1

Cyber law

Unit-I

Qs. Information Technology Act, 2000: Background and Objectives of the Act

Ans. The Information Technology Act, 2000 or ITA, 2000 or IT Act, was notified on October 17, 2000. It
is the law that deals with cybercrime and electronic commerce in India.

Information Technology Act, 2000

In 1996, the United Nations Commission on International Trade Law (UNCITRAL) adopted the model
law on electronic commerce (e-commerce) to bring uniformity in the law in different countries.

Further, the General Assembly of the United Nations recommended that all countries must consider this
model law before making changes to their own laws. India became the 12th country to enable
cyber law after it passed the Information Technology Act, 2000.

While the first draft was created by the Ministry of Commerce, Government of India as the E Commerce
Act, 1998, it was redrafted as the ‘Information Technology Bill, 1999’, and passed in May 2000.

Applicability and Non-Applicability of the Act

Applicability

According to Section 1 (2), the Act extends to the entire country, which also includes Jammu and
Kashmir. In order to include Jammu and Kashmir, the Act uses Article 253 of the constitution. Further, it
does not take citizenship into account and provides extra-territorial jurisdiction.

Section 1 (2) along with Section 75, specifies that the Act is applicable to any offence or contravention
committed outside India as well. If the conduct of person constituting the offence involves a computer or
a computerized system or network located in India, then irrespective of his/her nationality, the person is
punishable under the Act.

Lack of international cooperation is the only limitation of this provision.

Non-Applicability

According to Section 1 (4) of the Information Technology Act, 2000, the Act is not applicable to the
following documents:

I. Execution of Negotiable Instrument under Negotiable Instruments Act, 1881, except cheques.
II. Execution of a Power of Attorney under the Powers of Attorney Act, 1882.
III. Creation of Trust under the Indian Trust Act, 1882.
IV. Execution of a Will under the Indian Succession Act, 1925 including any other testamentary
disposition
by whatever name called.
V. Entering into a contract for the sale of conveyance of immovable property or any interest in such
property.
 2

VI. Any such class of documents or transactions as may be notified by the Central Government in the
Gazette.

Objectives of the Act

I. The Information Technology Act, 2000 provides legal recognition to the transaction done via
electronic exchange of data and other electronic means of communication or electronic commerce
transactions.
II. This also involves the use of alternatives to a paper-based method of communication and
information storage to facilitate the electronic filing of documents with the Government agencies.
III. Further, this act amended the Indian Penal Code 1860, the Indian Evidence Act 1872, the
Bankers’ Books Evidence Act 1891, and the Reserve Bank of India Act 1934. The objectives of
the Act are as follows:
IV. Grant legal recognition to all transactions done via electronic exchange of data or other electronic
means of communication or e-commerce, in place of the earlier paper-based method of
communication.
V. Give legal recognition to digital signatures for the authentication of any information or matters
requiring legal authentication
VI. Facilitate the electronic filing of documents with Government agencies and also departments
VII. Facilitate the electronic storage of data
VIII. Give legal sanction and also facilitate the electronic transfer of funds between banks and financial
institutions
IX. Grant legal recognition to bankers under the Evidence Act, 1891 and the Reserve Bank of India
Act, 1934, for keeping the books of accounts in electronic form.

Features of the Information Technology Act, 2000

I. All electronic contracts made through secure electronic channels are legally valid.
II. Legal recognition for digital signatures.
III. Security measures for electronic records and also digital signatures are in place
IV. A procedure for the appointment of adjudicating officers for holding inquiries under the Act is
finalized
V. Provision for establishing a Cyber Regulatory Appellant Tribunal under the Act. Further, this
tribunal will handle all appeals made against the order of the Controller or Adjudicating Officer.
VI. An appeal against the order of the Cyber Appellant Tribunal is possible only in the High Court
VII. Digital Signatures will use an asymmetric cryptosystem and also a hash function
VIII. Provision for the appointment of the Controller of Certifying Authorities (CCA) to license and
regulate the working of Certifying Authorities. The Controller to act as a repository of all digital
signatures.
IX. The Act applies to offences or contraventions committed outside India
X. Senior police officers and other officers can enter any public place and search and arrest without
warrant
XI. Provisions for the constitution of a Cyber Regulations Advisory Committee to advise the Central
Government and Controller.

Qs. Cryptography, Private and Public Key

 3

Ans. Cryptography or cryptology is the practice and study of techniques for secure communication in the
presence of third parties called adversaries. More generally, cryptography is about constructing and
analyzing protocols that prevent third parties or the public from reading private messages; various aspects
in information security such as data confidentiality, data integrity, authentication, and non-repudiation are
central to modern cryptography. Modern cryptography exists at the intersection of the disciplines
of mathematics, computer science, electrical engineering, communication science, and physics.
Applications of cryptography include electronic commerce, chip-based payment cards, digital
currencies, computer passwords, and military communications.

What is Cryptography

Cryptography is a process that allows making the data secure in communication. For example, in online
transactions, it is important to protect the personal details. Cryptography is a solution to protect data.
There are two main concepts in cryptography called encryption and decryption. At the sender’s end, the
original message is transformed into an unreadable message. This is called encryption. This uses an
algorithm and a key. This converted message is also called a ciphertext and it is sent via the network. At
the receiver’s end, the message is transformed back into the original message. This is called decryption. It
also uses an algorithm and a key.

There are two techniques used in encryption and decryption. They are the symmetric and asymmetric
encryption. Symmetric Encryption uses the same key for encryption and decryption. It is fast but requires
a secure channel. On the other hand, asymmetric encryption uses two keys called public key and private
key for encryption and decryption. It is more secure than symmetric encryption.

Three types of cryptographic techniques used in general.

1. Symmetric-key cryptography

2. Hash functions.

3. Public-key cryptography

Symmetric-key Cryptography: Both the sender and receiver share a single key. The sender uses this
key to encrypt plaintext and send the cipher text to the receiver. On the other side the receiver applies the
same key to decrypt the message and recover the plain text.

Public-Key Cryptography: This is the most revolutionary concept in the last 300-400 years. In Public-
Key Cryptography two related keys (public and private key) are used. Public key may be freely
distributed, while its paired private key, remains a secret. The public key is used for encryption and for
decryption private key is used.

Hash Functions: No key is used in this algorithm. A fixed-length hash value is computed as per the plain
text that makes it impossible for the contents of the plain text to be recovered. Hash functions are also
used by many operating systems to encrypt passwords.

Type of cryptography

Public Key
 4

The public key is used to accomplish encryption. When the data is encrypted using the public key, it is
done in a way that leaves a large number of possible solutions available. To decrypt the data, it is
necessary to test all the possibilities before finding the correct one. When there is a private key, there is
only one way to decrypt the message. Even though public key helps the encryption process, it does not
help decryption.

Private Key

The private key is used to accomplish decryption. In other words, it is not possible to decrypt the received
message without the corresponding private key. The message can be encrypted without the private key.
But it is necessary in decryption. The private key is not transferred and it is not intercepted by any other
unauthorized third party. The public key is widely distributed, but the private key is kept hidden.

Difference between Private key and Public key

S.NO PRIVATE KEY PUBLIC KEY

Private key is faster than public

1. key. It is slower than private key.

In public key cryptography, two keys

In this, the same key (secret key) are used, one key is used for
and algorithm is used to encrypt encryption and while the other is used
2. and decrypt the message. for decryption.

In private key cryptography, the In public key cryptography, one of the

3. key is kept as a secret. two keys is kept as a secret.

Private key
is Symmetrical because there is Public key is Asymmetrical because
only one key that is called secret there are two types of key: private and
4. key. public key.

In this cryptography, sender and In this cryptography, sender and

receiver need to share the same receiver does not need to share the
5. key. same key.

In this cryptography, the key is In this cryptography, public key can

6. private. be public and private key is private.

Qs. Electronic and Digital Signatures and their Legal significance

 5

Ans. Electronic signature and digital signature are often used interchangeably but the truth is that these
two concepts are different. The main difference between the two is that digital signature is mainly used to
secure documents and is authorized by certification authorities while electronic signature is often
associated with a contract where the signer has got the intention to do so.

I. Digital Signatures

Digital Signatures provide a viable solution for creating legally enforceable electronic records, closing the
gap in going fully paperless by completely eliminating the need to print documents for signing. Digital
signatures enable the replacement of slow and expensive paper-based approval processes with fast, low-
cost, and fully digital ones

Purpose

The purpose of a digital signature is the same as that of a handwritten signature. Instead of using pen and
paper, a digital signature uses digital keys (public-key cryptography). Like the pen and paper method, a
digital signature attaches the identity of the signer to the document and records a binding commitment to
the document. However, unlike a handwritten signature, it is considered impossible to forge a digital
signature the way a written signature might be.

In addition, the digital signature assures that any changes made to the data that has been signed cannot go
undetected. Digital signatures are easily transportable, cannot be imitated by someone else and can be
automatically time-stamped.

Features

A digital signature can be used with any kind of message, whether it is encrypted or plain text. Thus
Digital Signatures provide the following three features:-

Authentication – Digital signatures are used to authenticate the source of messages. The ownership of a
digital signature key is bound to a specific user and thus a valid signature shows that the message was
sent by that user.

Integrity – In many scenarios, the sender and receiver of a message need assurance that the message has
not been altered during transmission. Digital Signatures provide this feature by using cryptographic
message digest functions.

Non-Repudiation – Digital signatures ensure that the sender who has signed the information cannot at a
later time deny having signed it.

Electronic signature

An electronic signature is described as any electronic symbol, process or sound that is associated with a
record or contract where there is intention to sign the document by the party involved. The major feature
of an electronic signature is thus the intention to sign the document or the contract. The other notable
aspect that makes an electronic signature different from a digital signature is that an electronic signature
can be verbal, a simple click of the box or any electronically signed authorization.
 6

The main feature of an electronic signature is that it reveals the intent by the signer to sign the document.
This is usually applicable to contracts or other related agreements that are entered into by two parties. As
noted, there are different types of electronic signatures and these are legally binding once all parties have
shown their commitment and intent to enter into a certain contract.

Difference Between Digital Signature and Electronic Signature

Purpose

The main purpose of a digital signature is to secure a document so that it is not tampered with by people
without authorization

An electronic signature is mainly used to verify a document. The source of the document and the authors
are identified.

Regulation

Digital signature is authorized and regulated by certification authorities. These are trusted third parties
entrusted with the duty to perform such task.

Electronic signatures are not regulated and this is the reason why they are less favorable in different states
since their authenticity is questionable. They can be easily tampered with.

Security

A digital signature is comprised of more security features that are meant to protect the document

An electronic signature is less secure since it is not comprised of viable security features that can be used
to secure it from being tampered with by other people without permission.

Types of signatures

Two common types of digital signatures are mainly based on document processing platforms namely
Adobe PDF and Microsoft

An electronic signature can be in the following forms: scanned image, verbal or a tick can be used on an
electronic document. The main idea behind is to identify the person who has signed the document for
contractual purposes

Verification

A digital signature can be verified to see if the document has not been tempered with. A digital certificate
can be used to track the original author of the document.

It may be difficult to verify the real owner of the signature since it is not certified. This compromises the
authenticity as well as integrity of the document.

Intention
 7

A digital signature is usually meant for securing a document so that it is not tampered with by
unauthorized people. All the same, it is legally binding and preferred since it is authentic by virtue of its
traceability to the owner of the document.

An electronic signature usually shows the intent to sign the document or contract. In most cases, when
people want to enter into a contract, they show their commitment by signing a document that will become
legally binding between them.

Qs Certifying Authority, Controller of Certifying Authority

Ans. The Information Technology Act, 2000 has established a Certifying Authority to regulate the
electronic transactions. As per Section 18 of The Information Technology Act, 2000 provides the required
legal sanctity to the digital signatures based on asymmetric cryptosystems. The digital signatures are now
accepted at par with handwritten signatures and the electronic documents that have been digitally signed
are treated at par with paper documents.

The IT Act provides for the Controller of Certifying Authorities(CCA) to license and regulate the
working of Certifying Authorities. The Certifying Authorities (CAs) issue digital signature certificates for
electronic authentication of users.

IT Act, 2000 – Regulation of Certifying Authorities

The following sections pertain to the regulation of certifying authorities:

Section 17 – Appointment of the Controller and other officers

1. The Central Government may appoint a Controller of Certifying Authorities after notifying the
Official Gazette. They may also appoint Deputy Controllers and Assistant Controllers as it deems
fit.
2. The Controller discharges his responsibilities subject to the general control and also directions of
the Central Government
3. The Deputy Controllers and Assistant Controllers shall perform the functions assigned to them by
the Controller under the general superintendence and also control of the Controller.
4. The qualifications, experience and terms and conditions of service of Controller, Deputy
Controllers, and Assistant Controllers shall be such as may be prescribed by the Central
Government.
5. The Head Office and Branch Office of the office of the Controller shall be at such places as the
Central Government may specify, and these may be established at such places as the Central
Government may think fit.
6. There shall be a seal of the Office of the Controller.

Functions of Controller (Section 18)

The Controller may perform all or any of the following functions, namely: -

1. exercising supervision over the activities of the Certifying Authorities.

2. certifying public keys of the Certifying Authorities.
 8

3. laying down the standards to be maintained by the Certifying Authorities.

4. specifying the qualifications and experience which employees of the Certifying Authorities
should possess.
5. specifying the conditions subject to which the Certifying Authorities shall conduct their business.
6. specifying the contents of written, printed or visual materials and advertisements that may be
distributed or used in respect of a Digital Signature Certificate and the public key.
7. specifying the form and content of a Digital Signature Certificate and the key.
8. specifying the form and manner in which accounts shall be maintained by the Certifying
Authorities.
9. specifying the terms and conditions subject to which auditors may be appointed and the
remuneration to be paid to them.
10. facilitating the establishment of any electronic system by a Certifying Authority either solely or
jointly with other Certifying Authorities and regulation of such systems.
11. specifying the manner in which the Certifying Authorities shall conduct their dealings with the
subscribers.
12. resolving any conflict of interests between the Certifying Authorities and the subscribers.
13. laying down the duties of the Certifying Authorities.
14. maintaining a data base containing the disclosure record of every Certifying Authority containing
such particulars as may be specified by regulations, which shall be accessible to public.

5. License to issue Digital Signature Certificates (Section 21)

(1) Subject to the provisions of sub-section (2), any person can apply to the Controller for a license to
issue digital signature certificates.

(2) A Controller can issue a license under sub-section (1) only if the applicant fulfills all the requirements.
The Central Government specifies requirements with respect to qualification, expertise, manpower,
financial resources, and also infrastructure facilities for the issuance of digital signature certificates.

(3) A license granted under this section is –

(a) Valid for the period that the Central Government specifies

(b) Not transferable or inheritable

(c) Subject to the terms and conditions that the regulations specify

Power to investigate contraventions (Section 28)

The Controller or any other Officer that he authorizes will investigate any contravention of the provisions,
rules or regulations of the Act.

The Controller or any other Officer that he authorizes will also exercise the powers conferred on Income-
tax authorities under Chapter XIII of the Income Tax Act, 1961. Also, the exercise of powers will be
limited according to the Act.
 9

Unit-II

Qs. Cyber Appellate Tribunal, Power and Functions of Cyber Appellate Tribunal.

Ans. The Information Technology Act, 2000 also provides for the establishment of the Cyber Appellate
Tribunal. In question, we will look at the establishment, composition, jurisdiction, powers, and
procedures if a Cyber Appellate Tribunal.

Establishment of Cyber Appellate Tribunal (Section 48)

The Central Government notifies and establishes appellate tribunals called Cyber Regulations Appellate
Tribunal. The Central Government also specifies in the notification all the matters and places which fall
under the jurisdiction of the Tribunal.

