Chapter 4:- Cybercrimes and Cyber security: The Legal Perspectives

Content:
4.1 Introduction
4.2 Cybercrime and the Legal Landscape around the World
4.3 Why Do We Need Cyber laws: The Indian Context
4.4 The Indian IT Act
4.5 Challenges to Indian Law and Cybercrime Scenario in India
4.6 Consequences of not addressing the Weakness in Information
Technology Act
4.7 Digital Signatures and the Indian IT Act
4.8 Amendments to the Indian IT Act
4.9 Cybercrime and Punishment
4.10 Cyberlaw, Technology and Students: Indian Scenario

4.1 Introduction:
 Nowadays, the term cybercrime is well known and needs no introduction.
 Crime is a great obstacle in the development of a country.
 It adversely affects the members of the society and lowers down the economic growth
of the country.
 Computer technology provides a boost to the human life and makes it easier and
comfortable. It adds accuracy, speed and efficiency to the life of human being.
 But a computer is exploited by the criminals and its illegal use leads to cybercrime.
 To combat cybercrime, India enacted the Information Technology Act, 2000 which was
drastically amended in the year 2008 providing more powerful and stringent law.
 Cybercrime is a world-wide / international crime as it has been affected by the global
revolution in information and communication technologies (ICTs). It has affected the
global community.
 The internet has become an integral part of everyone’s life.
 It has also given new dimensions to our economic and social life.
 But at the same time we cannot be oblivious of the negative side of use of computers and
internet.
 It is very unfortunate that computer crime is widespread and is increasing exponentially
as the side effect of the excessive use of computers and internet.
 The internet is used almost everywhere like in home, shop, office, railway station,
college etc. by the users.
 Unfortunately, the internet is misused by hackers and organised criminals. The growth
of cybercrime is increasing proportionately to the internet explosion.
 Cybercrime is expanding parallel with the growing number of internet users.
 Due to these consequences there was need to adopt a strict law by the cyber space
authority to regulate criminal activities relating to cyber and to provide better
administration of justice to the victim of cybercrime.
 In the modern cyber technology world, it is very much necessary to regulate
cybercrimes and most importantly cyber law should be made stricter in the case of cyber
terrorism and hackers.

4.2 Cybercrime and the Legal Landscape around the World:

 Cybercrime law includes laws related to computer crimes, internet crimes, information
crimes, communications crimes, and technology crimes.
 While the internet and the digital economy represent a significant opportunity, they’re
also an enabler for criminal activity.
 Cybercrime laws are laws that create the offences and penalties for cybercrimes.
 Cybercrime is a global problem, which requires a coordinated international response.
 Governments around the world have recognized the importance of addressing
cybersecurity concerns through legislation.
 Several countries have enacted cybersecurity laws and regulations to establish a legal
framework for combating cyber threats.
 The specifics of these laws can vary widely from one jurisdiction to another, but they
typically cover areas such as data protection, incident reporting, and law enforcement
powers.
 Some specific cybercrime law:
 In India has two laws that recognise the importance of cybersecurity:
 The Information Technology Act, 2000, and
 Specific rules, like the Information Technology (Reasonable Security Practices and
Procedures and Sensitive Personal Data or Information) Rules, 2011.
 In the United States, for instance, the Cybersecurity Information Sharing Act
(CISA) encourages private-sector companies to share information about cybersecurity
threats with the government. It also provides certain legal protections for companies
that participate in these information-sharing programs.
 The European Union has implemented the General Data Protection Regulation
(GDPR), which not only protects the privacy of individuals but also requires
organisations to take strong cybersecurity measures to safeguard personal data.
 The Budapest Convention on Cybercrime, commonly known as the Council of Europe
Convention on Cybercrime, is one important illustration. This treaty outlines steps to
prevent cybercrime, including data security and computer system security. It
encourages adherence to its terms by member states' laws and regulations.
 Additionally, by promoting information exchange and cooperation between law
enforcement agencies around the world, INTERPOL and Europol play crucial roles in
coordinating international efforts to combat cybercrime.

