commit such a crime.
o The people who have committed cyber crime are well educated and have deep understanding of the
usability of internet, and that’s made work of police machinery very difficult to tackle the
perpetrators of cyber crime.

 Geographical challenges
o In cyberspace the geographical boundaries reduced to zero. A cyber criminal in no time sitting in
any part of the world commit crime in other corner of world. For example a hacker sitting in India
hack in the system placed in United States.

 Virtual World
o The act of cyber crime takes place in the cyber space and the criminal who is committing this act is
physically outside the cyber space. Every activity of the criminal while committing that crime is
done over the virtual world.

 Collection of Evidence
o It is very difficult to collect evidence of cyber crime and prove them in court of law due to the nature
of cyber crime. The criminal in cyber crime invoke jurisdiction of several countries while
committing the cyber crime and at the same time he is sitting some place safe where he is not
traceable.
 Magnitude of crime unimaginable
o The cyber crime has the potential of causing injury and loss of life to an extent which cannot be
imagined. The offences like cyber terrorism, cyber pornography etc. has wide reach and it can
destroy the websites, steal data of the companies in no time.

Evidentiary Value Of Electronic Records

 The Indian Evidence Act, 1872 (Sec. 3) defines evidence as to oral or documentary. Oral evidence can be
said the statements which are made by witnesses before the Hon’ble court and Documentary evidence is one
which is produced before the court for its inspection which includes electronic records
 The Indian Evidence Act Section 65 specifies the admissibility of secondary evidence in particular cases.
Section 65B specifies the procedure of proving the contents of electronic records which have been laid
down under Section 65B.
 Admissibility of electronic records mentioned as per Section 65B of Indian Evidence Act specifies that the
printed any information of electronic records on a paper, or created a copy of that record on any optical or
magnetic media shall also be deemed to be secondary evidence document if it satisfies the conditions
mentioned under section 65B and original source of that information i.e. electronic device shall also be
admissible without any further proof in any proceeding of the court of law.
 Essentially elements of the electronic evidence as per the Indian Evidence Act are as follows:

1. Such produced information of electronic records should be produced by the person having legally
authorized to have control over that electronic device.

7 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 2. That storage of information must take place during the day to day general course of the act of that
person.
3. That stored information has been stored on that electronic device during the day to day general course of
action of that person.
4. While storing or copying of that material information, the said electronic device must be in a functioning
state, to avoid any possible negative impact on its operation or distort the accuracy & authenticity of its
material contents.
5. Any kind of storage or copying or making counterpart of the information required for the production in
the court of law as electronic evidence should be free from any kind of distortion or manual edit or
manipulation, it must be the authentic and trustworthy information, which may get admitted as evidence
in the court of law.

Different types of electronic records

 Evidence in the form of as DVD, CD, Hard-Drive, chip, Memory Chip, Pen Drive:
o Above electronic records are admissible as primary as well as secondary evidence. The value
evidence depends on how and in what manner the electronic records have been submitted to the
court i.e. if these electronic records are submitted as it is then those have more value without any
doubt but if you want to submit their copied version on other similar or different device then you
have to comply with the conditions precedent under Sec. 65b of the Indian Evidence Act and get the
certificate for its admission in the court.

 Audio and Video Recordings:

o These electronic records are admissible if they are submitted in original i.e. original audio or video
recordings are the valid and authentic source of electronic evidence and not the copied version.
o Their copied version records on other similar or different device have to comply with the conditions
precedent under Sec 65B of the Indian Evidence Act and get the certificate for its admission in the
court.

 Evidence generated through mobile phone in the form of media, calls and email:
o Email: It is recognized as a valid and authentic source of evidence. Generally, e-mails are submitted
through print outs attached with the certification of u/s 65B of the Indian Evidence Act.
o Media and calls generated through mobile phone: Nowadays, Mobile phones are very useful
electronic device and very resourceful. It helps from tracing location, capturing videos & pictures,
recording calls to many other electronic resources which aids the judicial and investigating system to
get valuable evidence.
o Mobile phone’s electronic records are admissible if they are submitted in original i.e. mobile itself
which contains the primary source of media and calls.
o Their copied version records on other similar or different device have to comply with the conditions
precedent under sec. 65B of Indian Evidence Act and get the certificate for its admission in the
court.

Cyber Appellate Tribunal

 Section 48 explains how the Cyber Appellant Tribunal will be established. The central government will
issue a notification establishing one or more appellant tribunals.
 The Central Government also lists all of the subjects and locations that come under the Tribunal’s
jurisdiction in the announcement.

8 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 Section 49 explains that the Presiding Officer of the Cyber Appellate Tribunal, who will be nominated by
the Central Government, will be the sole member of the Cyber Appellate Tribunal.
 The appellant tribunal has been transformed into a multi-member body. The Tribunal will henceforth be
composed of a Chairperson and as many additional members as the Central Government may designate by
publication in the Official Gazette.
 Section 50 – A person cannot be appointed as the Presiding Officer of a Cyber Appellate Tribunal unless he
or she has the following qualifications:
o Is, or has been, or is qualified to be, a Judge of a High Court; or
o Is or was a member of the Indian Legal Service, and now holds or has held a Grade I position in that
service for at least three years.

Power and procedure of the Cyber Appellant Tribunal (Section 58)

 The Cyber Appellate Tribunal’s method and powers are laid forth in Section 58 of the Information
Technology Act, 2000
 Sub-clause (1) Section 58 states that the Cyber Appellate Tribunal is not bound by the Code of Civil
Procedure, 1908, but rather by the principles of natural justice and that the Cyber Appellate Tribunal,
subject to the other provisions of this Act and any rules, has the authority to regulate its own procedure,
including the location of its hearings.
 Clause (2) Section 58 stipulates that, for the purposes of executing its responsibilities under this Act, the
Cyber Appellate Tribunal shall have the same powers as a civil court under the Code of Civil Procedure,
1908, while trying an action, in respect of the following matters:
o Summoning and enforcing the attendance of any person and examining him on oath;
o Requiring the discovery and production of documents or other electronic records;
o Receiving evidence on affidavits;
o Issuing commissions for the examination of witnesses or documents;
o Reviewing its decisions;
o Dismissing an application for default or deciding it ex parte;
o Any other matter which may be prescribed.

Copyright Issue in Cyberspace

 It is changing our lifestyle and way of doing business from traditional commerce to e-commerce. The
government of India by passing IT (Information Technology) Act 2000 and later amending it on 27th
October 2009 has given stimulus to cyber law.
 But various issues are not specifically covered by the Act, such as copyright, payment issues, media
convergence, cyber squatting and jurisdiction. As the technology creates new opportunities, it also poses
new challenges.
 Copyright is the most complicated area of cyber law and facing its greatest challenge. Copyright law today
protects works such as literary, dramatic and artistic works; cinematography films; sound recording and
computer programs, databases and compilations.
 As per Section 13 and 63 of Indian Copyright Act, 1957, literary works, pictures, sound recordings and
other creative works are Kept safe from getting copied without copyright holder's consent.The question of
how copyright law governs or will govern these material is as they are seen in Internet is still blur.