The composition of Cyber Appellant Tribunal (Section 49)

1. The Central Government appoints only one person in a Tribunal – the Presiding Officer of the
Cyber Appellate Tribunal.
2. The qualifications for appointment as Presiding Officer of the Cyber Appellate Tribunal (Section
50)
3. A person is considered qualified for the appointment as the Presiding Officer of a Tribunal if –
4. He has the qualification of the Judge of a High Court
5. He is or was the member of the Indian Legal Service and holds or has held a post in Grade I of
that service for at least three years.

The Term of Office (Section 51)

The Term of Office of the Presiding Officer of a Cyber Appellate Tribunal is five years from the date of
entering the office or until he attains the age of 65 years, whichever is earlier.

Filling up of vacancies (Section 53)

If for any reason other than temporary absence, there is a vacancy in the Tribunal, then the Central
Government hires another person in accordance with the Act to fill the vacancy. Further, the proceedings
continue before the Tribunal from the stage at which the vacancy is filled.

Resignation and removal (Section 54)

The Presiding Officer can resign from his office after submitting a notice in writing to the Central
Government, provided:

I. he holds office until the expiry of three months from the date the Central Government receives
such notice (unless the Government permits him to relinquish his office sooner), OR
II. he holds office till the appointment of a successor, OR
III. until the expiry of his office; whichever is earlier.

In case of proven misbehaviour or incapacity, the Central Government can pass an order to remove the
Presiding Officer of the Cyber Appellate Tribunal. However, this is only after the Judge of the Supreme
 10

Court conducts an inquiry where the Presiding Officer is aware of the charges against him and has a
reasonable opportunity to defend himself.

The Central Government can regulate the procedure for the investigation of misbehaviour or incapacity of
the Presiding Officer.

Orders constituting Appellate Tribunal to be final and not to invalidate its proceedings (Section 55)

According to this section, no order of the Central Government appointing any person as the Presiding
Officer of the Tribunal can be questioned in any manner. Further, no one can question any proceeding
before a Cyber Appellate Tribunal in any manner merely on the grounds of any defect in
the Constitution of the Tribunal.

Appeal to Cyber Appellate Tribunal (Section 57)

Subject to the provisions of sub-section (2), a person not satisfied with the Controller or Adjudicating
Officer’s order can appeal to the Cyber Appellate Tribunal having jurisdiction in the matter.

I. No appeal shall lie to the Cyber Appellate Tribunal from an order made by an adjudicating officer
with the consent of the parties.
II. The person filing the appeal must do so within 25 days from the date of receipt of the order from
the Controller or Adjudicating Officer. Further, he must accompany the appeal with the
prescribed fees. However, if the Tribunal is satisfied with the reasons behind the delay of filing
the appeal, then it may entertain it even after the expiry of 25 days.
III. On receiving an appeal under sub-section (1), the Tribunal gives an opportunity to all the parties
to the appeal to state their points, before passing the order.
IV. The Cyber Appellate Tribunal sends a copy of every order made to all the parties to the appeal
and the concerned Controller or adjudicating officer.
V. The Tribunal tries to expeditiously deal with the appeals received under sub-section (1). It also
tries to dispose of the appeal finally within six months of receiving it.

Procedure and powers of the Cyber Appellate Tribunal (Section 58)

The Code of Civil Procedure, 1908 does not bind the Cyber Appellate Tribunal. However, the principles
of natural justice guide it and it is subject to other provisions of the Act. The Tribunal has powers to
regulate its own procedure.

In order to discharge its functions efficiently, the Tribunal has the same powers as vested in a Civil Court
under the Code of Civil Procedure, 1908, while trying a suit in the following matters:

I. Summoning and enforcing the attendance of any person and examining him under oath
II. Ensuring the availability of the required documents or electronic records
III. Receiving evidence on affidavits
IV. Issuing commissions for examining witnesses or documents
V. Reviewing its decisions
VI. Dismissing an application for default or deciding it ex-parte, etc.
 11

Every proceeding before the Cyber Appellate Tribunal is like a judicial proceeding within the meaning of
sections 193 and 228 and for the purposes of section 196 of the Indian Penal Code. Further, the Tribunal
is like a Civil Court for the purposes of section 195 and Chapter XXVI of the Code of Criminal
Procedure, 1973.

Right to Legal Representation (Section 59)

The appellant can either appear in person or authorize one or more legal practitioners to present his case
before the tribunal.

Limitation (Section 60)

The provisions of the Limitation Act, 1963, apply to the appeals made to the Tribunal.

Civil Court not to have jurisdiction (Section 61)

If the IT Act, 2000 empowers the adjudicating officer or the Cyber Appellate Tribunal for certain matters,
then no Civil Court can entertain any suit or proceedings for the same.

Further, no court can grant an injunction on any action that a person takes in pursuance of any power that
the Act confers upon him.

Appeal to High Court (Section 62)

Let’s say that a person is not satisfied with the decision or order of the Tribunal. In such cases, he can file
an appeal with the High Court. He must do so within 60 days of receiving the communication of the
order/decision from the Tribunal.

The appeal can be on any fact or law arising out of such an order. The High Court can extend the period
by another 60 days if it feels that the appellant had sufficient cause and reasons for the delay.

Compounding of contraventions (Section 63)

The Controller or any other officer that he or the adjudicating authorizes may compound any
contravention. Compounding is possible either before or after the institution of adjudication proceedings.
This is subject to the conditions that the controller or such other officer or the adjudicating officer
specifies. Provided, the sum does not exceed the maximum amount of penalty that the Act allows for the
compounded contravention.

Nothing in sub-section (1) applies to a person who commits the same or similar contravention within a
period of three years from the date on which his first contravention was compounded. Therefore, if the
person commits a second contravention after the expiry period of three years from the date on which his
first contravention was compounded, then this becomes his first contravention.

Once a contravention is compounded under sub-section (1), then no proceeding is possible against the
person guilty of the compounded contravention.

Recovery of Penalty (Section 64)

 12

If a penalty imposed under this Act is not paid, then the same is recovered as arrears of land revenue.
Further, the license or digital signature certificate is suspended until the penalty is paid.

Qs. Offences and Penalty under the Act.

Ans. The faster world-wide connectivity has developed numerous online crimes and these increased
offences led to the need of laws for protection. In order to keep in stride with the changing generation, the
Indian Parliament passed the Information Technology Act 2000 that has been conceptualized on the
United Nations Commissions on International Trade Law (UNCITRAL) Model Law.

The law defines the offenses in a detailed manner along with the penalties for each category of offence.

Cybercrime

Cybercrime is a generic term that refers to all criminal activities done using the medium of computers, the
Internet, cyberspace and the worldwide web. Computer crime, or Cybercrime, refers to any crime that
involves a computer and a network. The computer may have been used in the commission of a crime, or it
may be the target. Netcrime is criminal exploitation of the Internet.

Dr. Debarati Halder and Dr. K. Jaishankar (2011) define Cybercrimes as: “Offences that are
committed against individuals or groups of individuals with a criminal motive to intentionally harm the
reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using
modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and
mobile phones (SMS/MMS)”.

Such crimes may threaten a nation’s security and financial health. Issues surrounding these types of
crimes have become high-profile, particularly those surrounding cracking, copyright infringement, child
pornography, and child grooming. There are also problems of privacy when confidential information is
lost or intercepted, lawfully or otherwise.

Cyber Crime is not defined officially in the IT Act or in any other legislation. In fact, it cannot be too.
Offense or crime has been dealt with elaborately listing various acts and the punishments for each, under
the Indian Penal Code, 1860 and related legislation. Hence, the concept of cybercrime is just a
“combination of crime and computer”.

Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by means of electronic
operations that targets the security of computer systems and the data processed by them.[xii]

Cybercrime in a broader sense (computer-related crime)

Any illegal behavior committed by means of, or in relation to, a computer system or network, including
such crimes as illegal possession and offering or distributing information by means of a computer system
or network.

Any contract for the sale or conveyance of immovable property or any interest in such property;

Any such class of documents or transactions as may be notified by the Central Government Confidential.

Classification of cyber offences and penalty

 13

1. Section 65. Tampering with computer source documents:

Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes

another to conceal, destroy or alter any computer source code used for a computer, computer Programme,
computer system or computer network, when the computer source code is required to be kept or
maintained by law for the being time in force, shall be punishable with imprisonment up to three year, or
with fine which may extend up to two lakh rupees, or with both.

Object: The object of the section is to protect the “intellectual property” invested in the computer. It is an
attempt to protect the computer source documents (codes) beyond what is available under the Copyright
Law

I. Essential ingredients of the section:

II. knowingly or intentionally concealing ,\
III. knowingly or intentionally destroying,
IV. knowingly or intentionally altering,
V. knowingly or intentionally causing others to conceal,
VI. knowingly or intentionally causing another to destroy,
VII. knowingly or intentionally causing another to alter.

This section extends towards the Copyright Act and helps the companies to protect their source code of
their programmes.

Penalties: Section 65 is tried by any magistrate.

This is cognizable and non- bailable offence.

Penalties: Imprisonment up to 3 years and / or

Fine: Two lakh rupees.

Syed Asifuddin case:

Facts: In this case the Tata Indicom employees were arrested for manipulation of the electronic 32- bit
number (ESN) programmed into cell phones theft were exclusively franchised to Reliance Infocom.
Held: Court held that Tampering with source code invokes Section 65 of the Information Technology
Act.

Parliament Attack Case:

Facts: In this case several terrorist attacked on 13 December, 2001Parliament House. In this the Digital
evidence played an important role during their prosecution. The accused argued that computers and
evidence can easily be tampered and hence should not be relied.

In Parliament case several smart device storage disks and devices, a Laptop were recovered from the
truck intercepted at Srinagar pursuant to information given by two suspects. The laptop included the
evidence of fake identity cards, video files containing clips of the political leaders with the background of
Parliament in the background shot from T.V news channels. In this case design of Ministry of Home
 14

Affairs car sticker, there was game “wolf pack” with user name of ‘Ashiq’. There was the name in one of
the fake identity cards used by the terrorist. No back up was taken therefore it was challenged in the
Court.

Held: Challenges to the accuracy of computer evidence should be established by the challenger. Mere
theoretical and generic doubts cannot be cast on the evidence.

2. Section66. Hacking with the computer system:

(1) Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the
public or any person destroys or deletes or alters any information residing in a computer resource or
diminishes its value or utility or affects it injuriously by any means, commits hacking.

(2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which
may extend up to two lakh rupees, or with both.

Essential ingredients of the section:

1. Whoever with intention or knowledge.

2. Causing wrongful loss or damage to the public or any person.

3. Destroying or altering any information residing in a computer resource.

4. Or diminishes its value or utility or.

5. Affects it injuriously by any means.

Penalties: Punishment: Imprisoned up to three years and

Fine: which may extend up to two lakh rupees.Or with both.

Case Laws:R v/s Gold & Schifreen

In this case it is observed that the accused gained access to the British telecom Prestl Gold computers
networks file amount to dishonest trick and not criminal offence.

3. Section 67. Publishing of obscene information in electronic form:

Whoever publishes or transmits or causes to be published in the electronic form, any material which is
lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt
persons who are likely, having regard to all relevant circumstance, to read see or hear the matter
contained or embodied in it, shall be punished on first conviction with imprisonment of either description
for a term which may extend to five years and with fine which may extend to one lakh rupees and in the
event of a second or subsequent conviction with imprisonment of either description for a term which may
extend to ten years and also with fine which may extend to two lakh rupees.

Essential ingredients of this section:

 15

1. Publishing or transmitting, or causing to be published, pornographic material in electronic form.

Penalties: Punishment:

(1) On first conviction --- imprisonment which may extend up to five years.

Fine: up to on first conviction which may extend to one lakh rupees.

(2) On second conviction ---- imprisonment up to which may extend to ten years and Fine which may
extend up to two lakh rupees.

The State of Tamil Nadu v/s Suhas Katti.

Facts: This case is about posting obscene, defamatory and annoying message about a divorcee woman in
the Yahoo message group. E-mails were forwarded to the victim for information by the accused through a
false e- mail account opened by him in the name of the victim. These postings resulted in annoying phone
calls to the lady. Based on the complaint police nabbed the accused. He was a known family friend of the
victim and was interested in marrying her. She married to another person, but that marriage ended in
divorce and the accused started contacting her once again. And her reluctance to marry him he started
harassing her through internet.

Held: The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000 and the
accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469 IPC and to pay
fine of Rs.500/-and for the offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to
pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of
Rs.4000/- All sentences to run concurrently.”

The accused paid fine amount and he was lodged at Central Prison, Chennai. This is considered the first
case convicted under section 67 of Information Technology Act 2000 in India.

4. Section 68. Power of controller to give directions:

(1) The Controller may, by order, direct a Certifying Authority or any employee of such Authority to take
such measures or cease carrying on such activities as specified in the order if those are necessary to
ensure compliance with the provisions of this Act, rules or any regulations made there under.

(2) Any person who fails to comply with any order under sub-section (1) shall be guilty of an offence and
shall be liable on conviction to imprisonment for a term not exceeding three years or to a fine not
exceeding two lakh rupees or to both.

Any person who fails to comply with any order under sub section (1) of the above section, shall be guilty
of an offence and shall be convicted for a term not less then three years or to a fine exceeding two lakh
rupees or to both.

The under this section is non-bailable & cognizable.

Penalties: Punishment: imprisonment up to a term not exceeding three years

Fine: not exceeding two lakh rupees.

 16

5. Section 69. Directions of Controller to a subscriber to extend facilities to decrypt information:

(1) If the Controller is satisfied that it is necessary or expedient so to do in the interest of the sovereignty
or integrity of India, the security of the State, friendly relations with foreign States or public order or for
preventing incitement to the commission of any cognizable offence; for reasons to be recorded in writing,
by order, direct any agency of the Government to intercept any information transmitted through any
computer resource.

(2) The subscriber or any person in charge of the computer resource shall, when called upon by any
agency which has been directed under sub-section (1), extend all facilities and technical assistance to
decrypt the information.

(3) The subscriber or any person who fails to assist the agency referred to in subsection shall be punished
with an imprisonment for a term which may extend to seven years.

Penalties: Punishment: imprisonment for a term which may extend to seven years

6. Section 70. Protected System:

(1) The appropriate Government may, by notification in the Official Gazette, declare that any computer,
computer system or computer network to be a protected system.

(2) The appropriate Government may, by order in writing, authorize the persons who are authorized to
access protected systems notified under sub-section (1).

(3) Any person who secures access or attempts to secure access to a protected system in contravention of
the provision of this section shall be punished with imprisonment of either description for a term which
may extend to ten years and shall also be liable to fine.

This section grants the power to the appropriate government to declare any computer, computer system or
computer network, to be a protected system. Only authorized person has the right to access to protected
system.
Penalties: Punishment: the imprisonment which may extend to ten years and fine.

7. Section 71. Penalty for misrepresentation:

(1) Whoever makes any misrepresentation to, or suppresses any material fact from, the Controller or the
Certifying Authority for obtaining any license or Digital Signature Certificate, as the case may be, shall
be punished with imprisonment for a term which may extend to two years, or which fine which may
extend to one lakh rupees, or with both.

Penalties: Punishment: imprisonment which may extend to two years

Fine: may extend to one lakh rupees or with both.

8. Section 72. Penalty for breach of confidentiality and privacy:

Save as otherwise provide in this Act or any other law for the time being in force, any person who, in
pursuance of any of the powers conferred under this Act, rules or regulation made there under, has
secured assess to any electronic record, book, register, correspondence, information, document or other
 17

material without the consent of the person concerned discloses such material to any other person shall be
punished with imprisonment for a term which may extend to two years, or with fine which may extend to
one lakh rupees, or with both.