4.3 Why Do We Need Cyber laws: The Indian Context:

 Cyber law is a framework created to give legal recognition to all risks arising out of the
usage of computers and computer networks.
 Under the preview of cyber law, there are several aspects, such as, intellectual property,
data protection and privacy, freedom of expression and crimes committed using
computers.
 The Indian Parliament passed its first cyberlaw, the Information Technology Act, ITA
2000, aimed at providing the legal infrastructure for E-Commerce in India.
 ITA 2000 received the assent of the President of India and it has now become the law of
the land in India.
 The Government of India felt the need to enact relevant cyberlaws to regulate Internet
based computer related transactions in India.
 It manages all aspects, issues, legal consequences and conflict in the world of
cyberspace, Internet or WWW.
 In the Preamble to the Indian ITA 2000, it is mentioned that it is an act to provide legal
recognition for transactions carried out by means of electronic data interchange and
other means of electronic communication, commonly referred to as electronic
commerce.
 The reasons for enactment of cyberlaws in India are summarized below:
 Although India possesses a very well defined legal system, covering all possible
situations and cases that have occurred or might take place in future, the country
lacks in many aspects when it comes to newly developed Internet technology. It is
essential to address this gap through a suitable law given the increasing use of
Internet and other computer technologies in India.
 There is a need to have some legal recognition to the Internet as it is one of the most
dominating sources of carrying out business in today’s world.
 With the growth of the Internet, a new concept called cyberterrorism came into
existence.
 Cyberterrorism includes the use of disruptive activities with the intention to further
social, ideological, religious, political or similar objectives, or to intimidate any person
in furtherance of such objectives in the world of cyberspace. It actually is about
committing an old offense but in an innovative way.
 Keeping all these factors into consideration, Indian Parliament passed the Information
Technology Bill on 17 May 2000, known as the ITA 2000.
 It talks about cyberlaws and forms the legal framework for electronic records and other
activities done by electronic means.

4.4 The Indian IT Act:

 As mentioned above, this Act was published in the year 2000 with the purpose of
providing legal recognition for transactions carried out by means of electronic data
interchange, commonly referred to as electronic commerce.
 Electronic communications involve the use of alternatives to paper-based methods of
communication and storage of information, to facilitate electronic filing of documents
with the government agencies.
 Another purpose of the Indian IT Act was to amend the Indian Penal Code (IPC), the
Indian Evidence Act 1872, the Bankers’ Books Evidence Act 1891, the Reserve Bank of
India Act 1934 and matters connected therewith or incidental thereto.
 The Reserve Bank of India Act has got Section 58B about Penalties. Subsequently, the
Indian IT Act underwent some important changes to accommodate the current
cybercrime scenario; note specially the changes to Section 66 and the corresponding
punishments for cyber offenses.

 ITA Sections are as follows:

 Section 65: Tampering with computer source documents.
 Section 66: Computer-related offences.
 Section 67: Punishment for publishing or transmitting obscene material in electronic
form.
 Section 71: Penalty for misrepresentation.
 Section 72: Penalty for breach of confidentiality and privacy.
 Section 73: Penalty for publishing Digital Signature Certificate false in certain
particulars.
 Section 74: Publication for fraudulent purpose.