9 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 According to the Act, in the case of computer program protection is given on the basis of whether the same
is given or hired, or offered for sale or hire, any copy of the computer program,no matter whether such copy
has been sold or given on hire on prior occasions.
 Copyright has an immediate connection to the circle of the internet. The internet is a virtual world, which in
fact exists just in PC memory, yet it is intuitive and beating with life.
 In the internet, one can meet and converse with new individuals, read, distribute, research, hear music, see
video, see craftsmanship, buy and sell things, get to government records, send email, download
programming, and get specialized support.
 The dynamic changes in field of Cyberspace are expanding with all of data utilized on web by entire world.
Our laws have yet to catch up with it.
 The major need for appropriate copyright laws in India in the field of cyberspace is because of the limitation
of the Information Technology Act, 2002, which fails to cover various issues such as copyright, domain
name, cyberspace and jurisdiction.

Investigation of cybercrime
 In India, the Information Technology Act of 2000 specifies the method to be followed in cybercrime
investigations, stating that all entries, searches, and arrests conducted under the Act must comply with the
requirements of the Code of Criminal Procedure, 1973.
 10 In 2000, India took the lead in combating the problem of cybercrime investigation by establishing a
Cybercrime Investigation Cell in Mumbai. Cyber forensics is a rapidly growing field of evidentiary law.
 India is not even a signatory to the Cybercrime Convention, making the investigation and prosecution of
cybercrime in India somewhat ambiguous.

Challenges To Cyber Crime Investigations-

Surveillance and Interception versus Privacy-

 Surveillance and communication interception are critical elements of cybercrime investigations. Law
enforcement surveillance and an interception, on the other hand, is an exception to the right to privacy.
 The right to privacy is a basic human right protected by important international accords, and many nations
have recognized it via law, either expressly or implicitly. The Information Technology Act of 2000 allows
for the interception of any data sent across a computer network.
 Users must surrender encryption keys or risk a seven- year prison term. The Act gives the Certifying
Authorities the authority to order interception if it is necessary or expedient in the interests of India's
sovereignty or integrity.

Search and Seizure Issues-

 The gathering, search, and seizure of evidence in cybercrime investigations are a little more complicated
because electronic data is involved. It also includes the storing of digital data.
 A search warrant is granted in India under Section 93 of the Cr.P.C. which states that a District Magistrate
or a Chief Judicial Magistrate may issue a search warrant based on feasonable reasons as defined by the law.

10 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 To undertake search and seizure activities, search warrants are required. Although there is no special
procedure or advice for obtaining cyber search warrants, a police officer can acquire a conventional search
warrant to look for digital evidence. The following reasons may be used to issue a warrant:
• the Court has cause to suspect that the individual to whom a summons has been issued would fail to
appear.
• if it is unknown who has custody of the document or proof
• if the Court finds it necessary to issue a search warrant in connection with any investigation, trial, or
other action.

Encryption-

 Encryption is the process of converting something into a code or symbols that cannot be deciphered if
intercepted.
 It is the science of transforming readable data into an incomprehensible form, or plain text into ciphertext,
which cannot be read or understood by unauthorized individuals to preserve confidentiality, privacy, and
verify integrity.
 On the one hand, cryptography may be used to preserve fundamental human rights such as privacy and
freedom of expression, as well as offer electronic transactions with integrity, authentication, and secrecy.
 On the other hand, even when the data or equipment has been legitimately taken by investigating authorities,
the data is frequently secured by passwords or cryptography, making it inaccessible.

Anonymity-

 Techniques of anonymization are utilized for both legitimate and criminal purposes. There are genuine
reasons for wishing to stay anonymous online and retain anonymity protection online;
 however, anonymization may often become a big stumbling block, particularly during cybercrime
investigations. During cybercrime investigations, there are a variety of challenges that may arise.

Attribution-

 Another issue that arises during cybercrime investigations is attribution. Attribution is the process of
determining who or what is to blame for a cybercrime.
 This procedure airs to link cybercrime to a specific digital device, its user, and/or those who are accountable
for the crime'sThe use of anonymity-enhancing technologies can make it harder to identify the devices
and/or people who are responsible for crimes.
 The use of malware-infected zombie Computers or digital devices managed by remote access techniques
complicates attribution even further.

Computer Forensics-

 There is a significant backlog in the development of this industry in India. There have been instances where
grave cyber forensics errors have occurred, such as the IP Match Fixing case.
 The absence of effective cyber-crime investigation procedures is demonstrated by the need for -discovery
practices on Bitcoin websites, as evidenced by the recent examples of cyber forensic mistakes in the Aarushi
murder case.

11 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
Issue Of Jurisdiction

Cyber Jurisdiction

 The internet can be seen as a multi jurisdictional because of the ease which a user can access of website
anywhere in the world. It can be even viewed as a jurisdictional in the sense that from the user‘s perspective
that the state and national borders are essentially transparent.
 For courts determining jurisdiction situation is more problematic. The court in Zippo mfg. v. Zippo dot com
inc said that there is a global revolution looming on the horizon and the development of the law in dealing
with the allowable scope of personal jurisdiction based on internet use in its infancy
 The developing law of jurisdiction must addressed whether a particular event in cyber space is controlled by
the law of state or country where the website is located, by the law of the state or the country where the
internet service provider is located.
 A number of commentators have voiced their opinion that cyber space should be treated as separate
jurisdiction. In practice this view has not been supported or addressed by the law makers
 Cyber jurisdictional cases have been dealt with primarily in civil courts. Since the advent of US v. Thomas,
infra and Minnesota v. Granite gate resort,
 Cyber jurisdictions issues have been began to be examined in criminal courts as well.
 Cyber Jurisdiction in Criminal Cases: - the question of cyber jurisdiction came to a forefront of attention of
early 1996 in US. v. Thomas where the sixth circuit upheld the conviction of a couple operating a
pornographic bulletin from their home. The defendant began, operating the amateur computer bulletin broad
system (AABBS) from their home199.

Jurisdiction Issues

Jurisdiction over cyber crime and national laws

Jurisdiction is the power or authority of the court to hear and determine the cause and adjudicate upon the
matter that are litigated before it or the power of the court to take cognizance of the matter brought before it but
when it comes to determine the jurisdiction in context of cyber space it becomes strenuous part of law.

