Q. WHAT DO YOU MEAN BY ‘CYBER LAW’?

DISCUSS THE OBJECT

ANS SCOPE OF THE IT ACT, 2000.

ANS- Cyber law is the part of the legal system that deals with the internet,
cyberspace, and their respective legal issues. It covers various topics
such as electronic transactions, digital signatures, cyber crimes, data
protection, intellectual property, and e-commerce. Cyber law also
provides a framework for the regulation and enforcement of digital rights
and obligations. Cyber law is important because it helps to ensure the
security, privacy, and trust of online users and businesses1

Cyber law is the part of the legal system that deals with the internet,
cyberspace, and their respective legal issues. According to the
Information Technology Act, 2000 (IT Act 2000), cyber law in India covers
various aspects of electronic governance, electronic transactions, digital
signatures, cyber crimes, and data protection. The IT Act 2000 also
provides a legal framework for the issuance and regulation of digital
signatures, as well as the establishment of a Controller of Certifying
Authorities and a Cyber Appellate Tribunal. The IT Act 2000 defines
various offences and penalties related to cyber crimes, such as hacking,
data theft, identity theft, obscenity, cyber terrorism, etc. The IT Act 2000
also applies to any offence or contravention committed outside India, if it
involves a computer, computer system, or computer network located in
India1.

The Information Technology Act, 2000 (IT Act 2000) is the primary law in
India that deals with cybercrime and electronic commerce. It was enacted
by the Indian Parliament in 2000 to give legal recognition to electronic
transactions, digital signatures, and electronic governance. It also defines
various offences and penalties related to cybercrime and data protection.
The main objectives of the IT Act 2000 are:

 To provide legal recognition to all transactions done via electronic

exchange of data or other electronic means of communication or e-
commerce, in place of the earlier paper-based method of
communication.
 To give legal recognition to digital signatures for the authentication
of any information or matters requiring legal authentication.
 To facilitate the electronic filing of documents with Government
agencies and also departments.
 To facilitate the electronic storage of data.
 To give legal sanction and also facilitate the electronic transfer of
funds between banks and financial institutions.
 To grant legal recognition to bankers under the Evidence Act, 1891
and the Reserve Bank of India Act, 1934, for keeping the books of
accounts in electronic form.
 To provide a legal framework for the issuance and regulation of
digital signatures, as well as the establishment of a Controller of
Certifying Authorities and a Cyber Appellate Tribunal.
 To define various offences and penalties related to cyber crimes,
such as hacking, data theft, identity theft, obscenity, cyber terrorism,
etc.
 To apply to any offence or contravention committed outside India, if
it involves a computer, computer system, or computer network
located in India.

The scope of the IT Act 2000 covers various aspects of electronic

governance, electronic transactions, digital signatures, cyber crimes, and
data protection. The Act is divided into 13 chapters and 4 schedules. It
has 94 sections and 4 amendments. The Act covers the following topics:
  Authentication of electronic records and digital signatures
 Appointment, powers, and functions of the Controller of Certifying
Authorities
 Establishment, composition, jurisdiction, and powers of the Cyber
Appellate Tribunal
 Offences and penalties under the Act
 Intermediaries and their liabilities
 Powers of the government to intercept, monitor, or decrypt any
information generated, transmitted, received, or stored in any
computer resource
 Powers of the police to search and seize any computer, computer
system, or computer network, or any data or information stored
therein, without a warrant
 Powers of the government to block any information or website in the
interest of sovereignty, integrity, defence, security, or public order
 Protection of personal information and sensitive personal data or
information
 Compensation in the case of failure to protect data
 Due diligence and guidelines for intermediaries
 Cyber security and cyber security incidents
 Miscellaneous provisions
The IT Act 2000 has been amended twice, in 2008 and 2015. The
amendment of 2008 introduced some new provisions and modified some
existing provisions. The amendment of 2015 was introduced as a bill, but
it lapsed due to the dissolution of the Lok Sabha. The bill proposed some
changes, such as expanding the definition of communication device,
computer network, cyber security, personal information, and sensitive
personal data or information, and increasing the amount of compensation
in the case of failure to protect data.
Q. EXPLAIN THE FOLLOWING FOR THE PURPOSES OF SECTION 43
OF INFORMATION TECHNOLOGY ACT_:
(A) COMPUTER CONTAMINANT;
ANS- According to section 43 of the Information Technology Act, 2000, a
computer contaminant is any set of computer instructions that are
designed to modify, destroy, record, transmit data or program residing
within a computer, computer system or computer network, or to usurp the
normal operation of the computer, computer system, or computer network.
A computer contaminant can also be called a computer virus, malware, or
worm. A person who introduces or causes to be introduced any computer
contaminant into any computer, computer system or computer network
without permission of the owner or any other person who is in charge of
it, is liable to pay damages by way of compensation to the person so
affected1

A computer contaminant is a term used in the Information Technology Act,

2000 (IT Act 2000) to describe any set of computer instructions that are
designed to modify, destroy, record, transmit data or program residing
within a computer, computer system or computer network, or to usurp the
normal operation of the computer, computer system, or computer network.
A computer contaminant can also be called a computer virus, malware, or
worm. A computer contaminant can cause various harms to the computer,
such as:

 Corrupting or deleting files or data

 Displaying unwanted messages or images
 Stealing or leaking confidential or sensitive information
 Damaging or slowing down the performance or functionality of the
computer
 Hijacking or controlling the computer for malicious purposes
  Spreading to other computers or networks