 Positive Aspects of the ITA 2000

 The Indian ITA 2000, though heavily criticized for not being specific on cybercrimes, in
our opinion, does have a few good points.
 Prior to the enactment of the ITA 2000 even an E-Mail was not accepted under the
prevailing statutes of India as an accepted legal form of communication and as
evidence in a court of law. But the ITA 2000 changed this scenario by legal recognition
of the electronic format. Indeed, the ITA 2000 is a step forward.
 From the perspective of the corporate sector, companies are able to carry out
Ecommerce using the legal infrastructure provided by the ITA 2000. Till the coming
into effect of the Indian cyberlaw, the growth of E-Commerce was impeded in our
country basically because there was no legal infrastructure to regulate commercial
transactions online.
  Corporate will now be able to use digital signatures to carry out their transactions
online. These digital signatures have been given legal validity and sanction under the
ITA 2000.
 In today’s scenario, information is stored by the companies on their respective
computer system, apart from maintaining a backup. Under the ITA 2000, it became
possible for corporate to have a statutory remedy if anyone breaks into their
computer systems or networks and causes damages or copies data. The remedy
provided by the ITA 2000 is in the form of monetary damages, by the way of
compensation, not exceeding ` 10,000,000.
 ITA 2000 defined various cybercrimes. Prior to the coming into effect of the Indian
Cyberlaw, the corporate were helpless as there was no legal redress for such issues.
However, with the ITA 2000 instituted, the scenario changed altogether.

 Weak Areas of the ITA 2000

 As mentioned before, there are limitations too in the IT Act; those are mainly due to the
following gray areas:
 The ITA 2000 is likely to cause a conflict of jurisdiction.
 E-Commerce is based on the system of domain names. The ITA 2000 does not even
touch the issues relating to domain names.
 The ITA 2000 does not deal with issues concerning the protection of Intellectual
Property Rights (IPR)
 As the cyberlaw is evolving, so are the new forms and manifestations of cybercrimes.
The offenses defined in the ITA 2000 are by no means exhaustive.
 The ITA 2000 has not tackled issues related to E-Commerce like privacy and content
regulations.
4.5 Challenges to Indian Law and Cybercrime Scenario in India:
 The offenses covered under the Indian ITA 2000 include:
 1. Tampering with the computer source code or computer source documents.
 2. Un-authorized access to computer (“hacking” is one such type of act).
 3. Publishing, transmitting or causing to be published any information in the
electronic form which is lascivious or which appeals to the prurient interest.
 4. Failure to decrypt information if the same is necessary in the interest of the
sovereignty or integrity of India, the security of the state, friendly relations with
foreign state, public order or for preventing incitement to the commission of any
cognizable offense.
 5. Securing access or attempting to secure access to a protected system.
 6. Misrepresentation while obtaining, any license to act as a Certifying Authority (CA)
or a digital signature certificate.
 7. Breach of confidentiality and privacy.
 8. Publication of digital signature certificates which are false in certain particulars.
 9. Publication of digital signature certificates for fraudulent purposes.
 There are legal drawbacks with regard to cybercrimes addressed in India – there is a
need to improve the legal scenario.
 These drawbacks prevent cybercrimes from being addressed in India.
 First, the difficulties/ drawbacks with most Indians not to report cybercrimes to the law
enforcement agencies because they fear it might invite a lot of harassment.
 Second, their awareness on cybercrime is relatively on the lower side.
 Another factor that contributes to the difficulty of cybercrime resolution is that the law
enforcement agencies in the country are neither well equipped nor knowledgeable
enough about cybercrime.
 There is a tremendous need for training the law enforcement agencies in India. Not all
cities have cybercrime cells.
 Most investigating officers with the Police force may be well equipped to fight
cybercrime we need dedicated, continuous and updated training of the law enforcement
agencies.
4.6 Consequences of not addressing the Weakness in Information
Technology Act:
 In light of the discussion so far, we can see that there are many challenges in the Indian
scenario for fight with cybercrime.
 Cyber laws of the country are yet to reach the level of sufficiency and adequate security
to serve as a strong platform to support India’s E-Commerce industry for which they
were meant. India has lagged behind in keeping pace with the world in this regard.
 The consequences of this are visible – India’s outsourcing sector may get impacted.
 There are many news about overseas customer worrying about data breaches and data
leakages in India.
 This can result in breaking India’s IT business leadership in international outsourcing
market.
 Outsourcing is on the rise; if India wishes to maintain its strong position in the global
outsourcing market, there should be quick and intelligent steps taken to address the
current weaknesses in the Information Technology Act.
 If this is not addressed in the near future, then the dream of India ruling the world’s
outsourcing market may not come true.