In common parlance Jurisdictions is of two types:

 Subject jurisdiction allows the court to decide cases of a particular category and to check whether the claim
is actionable in the court where the case has been filed.
 Personal jurisdiction allows a court to decide on matters related to citizens or people of its territory, the
person having some connection to that territory, irrespective of where the person is presently located. Every
state exercises the personal jurisdiction over the people within its territory

 The concept of jurisdiction can be understood in a better way with reference to section 15 to 20 of code of
civil procedure (1908) which talks about the place of suing or the subject matter jurisdiction and section 20
of this code specifically speaks about any other category of suit which is not covered in sec 15 to 19 of the
code.
 Jurisdiction is one of the debatable issues in the case of cyber crime due to the very universal nature of the
cyber crime. With the ever-growing arm of the cyber space the territorial concept seems to vanish.
 New Methods dispute resolution should give way to the conventional methods. Thus, the Information
Technology Act, 2000 is silent on these issues.
Though S. 75 provides for extra-territorial operations of this law, but they could be meaningful only when

12 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 backed with provisions recognizing orders and warrants for Information issued by competent authorities
outside their jurisdiction and measure for cooperation‘s for exchange of material and evidence of computers
crimes between law enforcement agencies.

Digital Signature?
 Section 2(1)(p) of the Information Technology Act, 2000 (or the IT Act) defines it as authentication of any
electronic record by a subscriber by means of an electronic method or procedure in accordance with the
provisions of section 3
 Before going into the provisions of section 3, it is pertinent to explain a few basics of cryptography. Public
key cryptography is the method recognized by the IT Act for the safeguarding of computer documents.
 A Digital Signature Certificate essentially contains the public key of the person who holds it, along with
other details such as contact details, and the most important part, that is the digital signature of the
Certifying Authority.
 The main purpose of such a certificate is to show that a trustable authority appointed and regulated by the
Government, has attested the information contained in the Certificate
 The IT Act has provided for Certifying Authorities, who are authorised to issue Digital Signature
Certificates. A Controller of Certifying Authorities is appointed by the Central Government to regulate the
conduct of Certifying Authorities, under Section 17 of the Act.
 Any interested party may apply to the Controller to be appointed as a Certifying Authority. The Controller is
empowered to frame rules to be followed by Certifying Authorities while issuing Digital Signature
Certificates. The Controller also certifies the Digital Signatures of the Certifying Authorities.

1. Generating key pair :

Where any Digital Signature Certificate, the public key of which corresponds to the private key of that
subscriber which is to be listed in the Digital Signature Certificate has been accepted by a subscriber, then, the
subscriber shall generate the key pair by applying the security procedure.

2. Acceptance of Digital Signature Certificate :

 A subscriber shall be deemed to have accepted a Digital Signature Certificate if he publisher or

authorizes the publication of a Digital Signature Certificate-
o To one or more persons;
o In a repository, or otherwise demonstrates his approval of the Digital Signature Certificate in any
manner.
 By accepting a Digital Signature Certificate the subscriber certifies to all who reasonably rely on the
information contained in the Digital Certificate that-
o The subscriber holds the private key corresponding to the public key listed in the Digital
Signature Certificate and is entitled to hold the same;
o All represented made by the subscriber to the Certifying Authority and all material relevant to
the information contained in the Digital Signature Certificate are true;
o All information in the Digital Signature Certificate that is within the knowledge of the subscriber
is true.

3. Control of private key :

13 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 Every subscriber shall exercise reasonable care to retain control of the private key corresponding to the
public key listed in his Digital Signature Certificate and take all steps to prevent its disclosure to a person
not authorized to affix the digital signature of the subscriber.
 If the private key corresponding to the public key listed to the Digital Signature Certificate has been
compromised, then, the subscriber shall communicate the same without any delay to the Certifying
Authority in such manner as may be specified by the regulations.

Legal Response Towards Cyber Pornography Or Obscenity

 Cyber pornography is in simple words defined as the act of using cyberspace to create, display, distribute,
import, or publish pornography or obscene materials.
 With the advent of cyberspace, traditional pornographic content has now been largely replaced by
online/digital pornographic content.
 Cyber pornography is banned in many countries and legalized in some. In India, under the Information
Technology Act, 2000, this is a grey area of the law, where it is not prohibited but not legalized either.
 Under Section 67 of the Information Technology Act, 2000 makes the following acts punishable with
imprisonment upto 3 years and fine upto 5 lakhs:
o Publication- which would include uploading on a website, whats app group or any other digital
portal where third parties can have access to such content.
o Transmission- this includes sending obscene photos or images to any person via email, messaging,
whats app or any other form of digital media.
o Causing to be published or transmitted- this is a very wide terminology which would end up making
the intermediary portal liable, using which the offender has published or transmitted such obscene
content. The Intermediary Guidelines under the Information Technology Act put an onus on the
Intermediary/Service Provider to exercise due diligence to ensure their portal is not being misused.
 Section 67A of the Information Technology Act makes publication, transmission and causing to be
transmitted and published in electronic form any material containing sexually explicit act or conduct ,
punishable with imprisonment upto 5 years and fine upto 10 lakhs.
 An understanding of these provisions makes the following conclusions about the law of cyber pornography
in India extremely clear:

o Viewing Cyber pornography is legal in India. Merely downloading and viewing such content does
not amount to an offence.
o Publication of pornographic content online is illegal.
o Storing Cyber pornographic content is not an offence.
o Transmitting cyber pornography via instant messaging, emails or any other mode of digital
transmission is an offence.

Cyber Obscenity As A Crime

 Cyber obscenity is a trading of sexually expressive materials within cyber space. Legally cyber obscenity is
also termed as ‘pornography’.
 According to the honourable Supreme court of India- “ Obscenity has a tendency to deprave and corrupt
those, whose minds are open to such immoral influence”. Cyber obscenity can be committed through
literary, artistic, music, etc.
 Certain legislations prescribe obscenity as an offence, such as Indian Penal Code,1860, Information
Technology Act,2000 and several others.

14 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 But none of them defines obscenity; they just describe the meaning of obscenity as anything that is
lascivious or appeals to the prurient interest or if its effect is to deprave and corrupt persons would be
considered to be obscene.

Pornograph And Obscenity

As we know pornography is synonym of obscenity, it is a threat to netizens. It includes pornographic magazines

produced using the internet and the internet transmit pornographic pictures, videos, writing, etc.

Child Pornography

 It is a form of child sexual exploitation. It is defined as a visual depiction, including any photograph, film,
video, whether made or produced by electronic means, of sexually explicit conduct where it includes minors
engaging in sexually explicit conduct.
 Section 67B of IT Act,2008 deals with the punishment for publishing or transmitting material depicting
children to be engaged in sexually explicit acts or conduct.