Section 43 of the IT Act 2000 deals with the civil liability for damage to
computer, computer system, etc. It provides that if any person without
permission of the owner or any other person who is in charge of a
computer, computer system or computer network, does any of the
following acts, he shall be liable to pay damages by way of compensation
to the person so affected:
 Accesses or secures access to such computer, computer system or
computer network
 Downloads, copies or extracts any data, computer database or
information from such computer, computer system or computer
network
 Introduces or causes to be introduced any computer contaminant or
computer virus into any computer, computer system or computer
network
 Damages or causes to be damaged any computer, computer
system or computer network, data, computer database or any other
programmes residing in such computer, computer system or
computer network
 Disrupts or causes disruption of any computer, computer system or
computer network
 Denies or causes the denial of access to any person authorised to
access any computer, computer system or computer network by any
means
 Provides any assistance to any person to facilitate access to a
computer, computer system or computer network in contravention
of the provisions of this Act, rules or regulations made thereunder
  Charges the services availed of by a person to the account of
another person by tampering with or manipulating any computer,
computer system, or computer network
 Destroys, deletes or alters any information residing in a computer
resource or diminishes its value or utility or affects it injuriously by
any means
 Steals, conceals, destroys or alters or causes any person to steal,
conceal, destroy or alter any computer source code used for a
computer resource with an intention to cause damage

(B) COMPUTER DATABASE

ANS-: A computer database, for the purposes of section 43 of the
Information Technology Act, 2000, is a representation of information,
knowledge, facts, concepts, or instructions in text, image, audio, video that
are being prepared or have been prepared in a formalized manner or have
been produced by a computer, computer system, or computer network
and are intended for use in a computer, computer system, or computer
network12

A computer database, in accordance with section 43 of the Information

Technology Act, 2000 (IT Act 2000), is a collection of data or information
that is organized and stored in a computer, computer system, or computer
network, and that can be accessed, manipulated, or processed by a
computer program or a user. A computer database can contain various
types of data or information, such as text, image, audio, video, facts,
concepts, or instructions. A computer database can be used for various
purposes, such as storing, retrieving, updating, analyzing, or displaying
data or information.
Section 43 of the IT Act 2000 is a civil provision that imposes liability and
compensation for damage to computer, computer system, etc. It states
that if any person without permission of the owner or any other person
who is in charge of a computer, computer system, or computer network,
does any of the following acts, he shall be liable to pay damages by way
of compensation to the person so affected:
 Accesses or secures access to such computer, computer system,
or computer network or computer resource
 Downloads, copies, or extracts any data, computer database, or
information from such computer, computer system, or computer
network, including information or data held or stored in any
removable storage medium
 Introduces or causes to be introduced any computer contaminant or
computer virus into any computer, computer system, or computer
network
 Damages or causes to be damaged any computer, computer
system, or computer network, data, computer database, or any
other programs residing in such computer, computer system, or
computer network
 Disrupts or causes disruption of any computer, computer system, or
computer network
 Denies or causes the denial of access to any person authorized to
access any computer, computer system, or computer network by
any means
 Provides any assistance to any person to facilitate access to a
computer, computer system, or computer network in contravention
of the provisions of this Act, rules, or regulations made thereunder
 Charges the services availed of by a person to the account of
another person by tampering with or manipulating any computer,
computer system, or computer network
  Destroys, deletes, or alters any information residing in a computer
resource or diminishes its value or utility or affects it injuriously by
any means
 Steals, conceals, destroys, or alters or causes any person to steal,
conceal, destroy, or alter any computer source code used for a
computer resource with an intention to cause damage

The amount of compensation that can be claimed by the affected person

under section 43 is up to one crore rupees. The affected person can make
an application to the adjudicating officer appointed by the Central
Government under section 46 of the Act for claiming such compensation.
The adjudicating officer has the power to hold an inquiry and pass an order
for awarding compensation after giving an opportunity of hearing to both
parties. The order of the adjudicating officer can be appealed to the Cyber
Appellate Tribunal under section 57 of the Act. The order of the Cyber
Appellate Tribunal can be appealed to the High Court under section 62 of
the Act.
Section 43 of the IT Act 2000 is a civil remedy for the victims of damage
to computer, computer system, etc. It does not provide any criminal
liability or punishment for the perpetrators of such acts. However, section
66 of the Act provides for the criminal liability and punishment for hacking
with computer system, which includes introducing or causing to be
introduced any computer contaminant or computer virus into any
computer, computer system, or computer network. The punishment for
hacking with computer system is imprisonment up to three years, or fine
up to five lakh rupees, or both.
(C) COMPUTER VIRUS;
ANS-: A computer virus, in accordance with section 43 of the Information
Technology Act, 2000 (IT Act 2000), is any computer instruction,
information, data, or program that destroys, damages, degrades, or
adversely affects the performance of a computer resource or attaches
itself to another computer resource and operates when a program, data,
or instruction is executed or some other event takes place in that computer
resource1

A computer virus can cause various harms to the computer, such as:

 Corrupting or deleting files or data

 Displaying unwanted messages or images
 Stealing or leaking confidential or sensitive information
 Damaging or slowing down the performance or functionality of the
computer
 Hijacking or controlling the computer for malicious purposes
 Spreading to other computers or networks

Section 43 of the IT Act 2000 is a civil provision that imposes liability and
compensation for damage to computer, computer system, etc. It states
that if any person without permission of the owner or any other person
who is in charge of a computer, computer system, or computer network,
does any of the following acts, he shall be liable to pay damages by way
of compensation to the person so affected:
 Accesses or secures access to such computer, computer system,
or computer network or computer resource
 Downloads, copies, or extracts any data, computer database, or
information from such computer, computer system, or computer
 network, including information or data held or stored in any
removable storage medium
 Introduces or causes to be introduced any computer contaminant or
computer virus into any computer, computer system, or computer
network
 Damages or causes to be damaged any computer, computer
system, or computer network, data, computer database, or any
other programs residing in such computer, computer system, or
computer network
 Disrupts or causes disruption of any computer, computer system, or
computer network
 Denies or causes the denial of access to any person authorized to
access any computer, computer system, or computer network by
any means
 Provides any assistance to any person to facilitate access to a
computer, computer system, or computer network in contravention
of the provisions of this Act, rules, or regulations made thereunder
 Charges the services availed of by a person to the account of
another person by tampering with or manipulating any computer,
computer system, or computer network
 Destroys, deletes, or alters any information residing in a computer
resource or diminishes its value or utility or affects it injuriously by
any means
 Steals, conceals, destroys, or alters or causes any person to steal,
conceal, destroy, or alter any computer source code used for a
computer resource with an intention to cause damage
The amount of compensation that can be claimed by the affected person
under section 43 is up to one crore rupees. The affected person can make
an application to the adjudicating officer appointed by the Central
Government under section 46 of the Act for claiming such compensation.
The adjudicating officer has the power to hold an inquiry and pass an order
for awarding compensation after giving an opportunity of hearing to both
parties. The order of the adjudicating officer can be appealed to the Cyber
Appellate Tribunal under section 57 of the Act. The order of the Cyber
Appellate Tribunal can be appealed to the High Court under section 62 of
the Act.
Section 43 of the IT Act 2000 is a civil remedy for the victims of damage
to computer, computer system, etc. It does not provide any criminal
liability or punishment for the perpetrators of such acts. However, section
66 of the Act provides for the criminal liability and punishment for hacking
with computer system, which includes introducing or causing to be
introduced any computer contaminant or computer virus into any
computer, computer system, or computer network. The punishment for
hacking with computer system is imprisonment up to three years, or fine
up to five lakh rupees, or both.