This section relates to any to nay person who in pursuance of any of the powers conferred by the Act or it
allied rules and regulations has secured access to any: Electronic record, books, register, correspondence,
information, document, or other material.

If such person discloses such information, he will be punished with punished. It would not apply to
disclosure of personal information of a person by a website, by his email service provider.

Penalties: Punishment: term which may extend to two years.

Fine: one lakh rupees or with both.

9. Section 73. Penalty for publishing Digital Signature Certificate false in certain particulars:

(1) No person shall publish a Digital Signature Certificate or otherwise make it available to any other
person with the knowledge that-

(a) The Certifying Authority listed in the certificate has not issued it; or

(b) The subscriber listed in the certificate has not accepted it; or

(c) The certificate has been revoked or suspended, unless such publication is for the purpose of verifying
a digital signature created prior to such suspension or revocation.

(2) Any person who contravenes the provisions of sub-section (1) shall be punished with imprisonment
for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with
both.

The Certifying Authority listed in the certificate has not issued it or, The subscriber listed in the
certificate has not accepted it or the certificate has been revoked or suspended. The Certifying authority
may also suspend the Digital Signature Certificate if it is of the opinion that the digital signature
certificate should be suspended in public interest.

A digital signature may not be revoked unless the subscriber has been given opportunity of being heard in
the matter. On revocation the Certifying Authority need to communicate the same with the subscriber.
Such publication is not an offence it is the purpose of verifying a digital signature created prior to such
suspension or revocation.

Penalties: Punishment imprisonment of a term of which may extend to two years.

Fine: fine may extend to 1 lakh rupees or with both.

Case Laws

Bennett Coleman & Co. v/s Union of India.

 18

In this case the publication has been stated that ‘publication means dissemination and circulation’. In the
context of digital medium, the term publication includes and transmission of information or data in
electronic form.

10. Section 74. Publication for fraudulent purpose:

Whoever knowingly creates, publishes or otherwise makes available a Digital Signature Certificate for
any fraudulent or unlawful purpose shall be punished with imprisonment for a term which may extend to
two years, or with fine which extend to one lakh rupees, or with both.

This section prescribes punishment for the following acts:

Knowingly creating a digital signature certificate for any

i. fraudulent purpose or,

ii. unlawful purpose.

Knowingly publishing a digital signature certificate for any

i. fraudulent purpose or

ii. unlawful purpose

Knowingly making available a digital signature certificate for any

i. fraudulent purpose or

ii. unlawful purpose.

Penalties: Punishment: imprisonment for a term up to two years.

Fine: up to one lakh or both.

11. Section 75. Act to apply for offence or contravention committed outside India:

(1) Subject to the provisions of sub-section (2), the provisions of this Act shall apply also to any offence
or contravention committed outside India by any person irrespective of his nationality.

(2) For the purposes of sub-section (1), this Act shall apply to an offence orContravention committed
outside India by any person if the act or conduct constituting the offence or contravention involves a
computer, computer system or computer network located in India.

This section has broader perspective including cyber crime, committed by cyber criminals, of any
nationality, any territoriality.

Case Laws:

R v/s Governor of Brixton prison and another.

 19

Facts: In this case the Citibank faced the wrath of a hacker on its cash management system, resulting in
illegal transfer of funds from customers account in to the accounts of the hacker, later identified as
Valdimer Levin and his accomplices. After Levin was arrested he was extradite to the United States. One
of the most important issues was jurisdictional issue, the ‘place of origin’ of the cyber crime.

Held: The Court helds that the real- time nature of the communication link between Levin and Citibank
computer meant that Levin’s keystrokes were actually occurring on the Citibank computer.

12. Section 76. Confiscation:

Any computer, computer system, floppies, compact disks, tape drives or any other accessories related
thereto, in respect of which any provisions of this Act, rules, orders or regulations made there under has
been or is being contravened, shall be liable to confiscation.

13. Section 77. Penalties or confiscation not to interfere with other punishments:

No penalty imposed or confiscation made under this Act shall prevent the imposition of any other
punishment to which the person affected thereby is liable under any other law for the time being in force.

The aforesaid section lays down a mandatory condition, which states the Penalties or confiscation not to
interfere with other punishments to which the person affected thereby is liable under any other law for the
time being in force.

14. section 78. Power to investigate offences

Notwithstanding anything contained in the Code of Criminal Procedure, 1973, a police officer not below
the rank of Deputy Superintendent of Police shall investigate any offence under this Act.

The following table shows the offence and penalties against all the mentioned sections of the I.T. Act −

Sectio Offence Punishment Bailability and

n Congizability

65 Tampering with Computer Source Imprisonment up to 3 years Offence is

Code or fine up to Rs 2 lakhs Bailable,
Cognizable and
triable by Court
of JMFC.

66 Computer Related Offences Imprisonment up to 3 years Offence is

or fine up to Rs 5 lakhs Bailable,
Cognizable and

66-A Sending offensive messages through Imprisonment up to 3 years Offence is

Communication service, etc... and fine Bailable,
 20

Cognizable and
triable by Court
of JMFC

66-B Dishonestly receiving stolen Imprisonment up to 3 years Offence is

computer resource or and/or fine up to Rs. 1 lakh Bailable,
communication device Cognizable and
triable by Court
of JMFC

66-C Identity Theft Imprisonment of either Offence is

description up to 3 years Bailable,
and/or fine up to Rs. 1 lakh Cognizable and
triable by Court
of JMFC

66-D Cheating by Personation by using Imprisonment of either Offence is

computer resource description up to 3 years Bailable,
and /or fine up to Rs. 1 lakh Cognizable and
triable by Court
of JMFC

66-E Violation of Privacy Imprisonment up to 3 years Offence is

and /or fine up to Rs. 2 lakh Bailable,
Cognizable and
triable by Court
of JMFC

66-F Cyber Terrorism Imprisonment extend to Offence is Non-

imprisonment for Life Bailable,
Cognizable and
triable by Court
of Sessions

67 Publishing or transmitting obscene On first Conviction, Offence is

material in electronic form imprisonment up to 3 years Bailable,
and/or fine up to Rs. 5 lakh Cognizable and
On Subsequent Conviction triable by Court
imprisonment up to 5 years of JMFC
and/or fine up to Rs. 10 lakh
 21

67-A Publishing or transmitting of On first Conviction Offence is Non-

material containing sexually explicit imprisonment up to 5 years Bailable,
act, etc... in electronic form and/or fine up to Rs. 10 lakh Cognizable and
On Subsequent Conviction triable by Court
imprisonment up to 7 years of JMFC
and/or fine up to Rs. 10 lakh

67-B Publishing or transmitting of On first Conviction Offence is Non

material depicting children in imprisonment of either Bailable,
sexually explicit act etc., in description up to 5 years Cognizable and
electronic form and/or fine up to Rs. 10 lakh triable by Court
On Subsequent Conviction of JMFC
imprisonment of either
description up to 7 years
and/or fine up to Rs. 10 lakh

67-C Intermediary intentionally or Imprisonment up to 3 years Offence is

knowingly contravening the and fine Bailable,
directions about Preservation and Cognizable.
retention of information

68 Failure to comply with the Imprisonment up to 2 years Offence is

directions given by Controller and/or fine up to Rs. 1 lakh Bailable, Non-
Cognizable.

69 Failure to assist the agency referred Imprisonment up to 7 years Offence is Non-

to in sub section (3) in regard and fine Bailable,
interception or monitoring or Cognizable.
decryption of any information
through any computer resource

69-A Failure of the intermediary to Imprisonment up to 7 years Offence is Non-

comply with the direction issued for and fine Bailable,
blocking for public access of any Cognizable.
information through any computer
resource

69-B Intermediary who intentionally or Imprisonment up to 3 years Offence is

knowingly contravenes the and fine Bailable,
provisions of sub-section (2) in Cognizable.
regard monitor and collect traffic
 22

data or information through any

computer resource for cybersecurity

70 Any person who secures access or Imprisonment of either Offence is Non-

attempts to secure access to the description up to 10 years Bailable,
protected system in contravention of and fine Cognizable.
provision of Sec. 70

70-B Indian Computer Emergency Imprisonment up to 1 year Offence is

Response Team to serve as national and/or fine up to Rs. 1 lakh Bailable, Non-
agency for incident response. Any Cognizable
service provider, intermediaries,
data centres, etc., who fails to prove
the information called for or comply
with the direction issued by the
ICERT.

71 Misrepresentation to the Controller Imprisonment up to 2 years Offence is

to the Certifying Authority and/ or fine up to Rs. 1 lakh. Bailable, Non-
Cognizable.

72 Breach of Confidentiality and Imprisonment up to 2 years Offence is

privacy and/or fine up to Rs. 1 lakh. Bailable, Non-
Cognizable.

72-A Disclosure of information in breach Imprisonment up to 3 years Offence is

of lawful contract and/or fine up to Rs. 5 lakh. Cognizable,
Bailable

73 Publishing electronic Signature Imprisonment up to 2 years Offence is

Certificate false in certain and/or fine up to Rs. 1 lakh Bailable, Non-
particulars Cognizable.

74 Publication for fraudulent purpose Imprisonment up to 2 years Offence is

and/or fine up to Rs. 1 lakh Bailable, Non-
Cognizable.

Qs. Computer Crimes: Hacking, Cyber Squatting, Spreading Viruses.

 23

Ans. Haching

As the country progresses towards a digital age where everything would be available with the click of a
button, the threat of data and private information being stolen has constantly been disturbing. It is ironical
to see that the most trusted source of information and a store for data can turn out to be a wide platform
for some to steal information. The Information and Technology Act, 2000 (IT Act) covers all types of
cyber crime committed in the country including hacking.

Hacking earlier used to refer to a crime under section 43 of the IT Act but at the same time, ethical
hacking or better known as white collar hacking was considered legal. Ethical hacking is also being
taught by various professionals at schools and colleges. So a need was felt to differentiate between good
and bad hacking. Under the amendment IT Act in 2008, the word ‘hacker was removed from the act. The
reason for the same was that ethical hacking is taught by a lot of professionals at various schools and
colleges, and colleges cannot teach anything illegal. So the same word should not be used. The
amendment rephrased section 66 and section 43 by removing the word hacking from the Act.

Who is a Hacker? Types of Hackers

A Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain
access. Hackers are usually skilled computer programmers with knowledge of computer security.

Hackers are classified according to the intent of their actions. The following list classifies hackers
according to their intent.

Ethical Hacker (White hat): A hacker who gains access to systems with a view to fix the identified
weaknesses. They may also perform penetration Testing and vulnerability assessments.

Cracker (Black hat): A hacker who gains unauthorized access to computer systems for personal gain.
The intent is usually to steal corporate data, violate privacy rights, transfer funds from bank accounts etc.

Grey hat: A hacker who is in between ethical and black hat hackers. He/she breaks into computer
systems without authority with a view to identify weaknesses and reveal them to the system owner.

Script kiddies: A non-skilled person who gains access to computer systems using already made tools.

Hacktivist: A hacker who use hacking to send social, religious, and political, etc. messages. This is
usually done by hijacking websites and leaving the message on the hijacked website.

Phreaker: A hacker who identifies and exploits weaknesses in telephones instead of computers.

Hacker Vs Cracker

There is a very slight line of demarcation drawn between the two words- hacking and cracking after the
amendment of the IT act in 2008. Hackers are those people who are very good at computer programming
and use their skills in a constructive way to help the government and various other organizations to
protect their important information and company secrets. They try to discover loopholes in the software
and find reasons for the same. They constantly try to improve the programs to improve the programming.
They never intentionally damage the data. Whereas cracker id the one who intentionally breaks into the
 24

computer programs of others without having the authority to do so and has a malicious intention to harm
the network security. However, there is a huge misconception about the two and both the terms are used
interchangeably in today’s context even when they mean different.

Laws on hacking in India

Section 43 and section 66 of the IT Act cover the civil and criminal offenses of data theft or hacking
respectively.

Under section 43, a simple civil offense where a person without permission of the owner accesses the
computer and extracts any data or damages the data contained therein will come under civil liability. The
cracker shall be liable to pay compensation to the affected people. Under the ITA 2000, the maximum cap
for compensation was fine at Rs. One crore. However in the amendment made in 2008, this ceiling was
removed. Section 43A was added in the amendment in 2008 to include corporate shed where the
employees stole information from the secret files of the company.

Section 66B covers punishment for receiving stolen computer resource or information. The punishment
includes imprisonment for one year or a fine of rupees one lakh or both. Mens rea is an important
ingredient under section 66A. Intention or the knowledge to cause wrongful loss to others i.e. the
existence of criminal intention and the evil mind i.e. concept of mens rea, destruction, deletion, alteration
or diminishing in value or utility of data are all the major ingredients to bring any act under this Section.

Cyber Squatting

Domain names are the biggest trend in the internet world nowadays. Having a domain name is a general
practice that a company undertakes so that their company can be easily identified due to their trademarks.
There are a number of companies that a consumer wants to have a connection with, but such is not
possible physically. The domain names make it possible for the consumer to identify and contact the
company. Trademarks and domain names are interrelated.

A domain name holder gets paid by the way of pay-per-click advertising on a website. The only thing that
he has to do is sit back and let the money roll in when any of the Internet users click on those ads. A
domain name holder can earn hundreds of rupees in a day.

What is Cyber Squatting

In cases which an individual or a company registers a domain name, and such domain name is identical or
similar to a trademark of any other party and maliciously tries to sell the same for a profit. This is known
as “Cybersquatting.”

In the case of Delhi High Court in Manish Vij v. Indra Chugh, the Indian courts have defined
‘cybersquatting’ as “an act of obtaining fraudulent registration with an intent to sell the domain name to
the lawful owner of the name at a premium”.

In order to make illegitimate money, cyber squatter’s then sell the domain to the person or company who
owns a trademark that has been used in the domain name which may be said as a sort of ransom. As that
particular domain name has already been registered by someone else, that particular domain name cannot
be registered again in the name of the trademark owner.
 25

In this manner, a cybersquatter infringes the fundamental rights of the owner of the trademark to use its
trademark.

Legal position in position in india

In India victims of cybersquatting have been provided with a number of ways to deal with it, such as:

I. Sending cease-and-desist letters to the cybersquatter.

II. Opting for arbitration under ICANN’s rules,
III. Going for a trial to a state or federal court.

In order to bring the case on a fast track form of resolution, a case could be filed with the registry handled
by National Internet Exchange of India (NiXI).

In India, the Information Technology Act contains no provisions to punish cyber-squatters. The IT Act
does not provide for any legal compensation but, the registry has taken steps to provide compensation to
companies who are the victims and to discourage the squatters from further stealing domains.

Tata Sons Ltd Vs. Ramadasoft

In this case, the defendant had a domain name registered in the name of Tata. It was held in this case that
domain names not only involves addresses but also the trademarks of the companies.

The domain names in this case, were similar to the plaintiff’s trademark and that the defendant had used
the names with mala Fide intention

These facts entitled the defendant to transfer the domain names in the favor of the plaintiff.

Legal scenario in case of cyber squatting:

U.S. Anti-cyber squatting Consumer Protection Act (ACPA) of 1999-

This act was introduced with the intention of providing protection to the trademark owners of distinctive
trademark names against cybersquatters. The victim has two options:

I. to sue the cyber squander under the provisions of the Anti-cybersquatting Consumer Protection
Act (ACPA), or
II. use of the International system of arbitration by the Internet Corporation of Assigned Names and
Numbers (ICANN).