CYBER OBSCENITY IN INDIA

 As we know cyber crime is increasing dreadfully in India and according to Indian courts ‘common law
approach of dispute resolution has been adopted. Various cases were filed in India in recent time which are
related to cyber obscenity.
 For eg. “BOYS LOCKER ROOM” case in which the accused used to have indecent conversation in the
group and had shared obscene pictures of girls.
 Similarly, there is a group named “GIRLS LOCKER ROOM” where girls have been accused of similar
obscene comments and conversations.
 Sections related to obscenity under India Penal Code,1860
o Section 292 states that whoever sells, lets to hire, imports or exports any obscene object or whoever
takes part in such business or advertisement of any such object, etc shall be punished with
imprisonment and fine.
o Section 293 states that whoever sells, lets to hire, distributes, exhibit or circulate to any person under
the age of 20 years, any such obscene object, shall be punished with imprisonment.
o Section 294 states that whoever does any obscene act in any public place or sings, recites or utters
any obscene song, near a public place , shall be punished.
 Under Indian Constitution
o The freedom of expression guaranteed under Article 19(1) (a) is subject to some reasonable state
restrictions in the interest of decency or morality. So, it is clear from this Article that no one can do
anything in lieu of their fundamental right guaranteed under Article 19 of Indian constitution.
Though the people of India have fundamental right to Freedom of Speech and Expression, they
cannot blindly do any act which is likely to cause obscenity.
 Information Technology Act,2000
o Cyber law also provide some relief to cyber obscenity or pornography. Section67 of the act lays
down that obscenity is an offence when it is published or transmitted or caused to be published in
any electronic form.
 The Indecent Representation of Women Act,1986.
o Sec 2(c) of the act defines indecent representation of women. This act also prohibits publication,
sale, etc containing indecent representation of women and publication or sending by post or figuring
in any form containing indecent representation of women.
o Sec 6 describes the punishment for contravention of any of the provision of this act.

15 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 Young Person’s Act,1956
o Section 3 of the act, states that if any person advertises of harmful publication, shall be punishable
with imprisonment.
 POCSO Act, 2012
o Protection of Children from Sexual Offences Act, 2012 POCSO Act27 is the main legislation that
deals with child sexual abuse in general which includes offences of sexual assault, sexual harassment
and pornography.
o Chapter III specifically makes the use of a child in any form of media for the purpose of sexual
gratification an offence. The Act covers the offences of preparation, production, offering,
transmitting, publishing, facilitation and distribution of the pornographic material.

Freedom Of Speech and privacy In Cyberspace

 In plentiful judgments, the apex court has decided on the matters relating to the voices of heard and unheard
now in the contemporary times the point at issue if these rights and restrictions avail to cyberspace.
 Shreya Singhal v. union of India[2], the court struck down the criminalizing provision under section 66a of
the IT Act 2000.
 This being the first-ever step towards the freedom of expression in the world of cyber. Internet is the
nourishment for the growing cyber web.
 At present, cyberspace is also a platform for current affairs and issues all over the globe. Everyone can
access it and will be allowed to have an opinion and share it with rest of the world.
 In India, it is relatively a new concept though in the case of PUCL v. union of India[3], the right to speech
and expression is guaranteed to all kinds of speeches by word, by pictures by or in any other manner.
 A petitioner named Faheema Shirin RK moved the court regarding the restrictions of using mobile phones
in the UG hostel in which the outcome came to be access to the internet is the vital part of the education and
part of Article 21 this was the first case where the legal status for the use of Cybernet was also a part of
fundamental right for Indians. It was in the first amendment the reasonable restrictions for Article 19(1)(a)
were imposed.
 India is the host and the biggest platform of data outsourcing.It needs an effective and well formulated way
of dealing with these crimes. Unlike many other countries like EU, India does not have any separate law
which exclusively deals with the data protection. However, the courts on many cases have interpreted "data
protection" within the limits of "Right to Privacy" as implicit in Article 19 and 21 of the Constitution of
India.
 Apart from this, the laws which are presently dealing with the subject of data protection are "The Indian
Contracts Act" and "The Information Technology Act". Some of the Indian laws are listed below
 Article 19 of the Indian constitution states that: All citizens
shall have the right —
1. to freedom of speech and expression;
2. to assemble peaceably and without arms;
3. to form associations or unions;
4. to move freely throughout the territory of India;
5. to reside and settle in any part of the territory of India; and
6. to practice any profession, or to carry on any occupation, trade or business

16 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 Freedom of speech is restricted by the National Security Act of 1980 and in the past, by the Prevention of
Terrorism Ordinance (POTO) of 2001, the Terrorist and Disruptive Activities (Prevention) Act (TADA)
from 1985 to 1995, and similar measures.
 Freedom of speech is also restricted by Section 124A of the Indian Penal Code, 1860 which deals with
sedition and makes any speech or expression which brings contempt towards government punishable by
imprisonment extending from three years to life

Section 43A- ITAA The IT (Amendment) Act, 2008 (ITAA 2008) explicitly provides that "Where a body
corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource
which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices
and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be
liable to pay damages by way of compensation to the person so affected".
Section 72A. Punishment for Disclosure of information in breach of lawful contract that "Punishment for
disclosure of information in breach of lawful contract. -Save as otherwise provided in this Act or any other law
for the time being in force, any person including an intermediary who, while providing services under the terms
of lawful contract, has secured access to any material containing personal information about another person,
with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without
the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall
be punished with imprisonment for a term which may extend to three years, or with fine which may extend to
five lakh rupees, or with both". Both the above sections don‘t deal with data privacy and security directly.
Section 69A can deny public access to any information through any device. By this rule, Government can
interfere with the privacy of data in certain conditions to maintain the integrity of India, defense of India,
security of the State, friendly relations with foreign States or public order or for preventing incitement to the
commission of any cognizable offence relating to above or for investigation of any offence, it may by order,
direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or
monitored or decrypted any information generated, transmitted, received or stored in any computer resource.

Cyber Terrorism In India

 According to the National Association of Software and Services Companies (NASSCOM), India is one of
the most susceptible nations in the world when it comes to cyber-attacks (Cyber Security in India.
 Opportunities for Dutch Companies, 2018). The reason behind this vulnerability is the wide use of
cyberspace for daily life. In India, telecommunication, business, administration, banking etc are already
highly network-dependent and at the same time, they are not protected by proper measures.
 Hence it is easy to do cyber terrorism in India. While dealing with cyber terrorism in India we can see both
national and international level of terrorism. By different cybercrimes, the terrorists both internal and
external attack the cyberspace of India.

Hate Propaganda

 Hate propaganda is one of the most popular cybercrimes in India which threats to internal and external
security. Even though the false or hate propaganda is prohibited by the sections 153(A) & 295(A) of Indian
Penal Code and 66(a) of IT Act many people are circulating wrong matter by using the loophole of the right
to expression.

17 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 In India, the crime of hate propaganda is very much used by the religious fanatic groups to disturb other
religious community.
 Most of the propaganda is circulating on the platform of social media. Sometimes this leads to communal
violence. Some terrorist groups also use the same strategy to make a disturbance in secular India

Virus Attack and Hacking

 The hackers try to disturb the nation and individual by attacking the virtual world around them but it affects
the real world.
 They attack government and private websites to miss guide the people or to demand ransom or to steal data.
The hackers are able to attack the whole government-related websites, especially which are related to
national security.
 For example, recently the hackers attacked the Koodamkulam nuclear project. This shows the seriousness of
the problem.