(D) COMPUTER SOURCE CODE.

ANS-: A computer source code, in accordance with section 43 of the
Information Technology Act, 2000 (IT Act 2000), is the listing of
programmes, procedures, algorithms and its associated documentation
pertaining to the operation of a computer resource and includes a
computer programme

A computer source code is the original and human-readable form of a

computer program that can be compiled or interpreted into an executable
form by a computer. A computer source code can be written in various
programming languages, such as C, Java, Python, etc. A computer
source code can perform various functions, such as creating applications,
websites, games, etc.
Section 43 of the IT Act 2000 is a civil provision that imposes liability and
compensation for damage to computer, computer system, etc. It states
that if any person without permission of the owner or any other person
who is in charge of a computer, computer system, or computer network,
does any of the following acts, he shall be liable to pay damages by way
of compensation to the person so affected:

 Accesses or secures access to such computer, computer system,

or computer network or computer resource
 Downloads, copies, or extracts any data, computer database, or
information from such computer, computer system, or computer
network, including information or data held or stored in any
removable storage medium
 Introduces or causes to be introduced any computer contaminant or
computer virus into any computer, computer system, or computer
network
 Damages or causes to be damaged any computer, computer
system, or computer network, data, computer database, or any
other programs residing in such computer, computer system, or
computer network
 Disrupts or causes disruption of any computer, computer system, or
computer network
 Denies or causes the denial of access to any person authorized to
access any computer, computer system, or computer network by
any means
  Provides any assistance to any person to facilitate access to a
computer, computer system, or computer network in contravention
of the provisions of this Act, rules, or regulations made thereunder
 Charges the services availed of by a person to the account of
another person by tampering with or manipulating any computer,
computer system, or computer network
 Destroys, deletes, or alters any information residing in a computer
resource or diminishes its value or utility or affects it injuriously by
any means
 Steals, conceals, destroys, or alters or causes any person to steal,
conceal, destroy, or alter any computer source code used for a
computer resource with an intention to cause damage
The amount of compensation that can be claimed by the affected person
under section 43 is up to one crore rupees. The affected person can make
an application to the adjudicating officer appointed by the Central
Government under section 46 of the Act for claiming such compensation.
The adjudicating officer has the power to hold an inquiry and pass an order for
awarding compensation after giving an opportunity of hearing to both parties.
The order of the adjudicating officer can be appealed to the Cyber Appellate
Tribunal under section 57 of the Act. The order of the Cyber Appellate Tribunal
can be appealed to the High Court under section 62 of the Act.
Section 43 of the IT Act 2000 is a civil remedy for the victims of damage to
computer, computer system, etc. It does not provide any criminal liability or
punishment for the perpetrators of such acts. However, section 66 of the Act
provides for the criminal liability and punishment for hacking with computer
system, which includes introducing or causing to be introduced any computer
contaminant or computer virus into any computer, computer system, or
computer network. The punishment for hacking with computer system is
imprisonment up to three years, or fine up to five lakh rupees, or both.
Q. DEFINE CYBER TERRORISM. WHETHER PERPETRATORS OF 26/
11 ATTACK AT TRIDENT HOTEL AND TAJ HOTEL IN 2008 FALL
UNDER THE DEFINITION OF CYBER TERRORISM? EXPLAIN.
ANS-: Cyber terrorism is a term used to describe the use of cyber space
to cause harm to the general public and disrupt the integrity and
sovereignty of the target country. Cyber space refers to the electronic
medium or the interconnected network of computers. Cyber terrorism can
involve various acts, such as hacking, introducing viruses, stealing or
leaking sensitive information, damaging or destroying databases, or
controlling computers for malicious purposes.
According to section 66F of the Information Technology Act, 2000 (IT Act
2000), cyber terrorism is defined as any act by any person with an intent
to threaten the unity, integrity, security, or sovereignty of India or to strike
terror in the people or any section of the people by way of disrupting the
authorised access to a computer resource or getting access to a computer
resource through unauthorised means or causing damage to computer
network. It also includes any act of obtaining access to restricted
information or data that is related to the security of the state or foreign
relations, or that can be used to injure the interests of the nation or any
person. The punishment for cyber terrorism is imprisonment for life
The perpetrators of the 26/11 attack at Trident Hotel and Taj Hotel in 2008
can be considered as cyber terrorists, as they used cyber space to
facilitate their attack and cause terror in the people. They used various
methods, such as:
 Using Voice over Internet Protocol (VoIP) to communicate with each
other and their handlers in Pakistan. VoIP is a technology that allows
voice communication over the internet. The attackers used VoIP to
avoid detection and interception by the security agencies. They also
used fake identities and IP addresses to make the calls
  Using Global Positioning System (GPS) devices to navigate their
way to Mumbai from Karachi. GPS is a technology that uses
satellites to provide location and time information. The attackers
used GPS devices to find their targets and plan their routes
 Using Google Earth and Google Maps to study the layout and
structure of the hotels and other locations. Google Earth and Google
Maps are online services that provide satellite imagery and maps of
the earth. The attackers used these services to familiarize
themselves with the terrain and the surroundings of their targets
 Using mobile phones and internet to send and receive information
and instructions. The attackers used mobile phones and internet to
coordinate their actions and receive updates from their handlers.
They also used mobile phones to trigger the explosives that they
had planted in various places
These methods show that the attackers used cyber space to cause
damage and disruption to the computer network, data, and information of
the target country, and to obtain access to restricted information that was
related to the security of the state. They also used cyber space to strike
terror in the people and threaten the unity, integrity, and sovereignty of
India. Therefore, they can be classified as cyber terrorists under the
definition of section 66F of the IT Act 2000.
Q. WHEN THE INFORMATION TECHNOLOGY ACT, 2000 SHALL BE
APPLIED FOR OFFENCE OR CONTRAVENTION COMMITTED
OUTSIDE INDIA?
ANS-: The Information Technology Act, 2000 (IT Act 2000) is the primary