The jurisdiction is always the matter of problem in the case of courts. According to the courts, the seat of
the trial should be the place of the plaintiff, the defendant or the place of the service provider through
which the name is registered.

Spreading Viruses.

A computer virus is malicious code that replicates by copying itself to another program, computer boot
sector or document and changes how a computer works. The virus requires someone to knowingly or
unknowingly spread the infection without the knowledge or permission of a user or system administrator.
 26

In contrast, a computer worm is stand-alone programming that does not need to copy itself to a host
program or require human interaction to spread. Viruses and worms may also be referred to as malware.

Who virus spread

A virus can be spread by opening an email attachment, clicking on an executable file, visiting an infected
website or viewing an infected website advertisement. It can also be spread through infected removable
storage devices, such USB drives. Once a virus has infected the host, it can infect other system software
or resources, modify or disable core functions or applications, as well as copy, delete or encrypt data.
Some viruses begin replicating as soon as they infect the host, while other viruses will lie dormant until a
specific trigger causes malicious code to be executed by the device or system.

Types of viruses

File infectors. Some file infector viruses attach themselves to program files, usually selected .com or .exe
files. Some can infect any program for which execution is requested, including .sys, .ovl, .prg, and .mnu
files. When the program is loaded, the virus is loaded as well. Other file infector viruses arrive as wholly
contained programs or scripts sent as an attachment to an email note.

Macro viruses. These viruses specifically target macro language commands in applications like
Microsoft Word and other programs. In Word, macros are saved sequences for commands or keystrokes
that are embedded in the documents. Macro viruses can add their malicious code to the legitimate macro
sequences in a Word file. Microsoft disabled macros by default in more recent versions of Word; as a
result, hackers have used social engineering schemes to convince targeted users to enable macros and
launch the virus. As macro viruses have seen a resurgence in recent years, Microsoft added a new feature
in Office 2016 that allows security managers to selectively enable macro use for trusted workflows only,
as well as block macros across an organization.

Overwrite viruses. Some viruses are designed specifically to destroy a file or application's data. After
infecting a system, an overwrite virus begins overwriting files with its own code. These viruses can target
specific files or applications or systematically overwrite all files on an infected device. An overwrite virus
can install new code in files and applications that programs them to spread the virus to additional files,
applications and systems.

Polymorphic viruses. A polymorphic virus is a type of malware that has the ability to change or mutate
its underlying code without changing its basic functions or features. This process helps a virus evade
detection from many antimalware and threat detection products that rely on identifying signatures of
malware; once a polymorphic virus' signature is identified by a security product, the virus can then alter
itself so that it will no longer be detected using that signature.

Resident viruses. This type of virus embeds itself in the memory of a system. The original virus program
isn't needed to infect new files or applications; even if the original virus is deleted, the version stored in
memory can be activated when the operating system loads a specific application or function. Resident
viruses are problematic because they can evade antivirus and antimalware software by hiding in the
system's RAM.
 27

Rootkit viruses. A rootkit virus is a type of malware that installs an unauthorized rootkit on an infected
system, giving attackers full control of the system with the ability to fundamentally modify or disable
functions and programs. Rootkit viruses were designed to bypass antivirus software, which typically
scanned only applications and files. More recent versions of major antivirus and antimalware programs
include rootkit scanning to identify and mitigate these types of viruses.

System or boot-record infectors. These viruses infect executable code found in certain system areas on
a disk. They attach to the DOS bootsector on diskettes and USB thumb drives or the Master Boot Record
on hard disks. In a typical attack scenario, the victim receives storage device that contains a boot disk
virus. When the victim's operating system is running, files on the external storage device can infect the
system; rebooting the system will trigger the boot disk virus. An infected storage device connected to a
computer can modify or even replace the existing boot code on the infected system so that when the
system is booted next, the virus will be loaded and run immediately as part of the Master Boot Record.
Boot viruses are less common now as today's devices rely less on physical storage media.

How to prevent computer viruses

The following measures can help prevent a virus infection:

I. Install current antivirus and antispyware software and keep it up to date.

II. Run daily scans of antivirus software.
III. Disable autorun to prevent viruses from propagating to any media connected to the system.
IV. Regularly patch the operating system and applications installed on the computer.
V. Don’t click on web links sent via email.
VI. Don’t download files from the Internet or email.
VII. Install a hardware-based firewall.
 28

Unit-III

Qs. E-commerce: Advantages, Disadvantages, Modes, Taxation Difficulties.

Ans. The fast and dramatic changes in information technology specially in last one decade has given new
concept of marketing in which buyer and seller do not see each other face to face nor see the goods
physically; the whole transaction is carried out with the help of ‘on line’ communication. The entire deal
is carried out with the help of computer – telecommunication and net working with associated hardware.

In the e – commerce internet provides information about goods and services “It is” a way of conducting
imaging and executing business transactions and services through electronic media and net working in
computers and communication net work, websites, e-mail are resorted.

Meaning of E-Commerce

E-commerce in simple terms refers to the buying and selling of both products and services through the
internet. This essentially includes all commercial transactions that are based on electronic processing and
transmission of data including sound, text and images.

Additionally, e-commerce also refers to the effects that electronic exchange of commercial information
may have on institutions and processes that support and govern commercial activities.

Types of Online Transactions

There are three fundamental ways in which an online transaction may be recognized.

Business to Customer transactions [B2C]

In this form of an online transaction, a business entity and an individual customer conduct business
together. The term ‘B2C’ has been commonly used to represent a sale by a business enterprise or retailer
to a person or consumer on the internet.

For example, Amazon is a portal that provides facilities for customers to buy goods from their website.
Therefore, the website itself serves the purpose of a physical shop. Business to Customer transactions,
however, may be further divided into intangible and tangible products based on what the retailer is selling
on the online website.

Business to Business [B2B]

This type of e-commerce refers to two business organizations who conduct commercial transactions with
each other using the internet.

Customer to Customer [C2C]

In this type of e-transaction, two or more customers have a sale with a business entity that provides a
web-based interface so as to facilitate a transaction between two consumers. The term ‘C2C’ thus refers
to the sale of a product that travels from one consumer to another consumer either directly or through an
intermediary who is exclusively dedicated to this activity.
 29

An example of this is eBay, where any person can buy and sell, exchange goods and articles, and freely
interact and transact with each other as consumer to consumer.

Advantages and Disadvantages of E-commerce

Disadvantage

1) Security

Online portals have been in the news a lot because of hacks by cybercriminals and hackers. It is a very
serious issue as your account might be hacked because of negligence and wiped out clean of the existing
cash.

This is a harsh reality of e-commerce sites and a website cannot give this assurance that the financial
information cannot be compromised on its portal. The website owner needs to take important steps to
change its password so as to stop any data breaches.

2) Site crash

E-commerce is fully dependent on internet connection. A major disadvantage of e-commerce is putting a

stop to buying capabilities because of a site crash. Such a small word site crash but has the ability to put a
whole business down within a few seconds.

This can happen if you do not have a good bandwidth connection as you will face serious issues while
loading pages and placing orders. It is impossible to make a purchase if the site you are looking at crashes
down. Ensure that your website is on the right platform where there are already precautions in place for
this eventuality.

3) No possibility of tried and tested product

One of the major disadvantages of e-commerce portal is that a customer is unable to try and test the
product for his own satisfaction. We are habituated to buy at physical stores after trying a product several
times and suddenly it takes a lot of guts to change this lifetime habit where you cannot touch, try and test
beforehand.

People miss the tangible feeling and there is always the fear that the product will not meet the standard
you are expecting. This makes the consumer a bit hesitant before making a purchase.

4) Late delivery

ate delivery is one of the common disadvantages of e-commerce platforms. While ordering a product the
customer is assured that it will reach him in maximum seven days or a particular time period. In most
cases that does not happen and you are kept waiting for it.

Ultimately when the information reaches you that the product will be delivered on this day the portal is
not specific about the timings. There are several instances when a person who is going to collect the
parcel had to wait for hours for the delivery. His whole day is wasted and he could not go outside as per
his original schedule. Such a situation makes the customer angry as he feels unnecessarily harassed.
 30

5) Some products are difficult to buy online

If you think that you can buy everything online then it is your misconception. There are products for
instance eatables like ice cream, spectacles, and metals like gold and silver that you do not want to buy
online even if you have the option of doing so.

You cannot trust yourself to make a purchase without visibly touching, trying, testing them and this can
prove a disadvantage for an e-commerce site. All the images and assurances cannot tempt you to buy
some items, for example, you need to buy a gold and diamond bracelet.

6) Lack of privacy

Lack of privacy is a serious disadvantage of e-commerce. A customer has to provide his personal details
before making a purchase like address, name, and phone number and so on.

Some sites do not have advanced encrypted technology that can protect your personal details from
hackers and it is a cause of grave concern. This sensitive information if is leaked can create lots of
problems for a consumer. Some sites collect the sensitive details illegally and this is why people are
afraid to use e-commerce portals as they have to give personal details which can be misused.

7) Tax issues

E-commerce portals are accessible in most part of the world as it is not limited to a particular
geographical location. When a customer makes a purchase he has to pay the tax on it and it becomes
difficult to calculate the actual sales tax levied in that place. The consumers thus face issues during the
computation of tax and this is also an added disadvantage of e-commerce.

8) Legal issues

Several cyber laws have been implemented to protect the rights of both seller and buyer. If you are
looking to create a website it is important that you go through the local laws as well as cyber laws so that
you do not have to face any problems later on.

A serious disadvantage of e-commerce portals is that people either take care of local laws or cyber laws
and fail to realize that you need to pay attention to both of them if you want to make a success of your
business.

9) Huge technological cost

E-commerce requires advanced platforms to better their performance. If it faces disturbances in the form
of software, network or domain issue it will not be able to offer seamless transactions.

The apt technical infrastructure is costly and needs huge investment. It also needs to be upgraded
periodically to stay with changing times. Huge technological cost for a successful venture is a
disadvantage of the e-commerce portal.

10) Shipping problems

 31

E-commerce stores run successfully because it can ship its products from anywhere to everywhere with
ease. It has a strong network that helps it in its endeavor. In a physical store, a buyer chooses a product,
purchases it and leaves the store with the item.

This is not so on an online store where the customer has to choose and buy and then wait for the product
to arrive at his doorstep within the stipulated time frame. Shipping is an integral part of commerce and if
you do not have appropriate infrastructure then it can cause serious issues and become a disadvantage of
e-commerce.

11) Fear

People fear the unknown. E-commerce transactions are mostly faceless and paperless without any due
proof. Most of the organizations do not have a physical existence and customers are hesitant to make card
payments beforehand.

They fear that if the desired product does not arrive then they will lose their money. If this happens then
how are they going to trace the online outlet and recover their hard-earned money? One of the
disadvantages of e-commerce is the absence of the physical existence of the store.

12) High labour cost

High labour cost is a serious disadvantage of the e-commerce platform. You need to hire technically
sound, trained and qualified workforce for your website who are talented and capable of handling them in
an efficient manner.

You need to shed a large chunk of money to hire and retain a talented pool of workers that will prove an
immense help in handling all transactions.

Advantage

1) Low costs

An important benefits of ecommerce is that starting a website is anytime less expensive than a physical
outlet. You do not have to furnish your outlet, no need to pay rent and hire several employees to work in
it. The cost of marketing and promotional strategies is also low.

One of its main Benefits Of Ecommerce is the absence of middleman that reduces the cost price to a
greater degree. As a direct link is established between buyer and seller the portal is able to create an
effective supply chain. Moreover, the online portal is computerized and automated saving a crucial
amount of money. Yes, you will need to shed a small amount if you are interested in a customized
website but you already have a customer base that is a compulsive online shopper.

2) Flexibility and speed

An individual or a company can easily open an online store within a few days whereas a physical
outlet needs space, commercial leasing procedure as well as ample construction and decoration time for
its opening. It is possible to change displays and product offerings within minutes in an e-commerce site
whereas you need proper planning and ample time and manpower to do so in physical stores.
 32

In terms of flexibility and speed e-commerce sites beat retail outlets by a long margin and this feature is
considered one of the main benefits of ecommerce. The entrepreneur is able to handle all
the operations from the comfort of his home without renting office space. He just needs an internet
connection and a device to handle all the transactions effectively.

3) Speeds up the buying process

Earlier a customer had to pre-plan his shopping trip even if he wanted to buy a specific thing. It would
mean rearranging his schedule and going to the outlet to make the purchase. One of the main benefits of
ecommerce is that it speeds up the buying process.

A visit to the outlet which is very far from your home and will waste nearly two to three hours of your
time is no longer necessary. Just sit back in the comfort of your home or even your office, search for the
product and make a purchase.

Moreover, the online stores are open 24*7 hence you can use it as per your convenience. E-commerce
helps the customer to buy a particular product easily without wasting his time by giving him access to a
wide range of choices. You are also saving traveling time as the product is being delivered at the
destination of your choice.

4) A comprehensive description of products

Customers are on the look-out for a comprehensive description of the products they want to buy and it is
one of the major benefits of ecommerce. An e-commerce portal offers its customers a product catalog that
has data sheets featuring all the useful information about its products and services.

The characteristics, its usefulness, and specifications are listed in a detailed manner. Even the colors of
some of the products like mobile phones are mentioned so that you can make a choice according to
personal preference. The customers can read about the ingredients of edible products and collect
background information which is not possible in retail outlets or physical stores.

5) Keep an eye on buyer’s habit

Information about the likes and dislikes of a customer is very important and an online store is able to
record and analyze the frequency with which the buyer has purchased items or viewed other items in his
portal. This is not possible in physical stores. One of the benefits of ecommerce is that the traders can
keep a direct and indirect eye on the behavior of its customers and customize its offerings to suit their
individuality.

The past browsing history is utilized to tempt consumers with related or same products. The online portals
keep a ready stock of the items that are being pursued and purchased to satisfy its customers.

6) Easy availability through search engines

There is a huge difference between the physical and online stores if you are looking for benefits of
ecommerce. The first thrives because of its branding and the second on the large traffic from search
engines.
 33

With the advent of the internet, the consumer has become more street smart and advanced. He realizes the
importance of online shopping and has been using search engines to find products and services at his
convenience. A physical store is in most cases limited to a single area whereas the search engines allow
the worldwide audience in its portal.

7) Technology at its best

An important benefit of ecommerce is that it is using technology for its own advantage. As the systems
are computerized it becomes easy to maintain its working order without the tension of getting tired or
becoming slow by the end of the day.

Technology helps to make viable comparisons of the products and their rates and specifications which is
not possible in physical outlets hence the use of technology make online portals accurate, effective and
efficient in their dealings with their customers.

8) Reduce the cost of managing inventory

If you are looking for one of the benefits of ecommerce then it can easily save time and reduce its
inventory cost when compared with physical stores. The online portal offers features and facilities that
automate several responsibilities.

It introduces a web-based system through which the website can automate and manage inventory by itself
and thus reduce the operating cost.

9) Encourages impulse to buy

An online site has information on the buying habits of its customers. It knows that there are several
products that the consumer is interested in buying but is unable to do so. One of the benefits of e-
commerce portal is that it can keep its eyes on these potential targets and offer several schemes and
discounts that prompt the customers to make an impulse buy.

The website makes its products more attractive with color options and images so that the customer is
tempted to make a purchase.

10) Retarget your customers

If you are looking for benefits of e-commerce then one of the main ones is its ability to retarget its
customers. The portal has information about the individuals that visit its site and has made purchases.

It uses this information through several techniques to maintain the interest of the consumers like sharing a
coupon and sending emails for cross-selling purposes. It is possible when a customer visits a certain page
in a particular time period.