False Propaganda and Brainwashing Young People

 False Motivation and recruitment are usually happening through social media. Many terrorist groups
motivate people through social media by spreading their strategies and policies.
 They are aiming at recruitment too.Social media has been integral to the terrorist organisation's rise. It
enables militants to raise its prestige among terror groups, overtake older jihadist competitors, coordinate
with troops, and - most importantly - recruit fresh, young blood

Data Manipulation and Identity Theft

 Data and Identity theft are very much in India. Online identity theft is a serious crime, often planned for
obtaining the personal or financial data of another person.
 The obtained data is then used for personal gain. Identity theft is referred to as the offence of the new
millennium. Identity theft is the theft and use of someone‘s personal information primarily for monetary
gain.

Undermining Right to Privacy

 This online crime is usually happening against women and children. Online sexual harassment, cyber
stalking, cyber pornography, child pornography (uploading sexual content videos and images and watching
it), cyber defamation, morphing etc. come under this crime.
 According to the report of NCRB, there are more than 3000 cases were reported in 2018 (Crime in India
2018, 2019). Most of the cases are happening due to the obsession for love, hate and revenge, ego etc.

Government Initiatives To Prevent Cyber Terrorism In India

 IT Act 2000 and its Amendment in 2008

o The first step in India to deal with cyber-terrorism was the IT Act 2000. It clearly explains the
regulations in the use of cyberspace. Later it was amended in 2008 according to the need of the time.
o The amendment deals with the issues which were missed by the original act. IT act 2000, Chapters
IX and XI, especially sections 64 to 67C of Chapter XI deal with the different cyber offences and its

18 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 punishment. Sections 68 to 78 deal with the different agencies and their powers to regulate and
investigate the cyberspace
 Central Monitoring System
o Central Monitoring System (CMS) is the centralized telephone interception provisioning system in
India. It was installed by the central government for the advance of telematics and it is operated by
the telecom enforcement resource and monitoring cells.
o This is aiming to monitor and intercept the telecommunication such as mobile phones, landlines and
internet (―Government Setting up Centralised Monitoring System for Lawful Interception,‖ 2016).
The first spark to start CMS was the Mumbai terrorist attack in 2008.
 National Cyber Coordination Centre
o National cyber coordination centre (NCCC) is an e-surveillance and cyber security project of
Government of India which incorporates cybercrime counteraction strategy, cybercrime
investigation training, review of obsolete laws, etc.
o The aim of this is to assist the nation in dealing with problematic cyber-activities by acting as an
Internet traffic monitoring entity that can forestall local or worldwide cyber violations. It is to handle
cyber- threats and national security issues in coordination with the country's intelligence agencies.
 National Crime Records Bureau
o National Crime Records Bureau (NCRB) provides the statistical data of the crime happening in India
every year. This is known as ̳Crime in India‘. This is very much helpful to the investigation agency
and policymakers.
o This data is collected from the different cases reported in the different states and union territories.
This data helps to understand the growth of the crime and helps the related agency to concentrate on
a special area
 Online Cyber Crime Reporting Portal
o Online cybercrime reporting portal is an initiative of the Ministry of Home Affairs. It helps the
victims/complainants to report cybercrime complaints online.
o This portal takes into account the complaints related to cybercrimes and with special reference to
cybercrimes against women and children.

Suggestions To Combat Cyber Terrorism

1. Create proper awareness to the public about the security issues in cyberspace and ask them to
strengthen their cyberspace with security features such as strong antivirus software, use of the official version of
the software, avoidance of popup messages and websites, proper updating of password etc.
2. The government and concerned agencies should promote ethical hackers. Ethical hackers can find out the
loopholes in the system and software and they can suggest prevention too.
3. Modification of the existing rules related to the cyberspace is mandatory. Rules and regulations should be
updated according to the development of technology.
4. Unified and strong international rules and regulations will help to decrease the spread of cyber
terrorism. At present, there is no unified law at international level. Cyber laws in one nation are differing from
others. This helps the culprits to escape from the punishments.
5. Control over social media is necessary to prevent cyber terrorism. At present, the government is trying to
implement some regulations over the use of social media. By this, we can prevent fake accounts, false
propaganda, online harassment etc.

19 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
Shreya Singhal V Union of India

 Supreme Court in a landmark judgment struck down section 66A of the Information Technology Act, 2000
which provided provisions for the arrest of those who posted allegedly offensive content on the internet
upholding freedom of expression.
 Section 66A defines the punishment for sending “offensive” messages through a computer or any other
communication device like a mobile phone or tablet and a conviction of it can fetch a maximum three years
of jail and a fine.
 The Court has provided the jurisprudence of free speech with an enhanced and rare clarity. Various
provisions of IPC and Sections 66B and 67C of the IT Act are good enough to deal with all these crimes and
it is incorrect to say that Section 66A has given rise to new forms of crimes.
 The landmark case of Shreya Singhal v Union of India (2015) is a landmark case that plays a very
important role in the Indian legal system.
 The case revolves around the fundamental right of freedom of speech and expression under Article 19(1)(a)
of the Constitution of India, which challenged the constitutional validity of section 66A and led to the struck
down of section 66A of the Information Technology Act 2000 Section 66A is the punishment for sending
offensive messages through communication services, etc.
 It says that- Any person who sends, by means of a computer resource or a communication device,-
(a) any information that is grossly offensive or has menacing character; or
(b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience,
danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making
use of such computer resource or a communication device,
(c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or
to deceive or to mislead the addressee or recipient about the origin of such messages,
shall be punishable with imprisonment for a term which may extend to three years and with fine.
 For the purpose of this section, terms “electronic mail” and “electronic mail message” means a message or
information created or transmitted or received on a computer, computer system, computer resource or
communication device including attachments in text, images, audio, video and any other electronic record,
which may be transmitted with the message.

facts of the case

 Two girls-Shaheen Dhada and Rinu Srinivasan, were arrested by the Mumbai police in 2012 for expressing
their displeasure at a bandh called in the wake of Shiv Sena chief Bal Thackery’s death.
 The women posted their comments on the Facebook. The arrested women were released later on and it was
decided to close the criminal cases against them yet the arrests attracted widespread public protest.
 It was felt that the police has misused its power by invoking Section 66A inter alia contending that it
violates the freedom of speech and expression
 The verdict in Shreya Singhal is immensely important in the Supreme Court’s history for many reasons. In a
rare instance, Supreme Court has adopted the extreme step of declaring a censorship law passed by
Parliament as altogether illegitimate.
 The Judgment has increased the scope of the right available to us to express ourselves freely, and the limited
space given to the state in restraining this freedom in only the most exceptional of circumstances.