law in India that deals with cybercrime and electronic commerce. It was
enacted by the Indian Parliament in 2000 to give legal recognition to
electronic transactions, digital signatures, and electronic governance. It
also defines various offences and penalties related to cybercrime and data
protection.
Section 1 (2) along with Section 75, specifies that the IT Act 2000 shall
apply to any offence or contravention committed outside India as well. If
the conduct of person constituting the offence involves a computer,
computer system, or computer network located in India, then irrespective
of his/her nationality, the person is punishable under the Act.
This means that the IT Act 2000 has extra-territorial jurisdiction and can
be invoked to prosecute any person who commits a cybercrime that
affects the computer, computer system, or computer network located in
India, even if the person is not physically present in India or is a foreign
national. This provision is intended to protect the sovereignty, integrity,
security, and public order of India from any cyber threats or attacks
originating from outside India
Some examples of cybercrimes that can be prosecuted under the IT Act
2000 even if they are committed outside India are:
 Hacking or accessing a computer, computer system, or computer
network located in India without authorization or permission, and
causing damage, deletion, alteration, or diminution of value or utility
of any information residing therein. (Section 43 and 66)
 Publishing or transmitting any obscene, lascivious, or prurient
material in electronic form that tends to deprave or corrupt the
 morals of any person, or any material containing sexually explicit act
or conduct, or any material depicting children in sexually explicit act
or conduct, through a computer, computer system, or computer
network located in India. (Section 67, 67A, and 67B)
 Breaching the confidentiality or privacy of any information obtained
by a person in the course of performing any function under the IT
Act 2000, or by a person who has secured access to any electronic
record, book, register, correspondence, information, document, or
other material under the IT Act 2000, and disclosing such
information without the consent of the person concerned, through a
computer, computer system, or computer network located in India.
(Section 72)
 Accessing or causing to be accessed a computer, computer system,
or computer network located in India, or introducing or causing to be
introduced any computer contaminant or computer virus into any
computer, computer system, or computer network located in India,
with the intent to threaten the unity, integrity, security, or sovereignty
of India, or to strike terror in the people or any section of the people,
or to cause death or injuries to persons or damage to property, or to
disrupt or damage any essential service, or to compel the
government or any person to do or abstain from doing any act.
(Section 66F)
Q. WHAT DO YOU UNDERSTAND BY 'DIGITAL SIGNATURE' AND
'ELECTRONIC SIGNATURE'?
ANS-: A digital signature and an electronic signature are two different
ways of authenticating an electronic record or document. According to the
Information Technology Act, 2000 (IT Act 2000), a digital signature means
an authentication of any electronic record by a subscriber by means of an
electronic method or procedure in accordance with the provisions of
section 3 of the Act. An electronic signature means authentication of any
electronic record by a subscriber by means of the electronic technique
specified in the second schedule and includes a digital signature.
A digital signature is a type of electronic signature that uses a
mathematical algorithm to generate a unique code or hash value that is
attached to the electronic record. The hash value is derived from the
content of the electronic record and the private key of the signer. The
private key is a secret and secure code that only the signer knows and
controls. The hash value and the public key of the signer are then
combined to form the digital signature. The public key is a code that is
publicly available and can be used to verify the identity of the signer and
the integrity of the electronic record. The public key and the private key
are mathematically related, but it is impossible to derive the private key
from the public key.
An electronic signature is a broader term that covers any electronic
technique that indicates the intention of a person to agree to the content
of an electronic record. An electronic signature can be any symbol, sound,
or process that is logically associated with the electronic record and
executed or adopted by the person with the intention of signing. For
example, an electronic signature can be a scanned image of a handwritten
signature, a typed name, a click on an “I agree” button, a biometric
identifier, or a digital signature.
The IT Act 2000 provides legal recognition to both digital signatures and
electronic signatures, subject to certain conditions and procedures.
Section 5 of the Act states that where any law requires a signature or
provides that a document shall be signed, such requirement or provision
shall be deemed to have been satisfied if the document is authenticated
by means of a secure electronic signature. A secure electronic signature
is defined as an electronic signature that is affixed using a secure
electronic signature device and satisfies the prescribed security
conditions. A secure electronic signature device is defined as any
hardware, software, or device that is capable of creating a secure
electronic signature and is approved by the Central Government.
Section 3 of the Act deals with the authentication of electronic records by
means of digital signatures. It provides that any subscriber may
authenticate an electronic record by affixing his digital signature. It also
provides that any person may verify an electronic record by using the
public key of the subscriber. The subscriber is the person who has
generated the key pair and obtained a digital signature certificate from a
certifying authority. A certifying authority is a person who has been
granted a license to issue digital signature certificates under the Act. A
digital signature certificate is an electronic record that certifies the identity
of the subscriber and contains his public key and other details.
Section 15 of the Act deals with the authentication of electronic records
by means of electronic signatures other than digital signatures. It provides
that the Central Government may prescribe the manner and format in
which an electronic signature shall be affixed, the procedure for identifying
the person affixing the electronic signature, the procedure for ascertaining
the integrity of the electronic record or document to which the electronic
signature is affixed, and the procedure for storing and verifying the
electronic signature. The Central Government may also prescribe the
appropriate security procedures and standards for ensuring secure use of
electronic signatures.
The IT Act 2000 aims to provide a legal framework for the use and
recognition of electronic records and signatures in India. It also aims to
promote the development of e-commerce and e-governance and to
prevent and punish cyber crimes.