4.7 Digital Signatures and the Indian IT Act:

 A few technical concepts regarding Digital Signature.
 Public-Key Certificate:
 A public-key certificate is a digitally signed statement from one entity, saying that the
public key of another entity has some specific value.
 A digital signature is a type of electronic signature that is used to guarantee the integrity
of the data.
 When linked to the identity of the signer – using a security token such as X.509
Certificates – Which is a digital signature.
 An X.509 Certificate contains information about the certificate subject and the certificate
issuer (the CA that issued the certificate).
 The role of a certificate is to associate an identity with a public-key value.
 A certificate includes:
1. X.509 version information.
2. A serial number that uniquely identifies the certificate.
 3. A common name that identifies the subject.
4. The public key associated with the common name.
5. The name of the user who created the certificate, known as the subject name.
6. Information about the certificate issuer.
7. Signature of the issuer.
8. Information about the algorithm used to sign the certificate.
9. Some optional X.509 version 3 extensions.

 Representation of Digital Signatures in the ITA 2000

 ITA 2000 had prescribed digital signatures based on Asymmetric cryptosystem and
Hash system as the only acceptable form of authentication of electronic documents
recognized as equivalent to “signatures” in paper form.
 When the ITA 2000 was drafted, there was a slip-up in the drafting of Section 35,
subsection (3), which made it mandatory for an applicant of a digital signature
certificate to enclose a Certification Practice Statement along with his application.
 One of the major deficiencies in the bill, which could hinder implementation, is the
provisions regarding the role and function of the CAs as well as the process of issuing
digital certificates.

 Impact of Oversights in ITA 2000 Regarding Digital Signatures

 The Ministry of Information and Technology had to urgently establish a task force to
assist them in the drafting of the rules.
 The task force consisted of experts in the field.
 It is said that now this blunder has been accompanied by more avoidable confusions.
 The Information Technology Amendment Bill 2006 was drafted on the basis of the
recommendations of an “Expert Committee.”
 The Committee took into consideration a recommendation from technical community
that
 The PKI-based system made the law dependent on a single authentication technology
and
 There was a need to make the law Technology Neutral
4.8 Amendments to the Indian IT Act:
 As technology evolved over time, the Indian Parliament recognized the need to revise
the Act in order to align it with societal needs, resulting in its amendment.
 Two significant amendments were made to the IT Act 2000 that you should know about.
 1. Amendment of 2008:
 The 2008 amendment came up with modifications to Section 66A of the IT Act, 2000.
 The section outlined penalties for sharing offensive messages electronically. This
includes any message or information that incited hatred or compromised the integrity
and security of the nation. However, the lack of clarity in defining 'offensive' messages
led to unnecessary punishment of several individuals, ultimately resulting in the striking
down of the section.
 2. Amendment Bill 2015:
 In 2015, another bill was initiated to amend Section 66A with the aim of safeguarding
the fundamental rights guaranteed to citizens by the country's Constitution. This was
later accomplished by declaring it as violative of Article 19 of the Constitution.

4.9 Cybercrime and Punishment:

 Cyber offences are the illegitimate actions, which are carried out in a classy manner
where either the computer is the tool or target or both.
 Cyber-crime usually includes the following –
 Unauthorized access of the computers
 Data diddling
 Virus/worms attack
 Theft of computer system
 Hacking
 Denial of attacks
 Logic bombs
 Trojan attacks
 Internet time theft
 Web jacking
 Email bombing
 Salami attacks
 Physically damaging computer system.
 The offences included in the I.T. Act 2000 are as follows –
 Tampering with the computer source documents.
 Hacking with computer system.
 Publishing of information which is obscene in electronic form.
 Power of Controller to give directions.
 Directions of Controller to a subscriber to extend facilities to decrypt information.
 Protected system.
 Penalty for misrepresentation.
 Penalty for breach of confidentiality and privacy.
 Penalty for publishing Digital Signature Certificate false in certain particulars.
 Publication for fraudulent purpose.
 Act to apply for offence or contravention committed outside India Confiscation.
 Penalties or confiscation not to interfere with other punishments.
 Power to investigate offences.
 There are provisions in the Information Technology Act 2000 that outline different
offences and penalties related to the misuse of technology and electronic
communication are as follows:

Section Offence Penalty

Tampering documents stored Imprisonment of 3 years or a fine
Section 65
within a computer system of Rs. 2 lakhs or Both
Offences associated with Imprisonment of 3 years or a fine
Section 66 computers or any act outlined in that extends to Rs. 5 lakhs or
Section 43 Both
Sending offensive messages
Imprisonment up to 3 years and
Section 66-A through Communication
fine or Both
service, etc...
Dishonestly receiving a stolen Imprisonment for 3 years or a
Section 66B
computer source or device fine of Rs. 1 lakh or Both
Imprisonment of 3 years or a fine
Section 66C Identity theft
of Rs. 1 lakh or Both
Either imprisonment for 3 years
Section 66D Cheating by personation
or a fine of Rs. 1 lakh or Both
Either imprisonment up to 3
Section 66E Invading privacy years or a fine of Rs. 2 lakhs or
Both
Section 66F Cyber terrorism Life imprisonment
Sending explicit or obscene Imprisonment of 5 years and a
Section 67
material in electronic form fine of Rs. 10 lakhs or Both
 Sending material containing
Imprisonment of 7 years and a
Section 67A sexually explicit acts through
fine of Rs. 10 lakhs
electronic means
Depicting children in sexually
explicit form and sharing such Imprisonment of 7 years and a
Section 67B
material through electronic fine of Rs. 10 lakhs
mode
Failure to preserve and retain
Imprisonment for 3 years and a
Section 67C the information by
fine
intermediaries
Failure to comply with the Imprisonment up to 2 years
Section 68
directions given by Controller and/or fine up to Rs. 1 lakh
Failure to assist the agency
referred to in sub section (3) in
regard interception or Imprisonment up to 7 years and
Section 69
monitoring or decryption of any fine
information through any
computer resource
Failure of the intermediary to
comply with the direction
Imprisonment up to 7 years and
Section 69-A issued for blocking for public
fine
access of any information
through any computer resource
Intermediary who intentionally
or knowingly contravenes the
provisions of sub-section (2) in
Imprisonment up to 3 years and
Section 69-B regard monitor and collect
fine
traffic data or information
through any computer resource
for cybersecurity
Any person who secures access
or attempts to secure access to Imprisonment of either
Section 70 the protected system in description up to 10 years and
contravention of provision of fine
Sec. 70
Indian Computer Emergency
Response Team to serve as
national agency for incident
response. Any service provider,
Imprisonment up to 1 year
Section 70-B intermediaries, data centres,
and/or fine up to Rs. 1 lakh
etc., who fails to prove the
information called for or comply
with the direction issued by the
ICERT.
Misrepresentation to the
Imprisonment up to 2 years and/
Section 71 Controller to the Certifying
or fine up to Rs. 1 lakh.
Authority
Breach of Confidentiality and Imprisonment up to 2 years
Section 72
privacy and/or fine up to Rs. 1 lakh.
 Disclosure of information in Imprisonment up to 3 years
Section 72-A
breach of lawful contract and/or fine up to Rs. 5 lakh.
Publishing electronic Signature
Imprisonment up to 2 years
Section 73 Certificate false in certain
and/or fine up to Rs. 1 lakh
particulars
Publication for fraudulent Imprisonment up to 2 years
Section 74
purpose and/or fine up to Rs. 1 lakh