20 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 Justice Nariman has highlighted, the liberty of thought and expression is not merely an aspirational ideal. It
is also “a cardinal value that is of paramount significance under our constitutional scheme.”
 The Supreme Court agreed with the petitioners that none of the grounds contained in Section 19(2) were
capable of being invoked as legitimate defences to the validity of Section 66A of the IT Act.
 “Any law seeking to impose a restriction on the freedom of speech can only pass muster,” wrote Justice
Nariman, “if it is proximately related to any of the eight subject matters set out in Article 19(2).”
 There were two tests that were put to the Section 66A- clear and present danger and the probability of
inciting hatred. Section 66A has failed those tests because the posts that people were jailed for did not incite
public hatred or disrupted law and order.

5 MARKS

EMAIL SPOOFING

 Email spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came
from a person or entity they either know or can trust.
 In spoofing attacks, the sender forges email headers so that client software displays the fraudulent sender
address, which most users take at face value.
 Unless they inspect the header more closely, users see the forged sender in a message. If it’s a name they
recognize, they’re more likely to trust it.
 So they’ll click malicious links, open malware attachments, send sensitive data and even wire corporate
funds.
 The goal of email spoofing is to trick users into believing the email is from someone they know or can
trust—in most cases, a colleague, vendor or brand. Exploiting that trust, the attacker asks the recipient to
divulge information or take some other action.
 As an example of email spoofing, an attacker might create an email that looks like it comes from PayPal.
 The message tells the user that their account will be suspended if they don’t click a link, authenticate into
the site and change the account’s password.
 If the user is successfully tricked and types in credentials, the attacker now has credentials to authenticate
into the targeted user’s PayPal account, potentially stealing money from the user.

Hacking—Definition, Types

 A commonly used hacking definition is the act of compromising digital devices and networks through
unauthorized access to an account or computer system.
 Hacking is not always a malicious act, but it is most commonly associated with illegal activity and data theft
by cyber criminals.
 Hacking refers to the misuse of devices like computers, smartphones, tablets, and networks to cause damage
to or corrupt systems, gather information on users, steal data and documents, or disrupt data-related activity.

 There are typically four key drivers that lead to bad actors hacking websites or systems:

o financial gain through the theft of credit card details or by defrauding financial services,

o corporate espionage,

21 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 o to gain notoriety or respect for their hacking talents, and

o state-sponsored hacking that aims to steal business information and national intelligence.

 On top of that, there are politically motivated hackers—or hacktivists—who aim to raise public attention by
leaking sensitive information, such as Anonymous, LulzSec, and WikiLeaks.

 A few of the most common types of hackers that carry out these activities involve:

Black Hat Hackers

 Black hat hackers are the "bad guys" of the hacking scene.

 They go out of their way to discover vulnerabilities in computer systems and software to exploit them for
financial gain or for more malicious purposes, such as to gain reputation, carry out corporate espionage, or
as part of a nation-state hacking campaign.

 These individuals’ actions can inflict serious damage on both computer users and the organizations they
work for.

 They can steal sensitive personal information, compromise computer and financial systems, and alter or take
down the functionality of websites and critical networks.

White Hat Hackers

 White hat hackers can be seen as the “good guys” who attempt to prevent the success of black hat hackers
through proactive hacking.

 They use their technical skills to break into systems to assess and test the level of network security, also
known as ethical hacking.

 This helps expose vulnerabilities in systems before black hat hackers can detect and exploit them.

 The techniques white hat hackers use are similar to or even identical to those of black hat hackers, but these
individuals are hired by organizations to test and discover potential holes in their security defenses.

Grey Hat Hackers

 Grey hat hackers sit somewhere between the good and the bad guys.
 Unlike black hat hackers, they attempt to violate standards and principles but without intending to do
harm or gain financially.
 Their actions are typically carried out for the common good.
 For example, they may exploit a vulnerability to raise awareness that it exists, but unlike white hat
hackers, they do so publicly. This alerts malicious actors to the existence of the vulnerability.

22 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
Common types of Trojan malware,
 Here’s a look at some of the most common types of Trojan malware, including their names and what they
do on your computer:
Backdoor Trojan
 This Trojan can create a “backdoor” on your computer. It lets an attacker access your computer and control
it. Your data can be downloaded by a third party and stolen. Or more malware can be uploaded to your
device.
Distributed Denial of Service (DDoS) attack Trojan
 This Trojan performs DDoS attacks. The idea is to take down a network by flooding it with traffic. That
traffic comes from your infected computer and others.
Downloader Trojan
 This Trojan targets your already-infected computer. It downloads and installs new versions of malicious
programs. These can include Trojans and adware.
Fake AV Trojan
 This Trojan behaves like antivirus software, but demands money from you to detect and remove threats,
whether they’re real or fake.
Game-thief Trojan
 The losers here may be online gamers. This Trojan seeks to steal their account information.
Infostealer Trojan
 As it sounds, this Trojan is after data on your infected computer.
Mailfinder Trojan
 This Trojan seeks to steal the email addresses you’ve accumulated on your device.
Ransom Trojan
 This Trojan seeks a ransom to undo damage it has done to your computer. This can include blocking your
data or impairing your computer’s performance.
Remote Access Trojan
 This Trojan can give an attacker full control over your computer via a remote network connection. Its uses
include stealing your information or spying on you.
Rootkit Trojan
 A rootkit aims to hide or obscure an object on your infected computer. The idea? To extend the time a
malicious program runs on your device.
SMS Trojan
 This type of Trojan infects your mobile device and can send and intercept text messages. Texts to premium-
rate numbers can drive up your phone costs.
23 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P
LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
Trojan banker
 This Trojan takes aim at your financial accounts. It’s designed to steal your account information for all the
things you do online. That includes banking, credit card, and bill pay data.
Trojan IM
 This Trojan targets instant messaging. It steals your logins and passwords on IM platforms.
 That’s just a sample. There are a lot more.

Intermediary Liability under the Information Technology Act, 2000

 An ‘intermediary’ has been defined in Section 2(w) of the Act as “any person who on behalf of another
person receives, stores or transmits that record or provides any service with respect to that record and
includes telecom service providers, web-housing service providers, search engines, online payment sites,
online auction sites, online market places and cyber cafes”.
 Section 79 of the Act is a ‘safe harbour’ provision which grants conditional immunity to intermediaries from
liability for third party acts.
 Section 79(1) of the Act grants intermediaries a conditional immunity with regard to any third party
information, data or communication link made available or hosted by them.
 This immunity is subject to section 79 (2) and 79 (3) of the Act.
 Section 79(2) essentially covers cases where the activity undertaken by the intermediary is of a technical,
automatic and passive nature.
 Thus, for section 79(2) to be applicable, intermediaries are to have neither knowledge nor control over the
information which is transmitted or stored.
 Furthermore, Section 79(3)(b) envisages a ‘notice and take down’ regime, wherein the intermediary is
required to take down unlawful content upon receiving actual knowledge of its existence.

Data diddling
 Data diddling is a form of computer fraud involving the intentional falsification of numbers in data entry.
 It most often involves the inflation or understatement of income or expenses to benefit a company or
individual when completing tax or other financial documents.
 This act is performed manually by someone in a data entry position, or remotely by hacking or
using malware. Data diddling is a form of cyber crime, and is punishable by large fines or imprisonment.
 Unlike other fraud, data diddling specifically refers to the misrepresentation of information during entry,
and not after.
 The phrase is comprised of the term data, which is digital information, and the verb diddle, which means to
falsify or exploit.