Q. DISCUSS THE LIABILITIES OF SUBSCRIBERS AND USERS OF

THE DIGITAL SIGNATURE & ELECTRONIC SIGNATURE.
ANS-: A digital signature and an electronic signature are two different
ways of authenticating an electronic record or document. According to the
Information Technology Act, 2000 (IT Act 2000), a digital signature means
an authentication of any electronic record by a subscriber by means of an
electronic method or procedure in accordance with the provisions of
section 3 of the Act. An electronic signature means authentication of any
electronic record by a subscriber by means of the electronic technique
specified in the second schedule and includes a digital signature1
The IT Act 2000 provides legal recognition to both digital signatures and
electronic signatures, subject to certain conditions and procedures. The
Act also imposes certain duties and liabilities on the subscribers and users
of the digital signatures and electronic signatures. Some of the main
provisions are as follows:
 Section 40 of the Act states that the subscriber shall generate the
key pair by applying the security procedure, if he has accepted a
digital signature certificate, the public key of which corresponds to
the private key of the subscriber. The key pair refers to the private
key and the public key that are used to create and verify the digital
signature. The security procedure refers to the procedure
 prescribed by the Central Government for the secure use of the
digital signature1
 Section 40A of the Act states that the subscriber shall perform such
duties as may be prescribed in respect of the electronic signature
certificate. The electronic signature certificate is an electronic record
that certifies the identity of the subscriber and contains his electronic
signature and other details. The duties of the subscriber may include
ensuring the security and confidentiality of the electronic signature,
informing the certifying authority of any change in the information
contained in the certificate, and complying with the terms and
conditions of the certificate1
 Section 41 of the Act states that by accepting a digital signature
certificate, the subscriber certifies to all who reasonably rely on the
information contained in the certificate that he holds the private key
corresponding to the public key listed in the certificate and is entitled
to hold the same, that all representations made by the subscriber to
the certifying authority and all material relevant to the information
contained in the certificate are true, and that all information in the
certificate that is within the knowledge of the subscriber is true. The
subscriber shall be deemed to have accepted a digital signature
certificate if he publishes or authorizes the publication of the
certificate to one or more persons, in a repository, or otherwise
demonstrates his approval of the certificate in any manner
 Section 42 of the Act states that the subscriber shall exercise
reasonable care to retain control of the private key corresponding to
the public key listed in his digital signature certificate and take all
steps to prevent its disclosure. If the private key has been
compromised, then the subscriber shall communicate the same
without any delay to the certifying authority in such manner as may
 be specified by the regulations. The subscriber shall be liable till he
has informed the certifying authority that the private key has been
compromised1
 Section 43 of the Act states that if any person without permission of
the owner or any other person who is in charge of a computer,
computer system, or computer network, does any of the following
acts, he shall be liable to pay damages by way of compensation to
the person so affected: accessing or securing access to such
computer, computer system, or computer network or computer
resource; downloading, copying, or extracting any data, computer
database, or information from such computer, computer system, or
computer network, including information or data held or stored in
any removable storage medium; introducing or causing to be
introduced any computer contaminant or computer virus into any
computer, computer system, or computer network; damaging or
causing to be damaged any computer, computer system, or
computer network, data, computer database, or any other programs
residing in such computer, computer system, or computer network;
disrupting or causing disruption of any computer, computer system,
or computer network; denying or causing the denial of access to any
person authorized to access any computer, computer system, or
computer network by any means; providing any assistance to any
person to facilitate access to a computer, computer system, or
computer network in contravention of the provisions of this Act,
rules, or regulations made thereunder; charging the services availed
of by a person to the account of another person by tampering with
or manipulating any computer, computer system, or computer
network; destroying, deleting, or altering any information residing in
a computer resource or diminishes its value or utility or affects it
 injuriously by any means; stealing, concealing, destroying, or
altering or causes any person to steal, conceal, destroy, or alter any
computer source code used for a computer resource with an
intention to cause damage.
 Section 44 of the Act states that if any person who is required under
this Act or any rules or regulations made thereunder to furnish any
document, return, or report to the Controller or the Certifying
Authority, fails to furnish the same, he shall be liable to a penalty not
exceeding one lakh and fifty thousand rupees for each such failure1
 Section 45 of the Act states that if any person fails to comply with
any order or direction issued by the Controller or the Certifying
Authority under this Act or any rules or regulations made thereunder,
he shall be liable to pay a penalty not exceeding one lakh and fifty
thousand rupees for each such failure1
 Section 66 of the Act states that if any person, dishonestly or
fraudulently, does any act referred to in section 43, he shall be
punishable with imprisonment for a term which may extend to three
years or with fine which may extend to five lakh rupees or with both1
 Section 66A of the Act states that any person who sends, by means
of a computer resource or a communication device, any information
that is grossly offensive or has menacing character; or any
information which he knows to be false, but for the purpose of
causing annoyance, inconvenience, danger, obstruction, insult,
injury, criminal intimidation, enmity, hatred, or ill will, persistently
makes by making use of such computer resource or a
communication device; or any electronic mail or electronic mail