11) Availability of reviews

Online sites encourage reviews from its customers to know about customer satisfaction and what
problems they are facing while using the products and services. One of the benefits of e-commerce is the
availability of these reviews on its online sites so that potential customers can read about it and
understand whether the product is suitable for their particular needs.
 34

Earlier we did not have such a facility for physical stores and had to rely on our acquaintances who had
used the products to get viable information about it. Now a customer can sit in the privacy of his home
and can read the reviews and make a decision according to his needs without asking friends and relatives
about the product.

12) No geographical limitations

A physical store is located in a particular place and in most cases the people who live nearby come and
visit it. One of the benefits of e-commerce stores is that it is not bound by geographical boundaries.

A customer can access the portal from anywhere in the world with the help of an internet connection and
a device to operate it. The platform is available 24*7 to all its customers in any part of the world and
offers information where it is able to send the products and within how many days.

You can also keep track of your product and know about its availability in any store.

Taxation Difficulties

Taxation of E-Commerce and Problems The taxation policies of countries based on territory and
jurisdiction has begun to fail after improving ecommerce. Concepts like permanent establishment, sale
points, product and income classification that using in taxation process have been remained inadequate.
Whereas determining location of seller and consumer at transaction on internet is difficult, tax revenue
loss has been existed. Electronic commerce allows businesses to get their revenue without any physical
presence. (Basu, 2008) Because of these implications of e-commerce, tax administrations reach hardly
information about taxes that should be collected and thereby tax loss exists.

In Ottawa Conference where arranged to find solution to taxation problems of e-commerce underlined
that conventional taxation principles should be applied to e-commerce and collaboration between
countries has been required. Fair and neutral taxation should be generated for conventional commerce and
e-commerce. An efficient taxation system should be provided to reduce compliance costs to businesses,
administrative costs. Tax rules should be clear and certain. Tax payers should know how and in which
situations they are taxed. Effectiveness and fairness should be ensured on taxation process. Tax systems
should be flexible adapting to technological and commercial development. Taxation place for consume
tax should be where the consumption happens. Otherwise, double taxation and non-taxation problems
may be occurred. (OECD, 2001)

Problem of permanent establishment

Another problem for taxation of e-commerce arises from being made by a permanent establishment that is
not required. To apply tax and to identify one who has taxation power, it is necessary to pointed out
physical presence and permanent establishment. According to OECD, website is not a permanent
establishment and if business purchase or hire server and activities on server are not only being made a
preparatory or auxiliary. (OECD, 2005) To be made e-commerce around the world without any borders
and different applications about taxation on ecommerce lead to double taxation risk. Countries figure this
issue out with double taxation avoidance agreements. (Kommerskollegium, 2012) But the risk still exists
for business where operated in countries that have not got agreements.
 35

Problem of different rate and policies of tax on goods and services in the field of taxation on e-
commerce among countries or states.

It is also another problem to be subjected different rate and policies of tax on goods and services in the
field of taxation on e-commerce among countries or states. Both EU and USA, taxation is made on final
sales to type and value of goods. While this tax is collected by EU as value added tax, it is collected by
localities and states in USA as consumption and use taxes. Each state, county and municipality in USA
have their own tax policies and tax rates. It becomes a problem for taxation. For instance; while cheese
can be taxable in one state as a snack food, in another state it can not be taxable. (Laudon and Traver) The
uncertainties on VAT regulations, who has taxation power for collecting VAT and requirements of
registering pose a problem. The countries divided by states and each state applies different tax regulation
cause extra costs and difficulties in term of electronic sellers. Varied tax regulations between states
particularly affect businesses that sell via internet and accept returns in store.

Qs. Online contracts: Formation and Validity.

With the emergence and steady growth of e–commerce, there is a quick elevation in the use of e-
contracts. But the concept of e-contract is still not unclouded, it faces lot of challenges. The law
of contract in India gives a statutory recognition to the common contractual rule. The Indian
Contract Act, 1872 does not lay down the rights and duties which the law will enforce but it
deals with the limiting principles, subject to which parties may create right and duties for
themselves.

Meaning of contract

As per Section 10 of the Indian Contract Law, 1872, an agreement is a contract which is
enforceable by law. An agreement is enforceable by law and can be defined as a valid contract if
it is made by competent parties, out of their free consent and for lawful object and consideration.
In simple words, a contract is an agreement binding between two or more parties intending to
create a legal relationship, in which one makes the proposal while the other accepts the proposal
or offer and thus it becomes a promise. Such acceptance has to be certain and not vague and
must be free from any undue influence, force or misrepresentation. Both the parties to the
contract must be major, sound mind and not declared disqualified by any law for the time being
in force in India. As per Section 23 of the Indian Contract Act, 1872 the object of the contract
and the consideration must be lawful. It must be certain, definite and not vague and such as are
capable of performance. A contract may be made by words spoken or written.

What is an online contract?

Online contract or an electronic contract is an agreement modelled, signed and executed

electronically, usually over internet. An Online contract is conceptually very similar and is
drafted in the same manner in which a traditional paper-based contract is drafted. In case of an
online contract, the seller who intends to sell their products, present their products, prices and
terms for buying such products to the prospective buyers. In turn, the buyers who are interested
 36

in buying the products either consider or click on the ‘I Agree’ or ‘Click to Agree’ option for
indicating the acceptance of the terms presented by the seller or they can sign electronically.

E-Contracts in India

An e-contract refers to the computerized facilitation of a contract in a cross-organizational

business progression. It is an incredibly new mechanism in India and facilitates electronic trading
relationships between parties. In essence, it is modelled, executed, specified, controlled, enacted,
monitored and either fully or partially deployed by a software system.

Apart from being on an electronic, online portal, e-contracts are in essence, similar to a paper-
based contract. Vendors present their prices, products and required terms to prospective buyers
while vendees negotiate prices and terms when possible, place orders and make payments. The
vendors then deliver the purchased products and services to the vendees.

Essentials

All fundamental principles that apply to contract law also apply to all contracts formed
electronically or orally. A problem does arise as people question how traditional and
conventional contract law principles apply to modern and unique forms of technology.

However, as of today, the essentials and elements of e-contracts remain the same as those
provided for paper-based contracts.

Offer
An offer is required to be made so as to form the basis of an e-contract. The offer need not be
made on a one-to-one basis. The consumer browses through the available goods and services
displayed on the retailer’s website and then chooses what he would like to purchase.

Acceptance
The offer produced needs to be accepted. Acceptance is usually undertaken by the vendor after
the offer is made by the consumer in response to the invitation. The offer also stands revocable at
any point before the acceptance is made.

Lawful Consideration

Any agreement that is formed electronically must have lawful consideration to be enforceable by
law.

Intention to Create Legal Relations

If there is no intention on part of the parties to create a legal relationship, then it is likely that no
contract will take effect between them. Thus, agreements that are of a social or domestic nature
usually are not enforceable as contracts.
 37

Competency of Parties

The parties to the contract must be lawfully competent to enter into it. Agreements made by
minors, lunatics, insolvents et cetera, are void.

Free Consent

There must not exit any subversion of the will of any involved party to enter into such contract.
It must be free and void of coercion, misrepresentation, undue influence or fraud.

Lawful Object

The object of the contract must be lawful for it to be valid. An agreement selling any kind of
pornography or narcotic drugs would, therefore, be void.

Certainty and Possibility of Legal Performance

A valid contract must not have vague, uncertain or ambiguous terms. Further, there must exist a
possibility to perform the contract. A contract that is impossible to perform is void. Similarly, an
agreement that is not certain in its meaning is also void.

Other formalities of E-Contracts

While the fundamental essentials of a paper-based contract apply to the e-contracts, the methods
to conclude the e-contract are also borrowed from the Indian Contract Law and are similar to the
paper-based contracts.

1. Contract Formation through Electronic Communications

Contracts formed over e-mails et cetera are concluded by the exchange of text documents via e-
communications such as e-mail. This way, both offers and acceptances can be easily exchanged
and settled.

2. By Acceptance of Orders Placed on E-Commerce Websites

When these products on e-commerce websites are purchased, the vendor offers the goods
through the website. The consumer places an order by completing and transmitting the order
form on the website. The merchandise may either be physically delivered (like clothes et cetera)
or delivered electronically (like e-tickets et cetera).

3. Online Agreements

Users may sometime be required to accept an online agreement in order to get the services while
installing or signing up on a website.

4. Electronic Data Interchange

 38

This refers to contracts used in trade transactions which enable the transfer of data from one
computer to another so as to make each transaction a trading cycle processed with no paperwork
at all. The data here is formatted and implemented directly by the receiving computer. EDI is
used to transmit standard purchase orders, acceptances, invoices and other records. As a
consequence, it reduces paperwork and reduces the possibilities of human error. In this type of
contract, the exchange of information and completion of the contract is between two computers
as opposed to a computer and an individual.

Through Electronic Agents Computer users can now instruct their computers to carry out
transactions robotically. Electronic agents are programmed with the authority of both the
purchaser and the supplier. These electronic agents usually exhibit characteristics which are very
close to human characteristics and can assist human beings with routine tasks.

Types of E-Contracts

E-contracts can broadly be classified into three different types. Shrink-wrap transactions have
been the most common and have been around for a while now while the other two types of e-
contracts are rather novel and unique to e-commerce.

1. Click-Wrap Agreements

In a click-wrap agreement, the user indicates his consent by clicking on either ‘I Agree’ or ‘I
Disagree’ on the website. Essentially, a party goes through the terms and conditions provided in
a particular website or programme and has to resort to a click-wrap agreement so as to move
forward with consent.

Click-through agreements are predominantly found as part of the installation process of various
software packages. Upon installation, a pop window with the terms of license opens up for the
user to read. The user can then either agree or disagree with the terms and conditions provided. If
he chooses to disagree with the terms, the process of installation is terminated. These click-wrap
agreements may either be ‘type and click’ or ‘icon clicking’ based on the website.

2. Shrink-Wrap Agreements

These type of agreements derive their name from the shrink-wrap packaging that usually covers
the goods to be purchased. This is usually seen in the case of CDs. The required terms and
conditions of accessing the particular software are printed on the shrink-wrap cover of the CD
and vendee essentially tears the wrap to gain access to the CD.

The packaging thus contains a notice that by tearing open the shrink-wrap, the user assents to the
software terms that are enclosed.

3. Browse-Wrap Agreements
 39

Browse-wrap contracts essentially have a terms and conditions hyperlink somewhere on the web
page that proposes to sell goods or services. According to these terms, using the site to buy the
goods or services is enough to constitute acceptance of the conditions laid within. Thus, these
agreements are usually found only when the user bothers to look around and search for a small
asterisk or hyperlink.

As a result of this, critics do contend that browse-wrap terms are not enforceable because they
don’t satisfy the basic elements of a contract.

Validity of online contract

The Indian Contract Act, 1872 provides a basic contractual rule that a contract is valid if it is
made by competent parties out of their free consent for a lawful object and consideration. There
is no specific way of communicating offer and acceptance; it can be done verbally, in writing or
even by conduct. Thus oral contracts are as valid as written contracts; the only condition is they
should posses all the essentials of a valid contract. It was held in the case of Bhagwandas
Goverdhandas Kedia v. Girdharilal Parshottamdas, “that ordinarily, it is the acceptance of
offer and intimidation of that acceptance which results in a contract. This intimation must be by
some external manifestation which the law regards as sufficient. Hence, even in the absence of
any specific legislation validating e-contracts cannot be challenged because they are as much
valid as a traditional contract is.”

An online contract is simply a communication between two parties in regard to transfer of

goods/services. And as per Indian Evidence Act any e- mail communication and other
communication made electronically is recognized as valid evidence in a Court of law. By
considering the points, it can be concluded that the contract that follows the communication is
valid too and Indian law thus recognizes the validity of online contracts.

The citizens of India are encouraging the concept of Digital India, but there are no definite
legislations relating to the transactions done over computerized communication networks.
Several laws such as The Indian Contract Act, 1872, Information Technology Act, 2000, Indian
Copyright Act, 1957 and the Consumer Protection Act, 1986 to some extent are working and
acting on resolving issues that arise relating to the formation and validation of online contracts.
The Information Technology Act, 2000 is the Act that governs the transactions conducted over
internet and explains the considerable mode of acceptance of the offer and provides the rules for
revocation of offer and acceptance in a vague or indefinite manner. Hence, a separate law for
regulating contracts based on electronic devices is highly recommended.

Evidentiary value of online contract

In a country like India, where the literacy rate is not so high, the concept of ‘Digital India’ is a
far reach. People still feel insecure to do online based transactions mainly because the terms and
conditions of such contracts are not transparent. Another major issue is the nature of the law
 40

governing the electronic contracts. Even if the IT Act, 2000 has legalized electronic contracts,
there are no definite provisions mentioned in the Act.

Documents are mainly registered for conservation of evidence, assurance of title and to protect
oneself from fraud. The evidentiary value of electronic contracts has been given recognition and
can be understood in the light of various sections of Indian Evidence Act. Sec 65B of the Indian
Evidence Act deals with the admissibility of electronic records. As per Sec 65B of the Indian
Evidence Act any information contained in an electronic record produced by the computer in
printed, stored or copied form shall deemed to be a document and it can be admissible as an
evidence in any proceeding without further proof of the original subject to following conditions
are satisfied such as the computer from where it was produced was in regular use by a person
having lawful control over the system at the time of producing it, during the ordinary course of
activities the information was fed into the system on a regular basis, the output computer was in
a proper operating condition and have not affected the accuracy of the data entered.

Section 85A, 85B, 88A, 90A and 85C of the Indian Evidence Act deal with the presumptions as
to electronic records. Sec 85A has been inserted later to confirm the validity of electronic
contracts. It says that any electronic record in the form of electronic agreement is concluded and
gets recognition the moment a digital signature is affixed to such record. The presumption of
electronic record is valid only in case of five years old record and electronic messages that fall
within the range of Section 85B, Section 88A and Section 90A of Indian Evidence Act.

Qs. Online Payment methods.

Ans. An e-commerce payment system (or an electronic payment system) facilitates the
acceptance of electronic payment for online transactions. Also known as a subcomponent
of Electronic Data Interchange (EDI), e-commerce payment systems have become increasingly
popular due to the widespread use of the internet-based shopping and banking.

There are various best online bill payment services in India that allows you to pay almost all
your bills online. It hardly takes more than a minute to pay your electricity bill and other bills.

Indeed, online bill payment are more popular now than ever before, especially due to social
distancing and self-quarantine requirements that came into force during the Covid-19 pandemic
that struck the world and parts of India in early 2020.

1. Bharat Interface for Money

Bharat Interface for Money (BHIM) is by far the most popular online bill payment. If fact, every
Public Sector Undertaking (PSU) bank, private, cooperative and foreign banks in India use their
own versions of BHIM.

You can pay utilities bills, recharge mobile phone, send and receive money and perform lots of
other transactions with BHIM. This app comes from the National Payments Corporation of India
 41

and is very secure for all financial transactions. In recent days, BHIM also offers the facility to
apply for Initial Public Offering (IPOs) of company stocks.

2. Unified Mobile App for National Governance

Lesser known but most useful for Indian is the UMANG app that comes from Ministry of
Electronics & Information Technology. UMANG offers a slew of online services. You can pay
monthly contributions to the National Pension Scheme or recharge a mobile phone.

UMANG allows you to order and pay for gas cylinders and piped gas. Utilities payments,
applying and paying for various services from the Central and state governments are all possible
with UMANG. This is a must-have app for every Indian.

3. PhonePe

PhonePe ranks among the best online bill payment app. It’s possible to pay all bills, make online
purchases, invest in stocks and Mutual Funds as well as other financial instruments and keep tab
of all your bank accounts with this integrated app.