Cryptography

 Cryptography is technique of securing information and communications through use of codes so that only
those person for whom the information is intended can understand it and process it.
 Thus preventing unauthorized access to information. The prefix “crypt” means “hidden” and suffix
graphy means “writing”.
 In Cryptography the techniques which are use to protect information are obtained from mathematical
concepts and a set of rule based calculations known as algorithms to convert messages in ways that make
it hard to decode it.

24 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 These algorithms are used for cryptographic key generation, digital signing, verification to protect data
privacy, web browsing on internet and to protect confidential transactions such as credit card and debit
card transactions.
Features Of Cryptography are as follows:
1. Confidentiality:
2. Integrity:
3. Non-repudiation:
4. Authentication:
Types Of Cryptography:
In general there are three types Of cryptography:
 Symmetric Key Cryptography:
o It is an encryption system where the sender and receiver of message use a single common key to
encrypt and decrypt messages.
o Symmetric Key Systems are faster and simpler but the problem is that sender and receiver have to
somehow exchange key in a secure manner. The most popular symmetric key cryptography system is
Data Encryption System(DES).
 Hash Functions:
o A function that converts a given big phone number to a small practical integer value. The mapped
integer value is used as an index in the hash table.
o In simple terms, a hash function maps a big number or string to a small integer that can be used as the
index in the hash table.
What is meant by Good Hash Function?
A good hash function should have the following properties:
1. Efficiently computable.
2. Should uniformly distribute the keys (Each table position equally likely for each key)

 For example: For phone numbers, a bad hash function is to take the first three digits. A better function is
considered the last three digits. Please note that this may not be the best hash function. There may be
better ways
 In practice, we can often employ heuristic techniques to create a hash function that performs well.
Qualitative information about the distribution of the keys may be useful in this design process.
 The two heuristic methods are hashing by division and hashing by multiplication

CYBERSQUATTING

 The term cybersquatting refers to the unauthorized registration and use of Internet domain names that are
identical or similar to trademarks, service marks, company names, or personal names.
 Cybersquatting registrants obtain and use the domain name with the bad faith intent to profit from the
goodwill of the actual trademark owner.
 Both the federal government and the Internet Corporation for Assigned Names and Numbers have taken
action to protect the owners of trademarks and businesses against cybersquatting abuses.

EXAMPLES OF ANTI-CYBERSQUATTING LEGISLATION

 The primary example of anticybersquatting legislation is the Anticybersquatting Consumer Protection Act
(ACPA).

25 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 The ACPA is a federal law that prohibits domain name registrations that are identical or similar to
trademarks or personal names.

 An unauthorized user may be found liable to a trademark owner for intending to profit from a distinctive
mark. Other U.S. laws, such as the Lanham Act and the Trademark Dilution Revision Act, govern additional
trademark and service mark issues. State laws also can provide protection for owners.

Logic Bombs
 A logic bomb is a malicious program that is triggered when a logical condition is met, such as after a
number of transactions have been processed, or on a specific date (also called a time bomb).
 Malware such as worms often contain logic bombs, behaving in one manner, and then changing tactics on a
specific date and time.
 Roger Duronio of UBS PaineWebber successfully deployed a logic bomb against his employer after
becoming disgruntled due to a dispute over his annual bonus.
 He installed a logic bomb on 2000 UBS PaineWebber systems, triggered by the date and time of March 4,
2002 at 9:30 AM:
 “This was the day when 2000 of the company’s servers went down, leaving about 17,000 brokers across the
country unable to make trades. Nearly 400 branch offices were affected. Files were deleted.
DATA SCAVENGING

 Data scavenging is generally step 1 in any deliberate attack against a network.

 Here, the attacker uses a combination of network-based utilities and Internet search engine queries to learn
as much as possible about the target company. The attack is almost impossible to detect for two main
reasons:
 If the attack is using network utilities such as Ping, Traceroute, and so on, the volume of traffic is so low
that it is impossible to single out the attacker.
 Additionally, it is hard to differentiate between legitimate use of these protocols and an attacker's use of
them.
 The information gained through Whois, Nslookup, or Internet search engines is usually public information
that can be learned by anyone.
 Oftentimes, the information gained by the attacker comes from servers other than the victim's servers (as is
the case with Whois queries).
 Using an Internet search engine can yield all sorts of good information as well. After a successful data-
scavenging attack, the attacker might know the following about the victim network:
o IP addresses of critical systems (WWW, DNS, mail)
o IP ranges assigned to the victim
o Internet service provider (ISP) of the victim

Software Piracy – Definition

 Software piracy is the act of stealing software that is legally protected. This stealing includes copying,
distributing, modifying or selling the software.
 Copyright laws were originally put into place so that the people who develop software (programmers,
writers, graphic artists, etc.) would get the proper credit and compensation for their work.
 When software piracy occurs, compensation is stolen from these copyright holders.

26 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
Types of Software Piracy
There are five main types of software piracy. This variety of pirating techniques explains how some individuals
purposely pirate software while others may unknowingly be an accomplice.

 Softlifting
o Softlifting is when someone purchases one version of the software and downloads it onto multiple
computers, even though the software license states it should only be downloaded once.
o This often occurs in business or school environments and is usually done to save money. Softlifting is
the most common type of software piracy.

 Client-server overuse
o Client-server overuse is when too many people on a network use one main copy of the program at the
same time.
o This often happens when businesses are on a local area network and download the software for all
employees to use.
o This becomes a type of software piracy if the license doesn’t entitle you to use it multiple times.

 Hard disk loading

o Hard disk loading is a type of commercial software piracy in which someone buys a legal version of the
software and then reproduces, copies or installs it onto computer hard disks. The person then sells the
product. This often happens at PC resale shops and buyers aren’t always aware that the additional
software they are buying is illegal.

Counterfeiting

o Counterfeiting occurs when software programs are illegally duplicated and sold with the appearance of
authenticity. Counterfeit software is usually sold at a discounted price in comparison to the legitimate
software.

 Online Piracy
o Online piracy, also known as Internet piracy, is when illegal software is sold, shared or acquired by
means of the Internet.
o This is usually done through a peer-to-peer (P2P) file-sharing system, which is usually found in the
form of online auction sites and blogs.

SALAMI ATTACK

 “Salami Slicing Attack” or “Salami Fraud” is a technique by which Cyber-criminals steal money or
resources a bit at a time so that there’s no noticeable difference in overall size.
 The perpetrator gets away with these little pieces from a large number of resources and thus accumulates a
considerable amount over a period of time. The essence of this method is the failure to detect the
misappropriation.
 The most classic approach is “collect-the-round off” technique. Salami Attack consists of merging bits of
seemingly inconsequential data to produce huge results. A small attack that transform into a large attack is
known Salami attack.
 It is sometimes called Salami slicing, because the attack goes almost unnoticed by the victims due to the
nature of the attack. In general, Salami slicing is defined as anything that is reduced interested in minor
activities or segments.