message for the purpose of causing annoyance or inconvenience or
to deceive or to mislead the addressee or recipient about the origin
 of such messages, shall be punishable with imprisonment for a term
which may extend to three years and with fine1
 Section 66B of the Act states that whoever dishonestly receives or
retains any stolen computer resource or communication device
knowing or having reason to believe the same to be stolen computer
resource or communication device, shall be punished with
imprisonment of either description for a term which may extend to
three years or with fine which may extend to rupees one lakh or with
both
 Section 66C of the Act states that whoever, fraudulently or
dishonestly make use of the electronic signature, password or any
other unique identification feature of any other person, shall be
punished with imprisonment of either description for a term which
may extend to three years and shall also be liable to fine which may
extend to rupees one lakh
 Section 66D of the Act states that whoever, by means of any
communication device or computer resource cheats by personating,
shall be punished with imprisonment of either description for a term
which may extend to three years and shall also be liable to fine
which may extend to one lakh rupees1
 Section 66E of the Act states that whoever, intentionally or
knowingly captures, publishes or transmits the image of a private
area of any person without his or her consent, under circumstances
violating the privacy of that person, shall be punished with
imprisonment which may extend to three years or with fine not
exceeding two lakh rupees, or with both1
 Section 66F of the Act states that whoever, with the intent to
threaten the unity, integrity, security or sovereignty of India or to
strike terror in the people or any section of the people by denying or
 cause the denial of access to any person authorised to access
computer resource; or attempting to penetrate or access a computer
resource without authorisation or exceeding authorised access; or
introducing or causing to be introduced any computer contaminant
or computer virus into any computer resource; or damaging or
causing to be damaged any computer resource, data, database or
any other programmes residing in a computer resource; or
disrupting or causing disruption of any computer resource; or
stealing, concealing, destroying or altering or causing any person to
steal, conceal, destroy or alter any computer source code used for
a computer resource with an intention to cause damage, shall be
punishable with imprisonment which may extend to imprisonment
for life1
 Section 67 of the Act states that whoever publishes or transmits or
causes to be published or transmitted in the electronic form, any material
which is lascivious or appeals to the prurient interest or if its effect is such
as to tend to deprave and corrupt persons who are likely, having regard
to all relevant circumstances, to read, see or hear the matter contained
or embodied in it, shall be punished on first conviction with imprisonment
of either description for a term which may extend to three years and with
fine which may extend to five lakh rupees and in the event of second or
subsequent conviction with imprisonment of either description for a term
which may extend to five years and also with fine which may extend to
ten lakh rupees1
 Section 67A of the Act states that whoever publishes or transmits or
causes to be published or transmitted in the electronic form any material
which contains sexually explicit act or conduct shall be punished on first
conviction with imprisonment of either description for a term which may
extend to five years and with fine which may extend to ten lakh rupees
and in the event of second or subsequent
Q. DISCUSS THE SCOPE OF SECTION 66E OF INFORMATION
TECHNOLOGY ACT, 2000?
ANS-: Section 66E of the Information Technology Act, 2000 (IT Act 2000)
is a provision that deals with the punishment for violation of privacy. It
states that whoever, intentionally or knowingly captures, publishes or
transmits the image of a private area of any person without his or her
consent, under circumstances violating the privacy of that person, shall
be punished with imprisonment which may extend to three years or with
fine not exceeding two lakh rupees, or with both
The scope of section 66E covers the following aspects:
 The act of capturing, publishing, or transmitting the image of a
private area of any person. A private area means the naked or
undergarment clad genitals, pubic area, buttocks, or female breast.
An image means any visual representation of a person, whether in
the form of a photograph, video, film, or any other electronic or
digital medium
 The requirement of consent of the person whose image is captured,
published, or transmitted. Consent means the voluntary agreement
of the person to the act of capturing, publishing, or transmitting his
or her image. Consent can be express or implied, but it must be
clear and unambiguous. Consent can also be withdrawn at any time
 The circumstances violating the privacy of the person whose image
is captured, published, or transmitted. Privacy means the right of a
person to be free from unwanted or unwarranted intrusion into his
or her personal life or affairs. Circumstances violating privacy
means circumstances in which a person can have a reasonable
expectation that his or her private area will not be captured,
published, or transmitted by another person. Such circumstances
may depend on various factors, such as the location, time, nature,
 and purpose of the act, the relationship between the parties, the
consent or objection of the person, and the public or private nature
of the image
 The intention or knowledge of the person who captures, publishes,
or transmits the image of a private area of any person. Intention
means the conscious or deliberate desire or plan to do the act.
Knowledge means the awareness or belief that the act will result in
the violation of privacy of the person. Intention or knowledge can be
inferred from the facts and circumstances of the case, such as the
motive, conduct, or behaviour of the person
Section 66E aims to protect the dignity, reputation, and personal liberty of
a person from any unauthorized or unlawful invasion of his or her privacy
by means of capturing, publishing, or transmitting his or her image. It also
aims to deter and punish any person who engages in such acts with the
intent or knowledge to cause harm, distress, or humiliation to the person.
Section 66E is applicable to any person who commits the offence,
irrespective of his or her nationality, location, or medium of
communication.