Additionally, PhonePe is the most reliable when it comes to working in remote areas where
Internet connectivity might be poorer. It’s also possible to make money transfers using National
Electronic Fund Transfer (NEFT), Real Time Gross Settlement (RTGS) and Immediate Payment
Service (IMPS) systems.

4. Google Pay

Actually I’m not very comfortable using Google Pay because it involves letting out my private
telephone number that I use strictly for banking and investment purposes. To receive money on
Google Pay, you need to divulge the number linked with your bank account.

But in all fairness, Google Pay is an excellent online electronic bill and payment system. It’s
been customized for use in India, which is one of the two countries where Google Pay is
available.

5. iMUDRA

iMUDRA is another fabulous online bill pay and electronic payment system. In fact, iMUDRA
comes from Indian Railways Catering, Railways and Tourism Corporation of IRCTC.

iMUDRA serves as a mobile wallet where you can deposit cash and pay by scanning a QR code,
send money through Virtual Payment Address or mobile number to banks across India as well as
by net banking.
 42

You get special discounts while booking tickets from Indian Railways with this app. All bill
payments and recharges can be done with this app. They also issue a digital and physical debit
card from Federal Bank for a small fee.

6. Amazon Pay

Amazon Pay was earlier limited to buying stuff on Amazon and getting cashbacks or refunds.
However, Amazon Pay now offers full-fledged online bill pay and electronic payments for
utilities, payments for dining out at select places, booking airline, bus and train tickets and lots
more.

And of course, discounts on shopping from Amazon whenever they have a special offer.
There’re no need to create a separate account for Amazon Pay. It comes with your Amazon
account and is accessible on computer and mobile.

7. PayZapp

India’s leading private sector lender, HDFC Bank offers PayZapp, the best online bill pay and
electronic payment system in India. PayZapp also comes with the added feature of a virtual debit
card from HDFC Bank.

This debit card is a fabulous feature since you can get amazing discounts while shopping online:
a lot of online stores including Amazon and Flipkart offer special discounts to shoppers paying
with HDFC Bank cards. PayZapp comes with all features you’ll expect. These include bill
payment, mobile recharges, online shopping and special deals from participating outlets.

8. Pockets

Also from a leading private sector lender is Pockets by ICICI Bank. You can download the
Pockets app from Google Play or Apple Store and register online. The full KYC compliant
version provides some degree of banking services too.

You can request a physical debit card that can be used while shopping and cash withdrawals.
ICICI Bank issues the Pocket debit card for a small fee. Online bill payments, recharges and cash
transfers are some of the facilities from this payment system.

9. IPPB

If you’re residing in rural India and need an app that easily links with a bank account, go for the
India Post Payments Bank (IPPB) online bill pay and electronic payments system. You can
download the app and visit the nearest post office branch to complete full KYC formalities.

IPPB payments system comes with the full range of financial services from India Post. And it
offers all the regular features such as VPA, bill payments, recharges and facilities to pay for
shopping. It’s also possible to buy India Post insurance schemes from this app.
 43

10. Paytm

Despite the popularity of Paytm, I rank it the last due to myriad hidden costs this online bill pay
and electronic payment system comes with. For example, cash transfers to a bank account from
your mobile wallet come at a stiff fee.

And several other transactions also carry a hidden charge, according to some users. At the same
time, Paytm remains a very famous app for payments, recharges and cash transfers in India. They
have a full range of services from shopping at Paytm Mall to booking tickets and hotels, paying
bills, recharges and lots more.

Qs. Copyright work in Digital medium.

Ans. Copyright essentially refers to a type of Intellectual Property Rights protection which helps to
protect the intellect of human creation. Copyright law in India provides exclusive and monopoly rights to
the creator or author or owner of original literary, dramatic, artistic, musical works and cinematograph
films.

Computer software for the purpose of this Act is considered as a piece of literary work and is thus,
protectable under copyright law in India.

Copyright

Indian copyright law is at parity with the international standards as contained in TRIPS. The (Indian)
Copyright Act, 1957, pursuant to the amendments in 1999, 2002 and 2012, fully reflects the Berne
Convention for Protection of Literary and Artistic Works, 1886 and the Universal Copyrights Convention,
to which India is a party. India is also a party to the Geneva Convention for the Protection of Rights of
Producers of Phonograms and is an active member of the World Intellectual Property Organization
(WIPO) and United Nations Educational, Scientific and Cultural Organization (UNESCO).

"Work" protected in India

Under the Copyright Act, 1957 the term "work" includes an artistic work comprising of a painting, a
sculpture, a drawing (including a diagram, a map, a chart or plan), an engraving, a photograph, a work of
architecture or artistic craftsmanship, dramatic work, literary work (including computer programmes,
tables, compilations and computer databases), musical work (including music as well as graphical
notations), sound recording and cinematographic film.

In order to keep pace with the global requirement of harmonization, the Copyright Act, 1957 has brought
the copyright law in India in line with the developments in the information technology industry, whether
it is in the field of satellite broadcasting or computer software or digital technology. The amended law has
also made provisions to protect performer's rights as envisaged in the Rome Convention.

Registration of Copyright
 44

In India, the registration of copyright is not mandatory as the registration is treated as mere recordal of a
fact. The registration does not create or confer any new right and is not a prerequisite for initiating action
against infringement. The view has been upheld by the Indian courts in a catena of judgments.

Need for Registration of Copyright

The awareness of Intellectual Property (IP) Laws is considerably low among the enforcement authorities
in India, and most of the IP litigation is confined to metropolitan cities. Despite the fact that the
registration of copyright is not mandatory in India and is protectable through the International Copyright
Order, 1999, it is advisable to register the copyright as the copyright registration certificate is accepted as
a "proof of ownership" in courts and by police authorities, and acted upon smoothly by them.

Enforcement of Copyright in India

The law of copyright in India not only provides for civil remedies in the form of permanent injunction,
damages or accounts of profits, delivery of the infringing material for destruction and cost of the legal
proceedings. etc. but also makes instances of infringement of copyright, a cognizable offence punishable
with imprisonment for a term which shall not be less than six months but which may extend to three years
with a fine which shall not be less than Rs 50,000 (approx. US$ 800) but may extend to Rs 2,00,000
(approx. US$ 3,000). For the second and subsequent offences, there are provisions for enhanced fine and
punishment under the Copyright Act. The (Indian) Copyright Act, 1957 gives power to the police
authorities to register the Complaint (First Information Report, ie, FIR) and act on its own to arrest the
accused, search the premises of the accused and seize the infringing material without any intervention of
the court.

Protection to Foreign Works in India

Copyright of "works" of foreign nationals, whose countries are member of Convention Countries to
which India is a signatory, are protected against any infringement of their "works" in India through the
International Copyright Order, 1999. The Indian courts have also been pro-active for the protection of
copyright of foreign authors/owners, which includes software, motion pictures including screen play of
motion pictures and database.

The Government of India is also taking initiative to combat piracy in the software industry, motion
pictures and the music industry along with players in the industry through their associations and
organizations like NASSCOM (National Association of Software and Service Companies), NIAPC
(National Initiative Against Piracy and Counterfeiting) etc.

Licensing and Assignment of Copyright

Copyright in any work, present or future, can only be assigned or licensed in writing by the copyright
owner or his duly authorised agent.

Duration/Term of Copyright

In the case of original literary, dramatic, musical and artistic works, the duration of copyright is the
lifetime of the author or artist, and 60 years counted from the year following the death of the author.
 45

In the case of cinematograph films, sound recordings, posthumous publications, anonymous and
pseudonymous publications, works of government and works of international organisations are protected
for a period of 60 years which is counted from the year following the date of publication.

Copyright and cyber law

The emergence of electronic data interchange was nothing but the true and real beginning of e-commerce
in the world. Thus, it can be said that e-commerce was fully in force by the 1990s. EDI was very
expensive and thus, both small and medium-sized companies couldn’t afford the same.

However, the advent of the internet completely changed the scenario and provided an even playing field
for all the companies involved. The EDI propriety system thus gave way to internet-based e-
marketplaces.

As the e-market grew, it became increasingly clear that security issues were on the rise for consumers.
Therefore, to secure e-commerce within the nation, the digital signature was adopted.

Rights in Terms of Computer Software

The various parts of computer software that are protected by copyright include the graphical user
interface, the source code and object code, the operating system that allows the application of software to
interact with the hardware and the application software.

The owner of the computer programme has all the rights associated with it. Computer programmes in
India can be protected under literary work within the Indian Copyright Act. Additionally, other related
rights are exceptionally provided to an owner of the computer programme which also includes the right to
sell and rent copies.

The right to rent copies is only allowed for computer programmes and code which as configured as a
substantial part of the object.

Protection of different classes

As previously established, there are various parts of computer software that are protected by copyright in
the cyberspace.

1. GUI and Database

The graphical user interface allows a user to interact with applications of computers, mobiles, electronic
equipment et cetera. Thus, the GUI is an element of the program through which users interact with other
features of the computer programme. Copyright protects forms of expression and can be used to protect
source code and object code of a computer programme.

Further, computer programmes are protected as a literary work under the Copyright Act and thus, GUI
stands protected. Database refers to a collection of records stored in a systematic way that can be best
utilized. The database is also protected as literary work under the Indian Copyright Act.

2. Multimedia
 46

Multimedia essentially refers to a computer-based interactive communications process that includes a

combination of writing, sound, image, still images, animation, video, computer software or interactivity
content forms. Multimedia elements on websites and on the internet are found embedded in web pages.

Examples of multimedia applications include World Wide Web, adobe director, interactive TV, computer
games et cetera. As multimedia combines different elements, copyright protection is different for different
classes of work.

Text in multimedia

Literary works including books, magazines, and novels et cetera where each original work will be
protected in the literary section in a separate copyright application.

For example, if the multimedia application contains text as well as poetry which are original, both the text
and the poetry will be protected in separate copyright applications. Developers or creators need to seek
prior permission from the owner to use the pre-existing text.

Computer Software

Computer programs include source code and object code and are defined as a set of ordered instructions
which enable a computer to carry out a task. A program that is written to integrate various elements of a
multimedia product as a computer program will be protected as a literary work.

Developers need to seek prior permission like in the case of other literary works. This prior permission
clause remains the same for all classes of work represented below irrespective of their other differences.

Interactivity Content Forms

There is no real definition for ICF but it essentially is explained as a process of compiling various sources
such as a set of data, a report or a collection of literary or musical works and cinematographic work that is
compiled from various sources. The compilation is essentially the process of converting source code to
executable code and thus, is protected as a literary work.

Still images

Still images are considered to be artistic work whether or not such work possesses an artistic quality, a
work of architecture or any other artistic craftsmanship. Each work will be protected in the artistic section
in a separate copyright application form.

Audio

Audio in multimedia is considered to fall within the ambit of musical work or sound recordings. Musical
work includes a work consisting of music and includes any graphical notation of such work but doesn’t
include any words or any action intended to be sung, spoken or performed with the music.

Sound recordings are recordings from which sounds are produced regardless of the medium on which this
recording is made. Each original musical work will be protected in the musical section in a separate
copyright application form and each sound recording will be protected in the sound recordings section in
a separate copyright application form.
 47

Animation and Video

Both animation and video in multimedia applications fall within the category of cinematographic films.
This includes any work of visual recording on any medium produced through a process from which a
moving image may be produced by any means and includes a sound recording accompanying such visual
recording. Thus, it includes visual representation in the forms of movies, video games et cetera. Each
separate piece of work is protected in a separate copyright application form.

The Indian Government, by way of the IT Amendment Act of 2008, took a remarkable step in the right
direction, however, it doesn’t address the issues revolving copyright. Copyright thus remains as one of the
most complicated areas of cyber law and is essential for the growth of e-commerce in the nation.
 48

Unit-IV

Qs. Freedom of Speech and Expression on Internet and Authority of Government.

Ans. However, 21st century is the age of internet and social media. We are all connected to
either one or the another mode of social media viz.Facebook, Twitter, Quora etc where we
express our views freely as the supreme law of the land gives us the freedom under Article 19(1)
(a). Not only we do express our views on social media, we also share the post that we like,
comment on pages where we feel we are attached to it. An attempt was made by the legislature
wherein the Information Technology Act,2000(hereinafter referred to as the Act of 2000) was
passed to restrict the freedom of speech and expression.

Meaning of Freedom of Speech And Expression

The Constitution of India guarantees various fundamental rights to its citizens. One such
important right is right to freedom under Article 19. This includes right to freedom of speech and
expression, right to assemble peacefully and without arms, freedom to form associations and
unions, right to move freely throughout the territory of India, right to reside and settle in any part
of the territory of India and right to practice and profession or to carry on any occupation, trade
or business.

Article 19(1)(a) says that, “All citizens shall have freedom of speech and expression.

Actually, this is the most important right amongst all rights. It is the right which helps in
conversation. It is a medium of expression of thoughts.

Speech and expression means- expression your views by way of words, articles, signs,
representation, etc.

There can also be other way of expression, and all such medium shall be deemed to be
expression.

‘Lawell Vs Giffin’ [(1938) 303 U.S. 444]- numbers, signs, symbols, etc. were held to medium of
expression.

‘Tata press Ltd. Vs Mahanagar Telephone Nigam Ltd.’ (A.I.R. 1995 S.C. 2438)- commercial
speech and expression shall be deemed to be part of speech and expression under Article 19(1)
(a).

Romesh Thappar v State of Madras (AIR 1950 SC 124), the Supreme Court of India held that
the freedom of speech and expression includes freedom to propagate ideas which is ensured by
freedom of circulation of a publication, as publication is of little value without circulation.

Indian Express Newspapers (Bombay) P. Ltd v. Union of India (‘86) A.SC. 515, are of great
significance. In these cases, the corporations filed a writ petition challenging the constitutional
 49

validity of notifications issued by the Government. After much deliberation, the Courts held that
the right to freedom of speech cannot be taken away with the object of placing restrictions on the
business activities of citizens. However, the limitation on the exercise of the right under Article
19(1)(a) not falling within the four corners of 19(2) is not valid.

State of Uttar Pradesh v. Raj Narain has held that Article 19(1)(a) of the Constitution
guarantees the freedom of speech and expression to all citizens in addition to protecting the
rights of the citizens to know the right to receive information regarding matters of public
concern.

Restrictions on Freedom of Speech And Expression

The freedom of speech and expression does not confer on the citizens the right to speak or
publish without responsibility. It is not an unbraided license giving immunity for every possible
use of language and prevents punishment for those who abuse this freedom. Article 19(3) of the
ICCPR imposes restrictions on the following grounds:

(a) For respect of the rights of reputations of others

(b) For protection of national security, or public order, or public health or morals.
As per Article 19(2) of the Constitution of India, the legislature may enact laws to impose
restrictions on the right to speech and expression on the following grounds:

(a) Sovereignty and integrity of India

(b) Security of the State

(c) Friendly relations with foreign States

(d) Public order

(e) Decency or morality

(f) Contempt of court

(g) Defamation

(h) Incitement to an offence

Freedom of Speech And Expression And Social Media/ Internet

The Internet and Social Media has become a vital communications tool through which
individuals can exercise their right of freedom of expression and exchange information and
ideas. In the past year or so, a growing movement of people around the world has been witnessed
who are advocating for change, justice, equality, accountability of the powerful and respect for
human rights. In such movements, the Internet and Social Media has often played a key role by
 50

enabling people to connect and exchange information instantly and by creating a sense of
solidarity. The UN Human Rights Committee has also tried to give practical application to
freedom of opinion and expression in the radically altered media landscape, the centre stage of
which is occupied by the internet and mobile communication. Describing new media as a global
network to exchange ideas and opinions that does not necessarily rely on the traditional mass
media, the Committee stated that the States should take all necessary steps to foster the
independence of these new media and also ensure access to them. Moreover, Article 19 of the
UDHR and Article 19(2) of the ICCPR also provides for freedom of speech and expression even
in case of internet and social media. Thus, it is seen that freedom of speech and expression is
recognized as a fundamental right in whatever medium it is exercised under the Constitution of
India and other international documents. And in the light of the growing use of internet and
social media as a medium of exercising this right, access to this medium has also been
recognized as a fundamental human right.