27 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 Stealing money electronically is the most common use of the Salami slicing technique, but it’s not restricted
to money laundering.
 The Salami technique can also be applied to gather little bits of information over a period of time to deduce
an overall picture of an organization.
 This act of distributed information gathering may be against an individual or an organization. Data can be
collected from web sites, advertisements, documents collected from trash cans, and the like, gradually
building up a whole database of factual intelligence about the target

Worm attack

 A computer worm is a program containing malicious code that attacks host computers and spreads via a
network. Network worms exploit security vulnerabilities in various applications. Due to the availability of
the Internet, they can spread all over the world within a few hours of their release.
 Most worm attacks (Sasser, SqlSlammer) can be avoided by using default security settings in the firewall, or
by blocking unprotected and unused ports. Also, it is essential that your operating system is updated with
the most recent security patches.
Cyber voyeurism
 The increased miniaturisation of digital technology, the ready availability of recording devices, coupled
with the ease with which digital images can be reproduced and uploaded, has led to an apparent increase in
conduct which may broadly be described as ‘voyeurism’.
 Typically, this involves a person surreptitiously observing, and in some cases recording, another person in
what would generally be regarded as a private place. For example, the sports centre manager who installed a
camera to film women in the shower and using sunbeds, the homeowner who concealed motion-sensitive
cameras in the bedroom in order to record his house-sitter, or the stepfather who concealed a video camera
to secretly record his adult stepdaughter showering.
 First, such technology makes it much easier to engage in covert surveillance. Miniature cameras may easily
be concealed in everyday items.
 Mobile phone cameras are particularly insidious, being so ubiquitous that we accept their presence in areas
where a camera would otherwise seem suspicious. For example, digital cameras may be used to capture so-
called ‘up-skirt’ and ‘down-blouse’ images.
 As their names suggest, these are images taken surreptitiously up a woman's skirt or of her cleavage, and are
widely available on the internet.
 While once a person may have concealed themselves underneath a staircase or other vantage point to gain
such a view, cameras may now easily be concealed in a bag, or other item, which is then placed at the
woman's feet.

Shoulder Surfing
 The term shoulder surfing might conjure up images of a little surfer "hanging ten" on your shirt collar, but
the reality is much more mundane.
 Shoulder surfing is a criminal practice where thieves steal your personal data by spying over your shoulder
as you use a laptop, ATM, public kiosk or other electronic device in public.
 Despite the funny name, it's a security risk that can cause a financial wipeout.
 The practice long predates smartphones and laptops, and goes back to when criminals spied on pay phone
users as they punched in their phone card numbers to make calls.
 From there, thieves moved to observing their victims key in PINs while using ATMs, paying for gas at self-
service pumps or even making a purchase in a store.
28 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P
LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
What Is Cyberbullying

 Cyberbullying is bullying that takes place over digital devices like cell phones, computers, and tablets.
Cyberbullying can occur through SMS, Text, and apps, or online in social media, forums, or gaming where
people can view, participate in, or share content.
 Cyberbullying includes sending, posting, or sharing negative, harmful, false, or mean content about
someone else.
 It can include sharing personal or private information about someone else causing embarrassment or
humiliation. Some cyberbullying crosses the line into unlawful or criminal behavior.

 The most common places where cyberbullying occurs are:

o Social Media, such as Facebook, Instagram, Snapchat, and Tik Tok

o Text messaging and messaging apps on mobile or tablet devices
o Instant messaging, direct messaging, and online chatting over the internet
o Online forums, chat rooms, and message boards, such as Reddit
o Email
o Online gaming communities

What is a keylogger?

 A keylogger is an insidious form of spyware. You enter sensitive data onto your keyboard, believing nobody
is watching. In fact, keylogging software is hard at work logging everything that you type.

 Keyloggers are activity-monitoring software programs that give hackers access to your personal data. The
passwords and credit card numbers you type, the webpages you visit – all by logging your keyboard strokes.
The software is installed on your computer, and records everything you type. Then it sends this log file to a
server, where cybercriminals wait to make use of all this sensitive information.

 If keyloggers seem like Hollywood fiction, that’s because we’ve seen them on the silver screen before. You
might remember Tom Cruise’s character using one a Mission Impossible film, and the popular hacker
show Mr. Robot bases a key plot point around keyloggers.

 These cybercriminals aren’t just eavesdropping on whatever you are typing. They have ringside seats.

Corporate espionage

 Corporate espionage is espionage conducted for commercial or financial purposes. Corporate espionage is
also known as industrial espionage, economic espionage or corporate spying.
 That said, economic espionage is orchestrated by governments and is international in scope, while industrial
or corporate espionage generally occurs between organizations.
 Foreign governments, especially those where many businesses are state-owned and have a strong focus on
economic development, are common users of corporate spying. As a result, other governments find
themselves drawn into it too. One of the main motivations United States President Donald Trump has given
for escalating the trade war with China has been to fight against Chinese theft of U.S. company trade
secrets.

29 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM
 Economic and industrial espionage has two forms:

o Acquisition of intellectual property, such as manufacturing processes or techniques, locations of

production, proprietary or operational information like customer data, pricing, sales, research and
development, policies, prospective bids, planning or marketing strategies.
o Theft of trade secrets, bribery, blackmail or technological surveillance with different types of malware.
 As well as orchestrating espionage on commercial organizations, governments can also be targets. For
example to determine the terms of a tender for a government contract.

Web Jacking
 When a Web application improperly redirects a user’s browser from a page on a trusted domain to a bogus
domain without the user’s consent, it’s called Web Jacking.
 Web Jacking attack method is another type of social engineering attack method called Phishing attack, often
used to steal user data, including login credentials and credit card numbers.
 When an attacker impersonating an object, cheats the victim by opening an email, instant message, or text
message.
 The recipient is then tricked into clicking on a malicious link, leading to a malware installation, program
freezing as part of a ransomware attack, or exposure to sensitive information.
 Attacks can have serious consequences. For individuals, this includes unauthorized purchases, money
laundering, or identity theft. Also, identity theft is often used to gain corporate or government networks as
part of a larger attack, such as an Advanced Persistent Threat (APT).
 In the latter case, employees are compromised to go through security perimeters, distribute malware within
a closed area, or gain access to secure data.
 An organization defeated by these attacks often supports greater financial losses in addition to declining
market share, reputation, and consumer confidence.
 Broadly speaking, a criminal attempt to steal sensitive information can escalate into a security incident
where the business will have a difficult time recovering.

30 COLLABORATED BY:- AJITH.V, RATHULDEV.S AND MUHAMMED NASEEB.P

LEEWAY, MCT COLLEGE OF LEGAL STUDIES MALAPPURAM