Cyber Laws of India and internet and Social Media

Although there is no specific legislation in India which deals with social media, there are several
provisions in the existing so-called cyber laws which can be used to seek redress in case of
violation of any rights in the cyber space, internet and social media. The legislations and the
relevant provisions are specifically enumerated as under:

The Information Technology Act, 2000

(a) Under Chapter XI of the Act, Sections 65, 66, 66A, 6C, 66D, 66E, 66F, 67, 67A and 67B
contain punishments for computer related offences which can also be committed through
social media viz. tampering with computer source code, committing computer related
offences given under Section 43, sending offensive messages through communication
services, identity theft, cheating by personation using computer resource, violation of
privacy, cyber terrorism, publishing or transmitting obscene material in electronic form,
material containing sexually explicit act in electronic form, material depicting children in
sexually explicit act in electronic form, respectively.
(b) Section 69 of the Act grants power to the Central or a State Government to issue
directions for interception or monitoring or decryption of any information through any
computer resource in the interest of the sovereignty or integrity of India, defence of India,
security of the State, friendly relations with foreign States, public order, for preventing
incitement to commission of any cognizable offence, for investigation of any offence.
(c) Section 69A grants power to the Central Government to issue directions to block public
access of nay information through any computer resource on similar grounds.

(d) Section 69B grants power to the Central Government to issue directions to authorize any
agency to monitor and collect traffic data or information through any computer resource
for cyber security.
 51

(e) Section 79 provides for liability of intermediary. An intermediary shall not be liable for
any third party information, data or communication link made available or hosted by him
in the Section 66A of the Information Technology Act, 2000.

Section 66A

Of all these provisions, Section 66A has been in news in recent times, albeit for all the wrong
reasons. Before discussing the issue in detail, it is desirable to first have a look at Section
66A, the provision itself. Section 66A of the Information Technology Act, 2000 inserted vide
Information Technology (Amendment) Act, 2008 provides punishment for sending offensive
messages through communication service, etc. and states:

Any person who sends, by means of a computer resource or a communication device-

(a) any information that is grossly offensive or has menacing character;

(b) any information which he knows to be false, but for the purpose of causing annoyance,
inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill
will, persistently by making use of such computer resource or a communication device,

(c) any electronic mail or electronic mail message for the purpose of causing annoyance or
inconvenience or to deceive or to mislead the addressee or recipient about the origin of such
messages shall be punishable with imprisonment for a term which may extend to three years
and with fine.

For the purposes of this section, terms "electronic mail" and "electronic mail message" means
a message or information created or transmitted or received on a computer, computer system,
computer resource or communication device including attachments in text, images, audio,
video and any other electronic record, which may be transmitted with the message.

The case of Shreya Singhal vs Union of India(AIR 2015 SC 1523) is a landmark judgment
declaring Section 66A of the IT Act, 2000 as null and void. The apex Court has struck down
Section 66A of the IT Act,2000 as it violates Article 19(1)(a) of the Constitution. The Court
has expressly stated that the law itself is an annoyance to democracy and deserves to be
struck off the statute books. In this case, the Court has once again restored faith in the
constitutional rifht of the citizen to enjoy free speech. The court opined the way Section 66A
of the IT Act,2000 has arbitrarily provided power to the officials to criminalize speech and
put anyone behind the bars as soon as anything offensive is found, is just void.

Qs. Surveillance and Pre-censorship.

Ans. Surveillance means close observation of a person or group especially the one who are under
suspicion or the act or observing or the condition of being observed[i]. Being a developing
country, India has brought several changes into its policies on Information Technology and still a
 52

lot more changes needs to be done. With the growing IT sector, surveillance technologies has
also been introduced such as internet surveillance, CCTV surveillance, telephone and e-mail id
surveillance etc. Although, it is just a start and in future, maybe in 2-3 year, new technologies
will be introduced, which leaves us to the question whether current Indian legal framework has
provisions as to surveillance and whether the privacy of individual in India is secured. The article
talks about different provisions under different statutes which allow government to conduct
surveillance, various governmental bodies doing surveillance and right to privacy of individual
in India.

Internet censorship in India is done by both central and state governments. DNS filtering and
educating service users in suggested usages is an active strategy and government policy to
regulate and block access to Internet content on a large scale. Also measures for removing
content at the request of content creators through court orders have become more common in
recent years. Initiating a mass surveillance government project like Golden Shield Project is also
an alternative discussed over the years by government bodies.

Departments working under Indian government for surveillance

Recently, many departments and agencies have been established, under government of India, in
order to do surveillance in cyberspace (where online communication takes place between
computers or networks), on personal messages, emails, cell phones or on social medias. Being
fastest developing country, India has to make strong policies and regulations in order to protect
IT industry as well as to protect privacy of every citizen.

The governmental bodies such as National Intelligence Grid, Central Monitoring System etc.
have been setup for surveillance on internet, cell phones, private messages, as well as social
media sites. But at this point of time, the protection of bodies itself i.e. powers and functions of
authorities, situations under which surveillance can be done etc. and security of data to be kept
by them is unknown. Also the provisions under which they have established are a question. It is
possible that the data kept by these bodies can be misused by any private entity for any political
or terrorist purpose which can endanger public privacy and safety at large.

National Intelligence Grid

National Intelligence Grid aims at linking information saved on servers and networks of different
departments and ministries of government so it can be accessible by any department and
intelligence agency[vi]. National Intelligence Grid does not aim at storing any type of
information in its own and will only provide a platform where communication between
computers and networks of different departments can be taken place.

Crime and Criminal Tracking Network System (CCTNS)

 53

Crime and Criminal Tracking Network System aims at collecting, storing, analyzing,
transferring, sharing of data between various police stations and with State Headquarters and
police organizations[vii]. By using CCTNS, any police station will get complete available
information on any criminal or any suspect stored on the servers of other police stations or
departments.

Central Monitoring System

Central Monitoring System aims at monitoring every byte of communication i.e. text messages,
phone calls, online activities, social media conversations and contents etc. CMS was prepared by
the Telecom Enforcement, Resource Monitoring (TERM) and by the Center for Development of
Telematics (CDoT) and managed by Intelligence Bureau[viii]. Today government is doing
surveillance on Facebook and Twitter walls by using Central Monitoring System.

Unique Identification Authority of India (UID Scheme)

Unique Identification Authority of India (UID scheme) aims at providing a special unique
identity to every citizen of India in which figure print and basic information of a person will be
available. UID scheme comes under AADHAAR Scheme of government of India, and at present,
Unique Identification Authority of India has issued number of Unique Id’s to the citizens of
India and till now it has covered 28.11% of the total population and still going on[ix].

Indian Computer Emergency Response Team (CERT-In)

CERT, functional since January 2004, is a nodal agency of government in response of any
computer security incident. CERT has been created under the provisions of Information
Technology Amendment Act, 2008 and since then working as government agency[x]. CERT is
not exactly surveillance agency of government but it is response team of government in order
deal with any cyber security incident all over India.

National Counter Terrorism Center (NCTC)

After the attacks on Mumbai in 2008 aka 26/11 attacks on Mumbai, there was a need of agency
to fight against terrorism as there was a failure on the part of intelligence agencies in India. So
the proposal of NCTC was made. NCTC will derive its powers from Unlawful Activities
Prevention Act, 1967 and it will be part of Intelligence Bureau headed by the director

Laws governing surveillance

IT sector in India is growing at very high rate and the biggest problem is that there are no
specific laws that governing surveillance in India. Although there are many acts and rules passed
by legislature which governs surveillance indirectly, there is a need of specific laws as to
working of governmental bodies, their powers, protection of individual privacy and freedom of
speech. Section 69 Information Technology Amendment Act, 2008 gives power to government
 54

to intercept, monitor or decrypt any data or information stored on any computer resources for the
reason of public safety, public order etc. but who shall be authorized to intercept this information
is unknown. Although, CERT-In has been made by the virtue of Information Technology Act,
2008 but CERT-In will only come into play when there is any attack on Indian computers or
resources or when any of Indian servers being hacked or crashed by any foreign body or any
individual within or outside India.

The Indian Telegraph Act, 1885 had also given power to central or state government to
intercept any message if it is against public safety and since then, as various laws came into
force, the government has got power.

The governmental bodies which are working have got indirect powers from many different rules
passed by the legislation. But there is no such legal framework passed by parliament in relation
to surveillance and authorities who has power to monitor and block information for any
computer recourse. The data collected by Central Monitoring System will only be accessed by
governmental bodies like Intelligence Bureau, Research and Analysis Wing (RAW), Central
Bureau of Investigation (CBI), National Investigation Agency (NIA), Central Bureau of Direct
Taxes (CBDT), and Narcotics Control Bureau (NCB). But who has given this authority or when
shall such surveillance will be done is a question. Indian legal framework has provisions relating
to electronic surveillance but they are inefficient.

Also, Right to Privacy bill, 2011 has been presented in the parliament and an attempt has been
made by government as to define privacy and under which circumstances the government has
power to conduct surveillance and what shall be penalties as to misuse of such information
obtained by the way of surveillance. Under this bill, the surveillance can only be granted by
permission of Home Secretary, Ministry of Home Affairs, Government of India.

On October 27, 2009, the central government has passed Information Technology (Procedure
and Safeguard for interception, monitoring and decryption of information) Rules, 2009 in which
it was laid down that no person shall intercept, monitor or decrypt any information available on
any computer resources except an order from Home Secretary or Joint Secretary, Ministry of
Home Affairs has been obtained to do so. According to Rules, under Rule 4, it has been laid
down that the central government has power to delegate such authority to intercept, monitor or
decrypt any information on any computer resource to any agency.

Also, Information Technology (Procedures and Safeguards for blocking for access of
Information by Public) Rules, 2009 has been passed by parliament in order to block access of
any information on any computer resource by public. According to Rules, the government has
power to block any information whether generated, transmitted, stored or received or hosted by
any computer resource for any reasons mentioned in section 69A of the Information Technology
Act, 2000 i.e. sovereignty and integrity of India, defense of India, friendly relation with foreign
state, security of state etc.
 55

Qs. Privacy of Online data and Information

Ans. India, at present, does not have an independent statute protecting privacy; the right to
privacy is a deemed right under the Constitution. The right to privacy has to be understood in the
context of two fundamental rights: the right to freedom under Article 19 and the right to life
under Article 21 of the Constitution.

The higher judiciary of the country has recognised the right to privacy as a right “implicit in the
right to life and liberty guaranteed to the citizens of this country by Article 21”. The Indian law
has made some exceptions to the rule of privacy in the interest of the public, especially,
subsequent to the enactment of the Right to Information Act, 2005 (RTI). The RTI Act, makes an
exception under section 8 (1) (j), which exempts disclosure of any personal information which is
not connected to any public activity or of public interest or which would cause an unwarranted
invasion of privacy of an individual. What constitutes an unwarranted invasion of privacy is not
defined. However, courts have taken a positive stand on what constitutes privacy in different
circumstances.

Constitutional Framework of Privacy

The right to privacy is recognised as a fundamental right under the Constitution of India. It is
guaranteed under the right to freedom (Article 19) and the right to life (Article 21) of the
Constitution. Article 19(1) (a) guarantees all citizens the right to freedom of speech and
expression. It is the right to freedom of speech and expression that gives the media the right to
publish any information. Reasonable restrictions on the exercise of the right can be imposed by
the State in the interests of sovereignty and integrity of the State, the security of the State,
friendly relations with foreign States, public order, decency or morality, or in relation to
contempt of court, defamation or incitement to an offence.

Article 21 of the Constitution provides, "No person shall be deprived of his life or personal
liberty except according to procedure established by law." Courts have interpreted the right to
privacy as implicit in the right to life. In R.Rajagopal v. State of T.N. and PUCL v. UOI the
courts observed that the right to privacy is an essential ingredient of the right to life.

For instance, in R. Rajagopal v State of Tamil Nadu, Auto Shankar — who was sentenced to
death for committing six murders — in his autobiography divulged his relations with a few
police officials. The Supreme Court in dealing with the question on the right to privacy,
observed, that the right to privacy is implicit in the right to life and liberty guaranteed to the
citizens of the country by Article 21. It is a ‘right to be left alone.’ "A citizen has a right to
safeguard the privacy of his own, his family, marriage, procreation, motherhood, child-bearing
and education among other matters.” The publication of any of the aforesaid personal
information without the consent of the person, whether accurate or inaccurate and ‘whether
laudatory or critical’ would be in violation of the right to privacy of the person and liable for
 56

damages. The exception being, when a person voluntarily invites controversy or such publication
is based on public records, then there is no violation of privacy.

In PUCL v. UOI which is popularly known as the wire-tapping case, the question before the
court was whether wire-tapping was an infringement of a citizen’s right to privacy. The court
held that an infringement on the right to privacy would depend on the facts and circumstances of
a case. It observed that, "telephone conversation is an important facet of a man's private life.
Right to privacy would certainly include telephone-conversation in the privacy of one's home or
office. Telephone-tapping would, thus, infract Article 21 of the Constitution of India unless it is
permitted under the procedure established by law." It further observed that the right to privacy
also derives from Article 19 for "when a person is talking on telephone, he is exercising his right
to freedom of speech and expression."

In Kharak Singh v. State of U.P where police surveillance was being challenged on account of
violation of the right to privacy, the Supreme Court held that domiciliary night visits were
violative of Article 21 of the Constitution and the personal liberty of an individual.

Data Protection Laws in India

Data Protection refers to the set of privacy laws, policies and procedures that aim to minimise
intrusion into one's privacy caused by the collection, storage and dissemination of personal data.
Personal data generally refers to the information or data which relate to a person who can be
identified from that information or data whether collected by any Government or any private
organization or an agency.

The Constitution of India does not patently grant the fundamental right to privacy. However, the
courts have read the right to privacy into the other existing fundamental rights, ie, freedom of
speech and expression under Art 19(1)(a) and right to life and personal liberty under Art 21 of
the Constitution of India. However, these Fundamental Rights under the Constitution of India are
subject to reasonable restrictions given under Art 19(2) of the Constitution that may be imposed
by the State. Recently,

in the landmark case of Justice K S Puttaswamy (Retd.) & Anr. vs. Union of India and Ors.,
the constitution bench of the Hon'ble Supreme Court has held Right to Privacy as a fundamental
right, subject to certain reasonable restrictions.

The (Indian) Information Technology Act, 2000 and privacy of data and information

The (Indian) Information Technology Act, 2000 deals with the issues relating to payment of
compensation (Civil) and punishment (Criminal) in case of wrongful disclosure and misuse of
personal data and violation of contractual terms in respect of personal data.

Under section 43A of the (Indian) Information Technology Act, 2000, a body corporate who is
possessing, dealing or handling any sensitive personal data or information, and is negligent in
 57

implementing and maintaining reasonable security practices resulting in wrongful loss or

wrongful gain to any person, then such body corporate may be held liable to pay damages to the
person so affected. It is important to note that there is no upper limit specified for the
compensation that can be claimed by the affected party in such circumstances.

Rules regarding protection of sensitive personal data or information under ITA

The Government has notified the Information Technology (Reasonable Security Practices and
Procedures and Sensitive Personal Data or Information) Rules, 2011. The Rules only deals with
protection of "Sensitive personal data or information of a person", which includes such personal
information which consists of information relating to:-

I. Passwords;
II. Financial information such as bank account or credit card or debit card or other payment
instrument details;
III. Physical, physiological and mental health condition;
IV. Sexual orientation;
V. Medical records and history;
VI. Biometric information.

The rules provide the reasonable security practices and procedures, which the body corporate or
any person who on behalf of body corporate collects, receives, possess, store, deals or handle
information is required to follow while dealing with "Personal sensitive data or information". In
case of any breach, the body corporate or any other person acting on behalf of body corporate,
the body corporate may be held liable to pay damages to the person so affected.

Under section 72A of the (Indian) Information Technology Act, 2000, disclosure of information,
knowingly and intentionally, without the consent of the person concerned and in breach of the
lawful contract has been also made punishable with imprisonment for a term extending to three
years and fine extending to Rs 5,00,000 (approx. US$ 8,000).

Exception

It is to be noted that s 69 of the Act, which is an exception to the general rule of maintenance of
privacy and secrecy of the information, provides that where the Government is satisfied that it is
necessary in the interest of:

I. the sovereignty or integrity of India,

II. defence of India,
III. security of the State,
IV. friendly relations with foreign States or
V. public order or
 58

VI. for preventing incitement to the commission of any cognizable offence relating to above
or
VII. for investigation of any offence,

It may by order, direct any agency of the appropriate Government to intercept, monitor or
decrypt or cause to be intercepted or monitored or decrypted any information generated,
transmitted, received or stored in any computer resource. This section empowers the Government
to intercept, monitor or decrypt any information including information of personal nature in any
computer resource.

Where the information is such that it ought to be divulged in public interest, the Government
may require disclosure of such information. Information relating to anti-national activities which
are against national security, breaches of the law or statutory duty or fraud may come under this
category.

Penalty for Damage to Computer, Computer Systems, etc. under the IT Act

Section 43 of the IT Act, imposes a penalty without prescribing any upper limit, doing any of the
following acts:

a. accesses or secures access to such computer, computer system or computer

network;
b. downloads, copies or extracts any data, computer data base or information from
such computer, computer system or computer network including information or
data held or stored in any removable storage medium;
c. introduces or causes to be introduced any computer contaminant or computer
virus into any computer, computer system or computer network;
d. damages or causes to be damaged any computer, computer system or computer
network, data, computer data base or any other programmes residing in such
computer, computer system or computer network;
e. disrupts or causes disruption of any computer, computer system or computer
network;
f. denies or causes the denial of access to any person authorised to access any
computer, computer system or computer network by any means; (g) provides any
assistance to any person to facilitate access to a computer, computer system or
computer network in contravention of the provisions of this Act, rules or
regulations made thereunder;
g. charges the services availed of by a person to the account of another person by
tampering with or manipulating any computer, computer system, or computer
network, he shall be liable to pay damages by way of compensation to the person
so affected.
 59

h. destroys, deletes or alters any information residing in a computer resource or

diminishes its value or utility or affects it injuriously by any means;
i. steel, conceals, destroys or alters or causes any person to steal, conceal, destroy or
alter any computer source code used for a computer resource with an intention to
cause damage.

Tampering with Computer Source Documents as provided for under the IT Act, 2000

Section 65 of the IT Act lays down that whoever knowingly or intentionally conceals, destroys,
or alters any computer source code used for a computer, computer programme, computer system
or computer network, when the computer source code is required to be kept or maintained by law
for the time being in force, shall be punishable with imprisonment up to three years, or with fine
which may extend up to Rs 2,00,000 (approx. US$3,000), or with both.

Computer related offences

Section 66 provides that if any person, dishonestly or fraudulently does any act referred to in
section 43, he shall be punishable with imprisonment for a term which may extend to three years
or with fine which may extend to Rs 5,00,000 (approx. US$ 8,000)) or with both.

Penalty for Breach of Confidentiality and Privacy

Section 72 of the IT Act provides for penalty for breach of confidentiality and privacy. The
Section provides that any person who, in pursuance of any of the powers conferred under the IT
Act Rules or Regulations made thereunder, has secured access to any electronic record, book,
register, correspondence, information, document or other material without the consent of the
person concerned, discloses such material to any other person, shall be punishable with
imprisonment for a term which may extend to two years, or with fine which may extend to Rs
1,00,000, (approx. US$ 3,000) or with both.

Qs. Data Protection in India and Comparison with EU and US

India’s protection of data

In India, the personal and sensitive data are protected by the Information Technology Rules,
2011. These rules protect only information about the following:

I. Passwords
II. Financial information
III. Physical, psychological and mental health conditions
IV. Sexual orientation
V. Medical records and history
VI. Biometric information
 60

Unlike the European Union, India doesn’t have a separate legislation for protecting the database.
The various means of protections and rights guaranteed can be traced to the following:

I. The rights guaranteed under Article 21 of the Indian Constitution extend to data in
electronic form that every citizen has the Fundamental right to liberty and right to
privacy.
II. The Indian Penal Code, 1860 prevents data theft, and the definition of movable property
includes corporal property, thereby information stored on a computer is included in the
definition. Hence any theft, misappropriation or criminal breach of trust are punishable
under the IPC
III. The Indian Contract Act can be invoked by incorporating a separate clause in the contract
for confidentiality of the database.
IV. Section 66E of the Information Technology Act provides for the punishment for privacy
violation etc. Apart from this various other sections cover different aspects of enforcing
the rights in database.
V. The Copyright Act, 1957 protects a copyright to a database

In India, there is no sui generis protection as the government felt that the current protection under
the Copyright Act is sufficient, and a need for additional protection has not come up.

EU General Data Protection Rules, 2016

GDPR Regulations were notified in 2016 with the provision of a two-year transition period for
companies to comply with the same. The enforcement date was fixed as May 25, 2018. GDPR
Regulations are primarily focussed on protecting personal data. Personal data is defined as any
information which helps in identifying an individual. Hence, even particulars like name, contact
details, addresses etc. would constitute personal data. The party which determines how the data
is to be used is the data controller, the party which processes is the data processor and the
provider of information is the data subject.

The following are the key features of GDPR Regulations:

I. Accountability: The GDPR Regulations have introduced a two-pronged accountability

system, wherein both the data controllers and the data processor are accountable for any
kind of data breach. Both data controllers and processors are required to maintain data
processing registers.
II. Consent: GDPR takes into account only freely given, specific and unambiguous consent.
It also enables the data subject to withdraw his/her consent.
III. Breach notification: GDPR Regulations require that any data breach should be notified
to the data subject within 72 hours of the occurrence of such breach.
IV. Access: The Data Subject is entitled to request access to the data and information
pertaining to the manner of processing and the purpose for which it is being processed.
 61

V. Right to be forgotten: Upon data subject’s request, the company is obliged to delete all
the data stored. This generally happens when the data is no longer relevant.

Data Protection Officers: The GDPR requires the appointment of data protection officers by
companies having 250 or more employees or 5000 or more data subjects.

Data Protection Regulations in the US

The United States has opted for a different approach to data protection. Instead of formulating
one all-encompassing regulation such as the GDPR, it chose to implement sector specific data
protection laws and regulations that work together with state-level legislation to safeguard
American citizens’ data. These include:

I. The Health Insurance Portability and Accountability Act (HIPAA), a set of standards
created to secure protected health information (PHI) by regulating healthcare providers.
II. NIST 800-171, a special publication released by the National Institute of Standards and
Technology aimed at protecting Controlled Unclassified Information (CUI) in non-
federal information systems and organizations.
III. The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial
Modernization Act of 1999, that seeks to protect the personal information of consumers
stored in financial institutions.
IV. The Federal Information Security Management Act (FISMA), a federal law part of the
larger E-Government Act of 2002, that made it a requirement for federal agencies to
develop, document, and implement an information security and protection program.

While states such as California have a security breach notification law in place from as early as
2002, not all states have one. Therein lies the problem with US data protection legislation. Given
the number of laws in existence and their differences at state-level, some may be up to GDPR
standards, while others may not.

There is also the question of the importance of privacy underlined in the GDPR. While US
legislation addresses data security and the importance of private records, privacy is often absent
from the discussion, appearing in separate and just as segmented privacy laws. These are
enforced through government bodies such as the Federal Communication Committee (FCC) and
privacy organizations such as the American Civil Liberties Union (ACLU) or the Electronic
Frontier Foundation (EFF) which provide a legal framework for them.

Data protection is also addressed by the Federal Trade Commission (FTC), which has the power
to act against unfair and deceptive practices perpetrated by a large range of companies. In the
case of data protection, these include failures to implement reasonable data security measures
and apply privacy policies as well as unauthorized disclosures of personal information.

Comparison
 62

The European Union has created the Directive to resolve the issues about the database in 1996.
The Directive provides for two forms of protection – copyright and a sui generis right specific to
database. The Copyright protects the author’s intellectual creation whereas, a sui generis
protection is against unauthorized use of the database n any form when such a database is not a
new creation but involves a substantial investment. Thereby the EU countries provide a larger
protection of rights and enforcement mechanisms.

In India, the database rights are recognized through different legislations and has scope for
further improvement and a consolidated piece of legislation solely for the purpose of protecting
the database to keep up with the changing digital world.

The USA needs to enact a separate legislation to provide for the protection of database and the
enforcement of related rights about database.

Qs. Jurisdictional issues in cyber space

Ans. Jurisdiction essentially refers to the concept where the power to determine and hear a case is vested
with an appropriate Court in a legal system. The main issue that clouds Cyber Space Jurisdiction is the
fact that parties involved in a dispute are essentially placed in different parts of the world and have only a
virtual connection that bonds them all into one realm.

The internet now doesn’t make any geographical or jurisdictional boundaries clear, but the users of the
internet remain in physical jurisdictions around the world and are thus, subject to laws that are
independent of their presence on the internet.

A single internet transaction may involve laws of the State in which the user resides or the laws of the
State that apply where the server hosting the transaction is located or the laws of the State which apply to
the person with whom the transaction takes place. Thus, if there was a hypothetical situation of a user in
the USA conducting a transaction with another user in Indonesia through a server hosted in Chennai
wherein issues arose, they would theoretically be subject to the laws of all three countries involved.

What is jurisdiction?

Jurisdiction is the power or the authority of a Court to hear and determine a cause so they can adjudicate
and exercise any judicial power in relation to it. Thus, jurisdiction is essentially the authority which the
court with regard to deciding of matters that are litigated before it or to take cognizance of matters
presented in a formal way for its decision.

Customarily, the jurisdiction lies where the cause of action arises. However, the method of determination
of jurisdiction becomes incredibly difficult when there are multiple parties involved in various parts of the
world.

A transaction in the cyberspace fundamentally involves three parties. The user, the server host and the
person with whom the transaction is taking place with the need to be put within one jurisdiction.
 63

Thus, matters of jurisdiction are subject of State and International law when the contracting parties or the
parties in dispute are of different nationalities. Under International law, the State is subjected to the
application of its law when there are international parties to the dispute.

Kinds of jurisdiction

In essence, there are three kinds of jurisdiction that exist in matters of determining a States’ jurisdiction
under International law. This includes prescriptive jurisdiction, jurisdiction to adjudicate and jurisdiction
to enforce.

Prescriptive Jurisdiction

It refers to the jurisdiction of the State to make laws applicable to person and certain circumstances.
International law exercises limitation on a State’s authority to prescribe laws if there is a conflict of
interest with another State.

Jurisdiction to Adjudicate

It refers to the power of the State to subject a person or thing to a court or administrative tribunal, either
civil or criminal, whether or not the State is a party to the proceedings. There only needs to exist a
sufficient relationship between the State and the person.

Jurisdiction to Enforce

It refers to the power of a State to induce or punish someone for noncompliance with laws and
regulations. A State’s law can be enforced by the officers only with due permission of the State officials
concerned in the matter. However, a State may have jurisdiction to prescribe in certain circumstances
where the jurisdiction to adjudicate is absent.

Long Arm Statute and Minimum Contact

Long Arm Statute essentially refers to jurisdiction that a Court has over out-of-state defendant
corporations. It establishes the right for Governments to use the long-arm statute to bring action against a
defendant corporation.

India follows the principle of the Long Arm Statute to decide in matters of personal jurisdiction on an
international level. India has adopted the principle of universal jurisdiction to cover both its cyber
contraventions and cyber offences under the IT Act.

The minimum contact rule essentially establishes that so long as a corporation has a degree of contact
within the State bringing suit, they are subject to the laws of the State and can be sued by and within the
forum state in Court. Precedents have established that minimal, or very few contacts, are still enough to
establish contact. However, the principles of right to fair play and substantial justice come into picture
and thus, it limits the extent of the long arm statute jurisdiction by quite a bit.

In simple terms, the minimum contact may apply so long as it doesn’t interfere with fair play and
substantial justice. This method is usually used to decide whether the long arm statute can be used to
award personal jurisdiction to a certain state for disputes in international systems. The provisions of
 64

section 1(2) when read with section 75 empower the Courts with long arm jurisdiction when absolutely
necessary.

Jurisdiction under the CPC 1908

India, in general, is not yet fully adaptive to new technology and thus, doesn’t consider the same as a fit
mechanism to undertake any legal obligations. As a consequence of the same, only a certain handful of
cases concerning personal Cyber Space Jurisdiction have been decided by superior courts in India. The
approach adopted here is very similar to the minimum contacts approach used in the USA. The exercise
of jurisdiction is regulated by procedural laws.

Jurisdiction under the Indian law is dealt with through the Civil Procedure Code, 1908 for all matters of
civil law. Section 6 of the Act provides for pecuniary jurisdiction while Section 16 provides for subject
matter jurisdiction. Additionally, Section 19 deals with suits for movable property and Section 20 states
where the defendant resides or the cause of action arises, i.e. territorial jurisdiction.

The problem that arises with respect to Section 20 is that while it provides for territorial jurisdiction, it
doesn’t account for parties located in different jurisdictions wherein the medium of communication is in a
different country.

jurisdiction of Indian courts under Information technology Act 2000

Jurisdiction of the Indian courts for disputes relating to the cyber space where the parties are situated in
India is governed under the Information Technology Act, 2000 which has formed special forums to solve
disputes in the cyber space, such as

Adjudicating Officers – They are appointed by the Controller and their function is to decide by the
geographical location as to which jurisdiction will apply to the disputing parties. The hearing officer also
decides as to which party gains an unfair advantage.

Cyber Regulations Appellate Tribunal – This tribunal is set up by the government and the government
decides the matters which would be taken up and also the jurisdiction of the tribunal . It acts as the first
appellate tribunal for any matter from the control board or the adjudicating officers.

High court – The parties can appeal to the high court if they are not satisfied with the decision of the
tribunal within 60 days.

The IT Act ,2000 has complete power to adjudicate and implement its judgement on disputes where both
the parties are of Indian origin .But what happens when one party is of foreign origin? The IT Act is well
applied in extra territorial cases, but is not strong enough to implement its decision on the foreign party.
The court possesses no power to bring the foreign party to India for trial . For example an Indian Citizen’s
credit card has been misused by an American citizen, he then approached the Indian courts for justice .
under the IT Act ,2000 the court does have the extra territorial jurisdiction to adjudicate on this matter but
how effective will it be to bring the American citizen to India to be prosecuted as the IT Act is not
applicable to the American citizen .Consider another scenario in which a particular transaction that A and
B get into is legal for A in A’s country to get into but illegal for B in B’s country to get into? The
 65

availability of several equally capable courts and the difficulty in gathering evidence of location and
existence makes it difficult for Indian courts to gain jurisdiction.