Q. WHEN TELEMARKETERS' CAN BE HELD LIABLE U/S 66A OF THE

IT ACT, 2000?
ANS-: Telemarketers can be held liable under section 66A of the IT Act,
2000, if they send offensive messages through communication devices
and computers, without the consent of the recipients. Section 66A defines
the punishment for sending “offensive” messages through a computer or
any other communication device like a mobile phone or a tablet. A
conviction can fetch a maximum of three years in jail and a fine.
Offensive messages include any information that is grossly offensive or
has menacing character; or any information which the sender knows to be
false, but for the purpose of causing annoyance, inconvenience, danger,
obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will,
persistently by making use of such computer resource or a communication
device; or any electronic mail or electronic mail message for the purpose
of causing annoyance or inconvenience or to deceive or to mislead the
addressee or recipient about the origin of such messages.
Telemarketers who send unsolicited calls, SMS, or emails to the
customers, without their prior permission or in violation of the regulations
issued by the Telecom Regulatory Authority of India (TRAI), can be
considered as sending offensive messages under section 66A. Such
messages can cause annoyance, inconvenience, or deception to the
customers, and can also violate their privacy and dignity. Therefore,
telemarketers can be prosecuted under section 66A, if the customers file
a complaint against them.

Q. DISCUSS THE LIABILITIES OF INTERMEDIARY UNDER THE IT

ACT, 2000.
ANS-: An intermediary is a person who receives, stores, or transmits any
electronic record or provides any service related to such record on behalf
of another person. Intermediaries include internet service providers, web-
hosting service providers, search engines, social media platforms, e-
commerce sites, and cyber cafes.
The IT Act, 2000 provides a conditional immunity to intermediaries from
liability for any third party information, data, or communication link made
available or hosted by them. This immunity is subject to the following
conditions:
 The intermediary does not initiate, select, modify, or alter the
information contained in the transmission.
  The intermediary observes due diligence while discharging its duties
and follows the guidelines issued by the Central Government.
 The intermediary does not conspire, abet, aid, or induce the
commission of an unlawful act.
The intermediary is required to take down any unlawful content upon
receiving actual knowledge or a court order or a notification from the
appropriate government authority. The intermediary is also required to
preserve such information and associated records for at least 90 days for
investigation purposes.
The intermediary is liable to pay damages or compensation or face
imprisonment or fine if it fails to comply with any of the above conditions
or any other provision of the IT Act, 2000 or any rules or regulations made
thereunder. Some of the offences for which an intermediary can be held
liable are:
 Hacking, identity theft, cheating by personation, violation of privacy,
cyber terrorism, publishing or transmitting obscene or sexually
explicit material in electronic form.
 Failing to furnish any document, return, or report to the Controller or
the Certifying Authority.
 Failing to comply with any order or direction issued by the Controller
or the Certifying Authority.
Q. DISCUSS THE NATIONAL AND INTERNATIONAL LEGAL
INSTRUMENTS FOR PREVENTING AND COMBATING CHILD
OBSCENITY IN CYBER SPACE.
ANS-: Child obscenity in cyber space is a serious and global problem that
involves the production, distribution, and consumption of child
pornography and other forms of sexual exploitation of children through the
internet and other digital technologies. Child obscenity in cyber space
violates the rights and dignity of children and exposes them to physical,
psychological, and emotional harm. It also poses a challenge to the law
enforcement and judicial authorities, as it transcends national boundaries
and jurisdictions.
To prevent and combat child obscenity in cyber space, various national
and international legal instruments have been adopted and implemented
by different countries and organizations. Some of the major legal
instruments are:
 The Convention on the Rights of the Child (CRC), adopted by the
United Nations in 1989, is the most comprehensive and widely
ratified international treaty on the rights of children. It recognizes the
right of every child to be protected from all forms of sexual
exploitation and abuse, including child pornography. It also obliges
the states parties to take all appropriate measures to prevent and
punish such acts, and to assist and rehabilitate the victims.
 The Optional Protocol to the Convention on the Rights of the Child
on the Sale of Children, Child Prostitution and Child Pornography
(OPSC), adopted by the United Nations in 2000, is a specific
instrument that supplements and strengthens the CRC. It defines
child pornography as any representation of a child engaged in real
or simulated sexual activities or any representation of the sexual
parts of a child for primarily sexual purposes. It also requires the
 states parties to criminalize the production, distribution,
dissemination, import, export, offering, selling, or possessing of
child pornography, and to ensure the prosecution and punishment
of the offenders. It also calls for the protection and assistance of the
victims, and the cooperation among the states parties to prevent and
combat child obscenity in cyber space.
 The Convention on Cybercrime, also known as the Budapest
Convention, adopted by the Council of Europe in 2001, is the first
international treaty on crimes committed via the internet and other
computer networks. It aims to harmonize the national laws and
enhance the cooperation among the states parties in the
investigation and prosecution of cybercrimes, including child
pornography. It defines child pornography as any material that
visually depicts a minor engaged in sexually explicit conduct, or a
person appearing to be a minor engaged in such conduct, or realistic
images representing a minor engaged in such conduct. It also
obliges the states parties to adopt such legislative and other
measures as may be necessary to establish as criminal offences the
production, offering, distribution, procurement, and possession of
child pornography, and to ensure the seizure and confiscation of
such material.
 The Convention on the Protection of Children against Sexual
Exploitation and Sexual Abuse, also known as the Lanzarote
Convention, adopted by the Council of Europe in 2007, is the first
international treaty that addresses all forms of sexual violence
against children, including child pornography. It requires the states
parties to criminalize the solicitation of children for sexual purposes,
the production and possession of child pornography, and the
knowingly obtaining access to child pornography through
 information and communication technologies. It also provides for the
protection and assistance of the victims, the prevention and
awareness-raising measures, and the international cooperation and
coordination among the states parties.
 The WePROTECT Global Alliance, launched in 2014, is a global
movement that brings together governments, international
organizations, civil society, and the private sector to end the online
sexual exploitation of children. It aims to enhance the national and
global response to child obscenity in cyber space, by developing
and implementing a global strategic framework, mobilizing
resources and political will, and supporting innovative and effective
initiatives and partnerships. It also promotes the adoption and
implementation of the Model National Response, a comprehensive
and coordinated approach that covers the areas of legislation and
policy, criminal justice, victim services, prevention and education,
and industry and technology.
Q. WHAT IS A DOMAIN NAME'? WHAT ARE THE COMPONENTS OF
A DOMAIN NAME'? HOW ARE 'DOMAIN NAME' DIFFERENT
FROM 'TRADE MARKS'?
ANS-: A domain name is a user-friendly form of an internet address that
is used to identify and locate websites. A domain name consists of two or
more parts, separated by dots, such as www.bing.com. The rightmost part
is called the top-level domain (TLD), which indicates the category or the
country of the website, such as .com, .org, .in, etc. The second-level
domain (SLD) is the name chosen by the owner of the website, such as
bing, google, amazon, etc. The SLD and the TLD together form the
domain name, which is unique and registered in the Domain Name
System (DNS). The DNS is a global database that maps domain names
to their corresponding Internet Protocol (IP) addresses, which are
numerical identifiers of the web servers that host the websites.
The IT Act, 2000 does not explicitly define or regulate domain names. It
also does not address the issues relating to domain name disputes and
cybersquatting. However, domain names can be considered as
trademarks under the Trade Marks Act, 1999, if they are used in relation
to the goods or services of the owner and they have acquired
distinctiveness and reputation among the consumers. Domain names can
also be registered as trademarks under the Trade Marks Act, 1999, if they
meet the criteria of being distinctive, non-descriptive, and not conflicting
with any existing trademark. Domain names that are descriptive, generic,
or common are not eligible for trademark protection
Domain name disputes and cybersquatting can be resolved by invoking
the principles of passing off and infringement under the Trade Marks Act,
1999, or by following the Uniform Domain Name Dispute Resolution Policy
(UDRP) adopted by the Internet Corporation for Assigned Names and
Numbers (ICANN), which is the organization that oversees the domain
name system. The UDRP is a quick and cost-effective mechanism that
allows the trademark owners to file a complaint against the domain name
registrants who have registered or used a domain name in bad faith, and
to seek the transfer or cancellation of the domain name. The UDRP
proceedings are conducted by independent arbitration panels appointed
by ICANN-accredited dispute resolution service providers.
Here is a table that summarizes the difference between domain name
and trademark in reference to the IT Act, 2000:

Domain Name Trademark

A mark that is used to

A user-friendly form of an internet
distinguish the goods or
address that is used to identify and
services of one person from
locate websites.
those of others.

Not explicitly defined or regulated Defined and regulated by

by the IT Act, 2000. the Trade Marks Act, 1999.

Can be considered as trademarks Can be registered as

if they are used in relation to the trademarks if they meet the
goods or services of the owner and criteria of being distinctive,
they have acquired distinctiveness non-descriptive, and not
and reputation among the conflicting with any existing
consumers. trademark.

Cannot be descriptive,
Can be descriptive, generic, or
generic, or common, and
common, and thus not eligible for
must be capable of being
trademark protection.
represented graphically.

Have a territorial scope and

Have a global scope and
jurisdiction, and are valid
jurisdiction, and can be accessed
only in the country or region
from anywhere in the world.
where they are registered.
Domain Name Trademark

Subject to different rules and

Governed by the national
regulations of the Domain Name
laws and the international
System (DNS) and the Internet
treaties on intellectual
Corporation for Assigned Names
property rights.
and Numbers (ICANN).
Q. DEFINE THE FOLLOWING:

(I) ASYMMETRIC CRYPTO SYSTEM

Ans- An asymmetric crypto system is a system of encryption and
decryption that uses two different keys: a public key and a private key.
The public key is known to everyone and can be used to encrypt
messages, while the private key is known only to the owner and can be
used to decrypt messages. The public key and the private key are
mathematically related, but it is computationally infeasible to derive one
from the other. An asymmetric crypto system can also be used to create
and verify digital signatures, which are electronic proofs of the
authenticity and integrity of a message
The Information Technology Act, 2000 (IT Act 2000) is the primary law in
India that deals with cybercrime and electronic commerce. It was
enacted by the Indian Parliament in 2000 to give legal recognition to
electronic transactions, digital signatures, and electronic governance. It
also defines various offences and penalties related to cybercrime and
data protection
The IT Act 2000 defines an asymmetric crypto system as a system of a
secure key pair consisting of a private key for creating a digital signature
and a public key to verify the digital signature. A digital signature is an
authentication of any electronic record by a subscriber by means of an
electronic method or procedure in accordance with the provisions of
section 3 of the Act. A secure key pair means a key pair used to create a
digital signature, where the private key is capable of creating a digital
signature and the public key is capable of verifying the digital signature
The IT Act 2000 also provides for the regulation of certifying authorities,
who are persons who have been granted a license to issue digital
signature certificates under the Act. A digital signature certificate is an
electronic record that certifies the identity of the subscriber and contains
his public key and other details. The certifying authorities are
responsible for verifying the identity and credentials of the subscribers,
issuing and renewing the digital signature certificates, maintaining a
database of the certificates, and ensuring the compliance of the Act and
the rules and regulations made thereunder. The certifying authorities are
also subject to the supervision and control of the Controller of Certifying
Authorities, who is appointed by the Central Government and has the
power to grant, suspend, or revoke the licenses of the certifying
authorities

(II) E-CONTRACT
ANS-: An e-contract is a contract that is formed and executed through
electronic means, such as email, website, or mobile application. An e-
contract can be used to facilitate various types of transactions, such as
online shopping, booking services, or subscribing to digital platforms. An
e-contract can also be used to create and exchange digital documents,
such as invoices, receipts, or certificates
The IT Act, 2000 is the primary law in India that deals with cybercrime and
electronic commerce. It was enacted by the Indian Parliament in 2000 to
give legal recognition to electronic transactions, digital signatures, and
electronic governance. It also defines various offences and penalties
related to cybercrime and data protection
The IT Act, 2000 recognizes the validity and enforceability of e-contracts
under section 10A, which states that “Where in a contract formation, the
communication of proposals, the acceptance of proposals, the revocation
of proposals and acceptances, as the case may be, are expressed in
electronic form or by means of an electronic record, such contract shall
not be deemed to be unenforceable solely on the ground that such
electronic form or means was used for that purpose.”
The IT Act, 2000 also provides the legal framework for the creation and
verification of digital signatures, which are a type of electronic signature
that uses an asymmetric crypto system to authenticate and secure
electronic records. A digital signature is created by using a private key that
is known only to the signer, and verified by using a public key that is
available to everyone. A digital signature certificate is an electronic record
that certifies the identity of the signer and contains his public key and other
details. The IT Act, 2000 regulates the certifying authorities, who are the
persons who issue and renew the digital signature certificates, and the
Controller of Certifying Authorities, who is the person who supervises and
controls the certifying authorities
The IT Act, 2000 also lays down the duties and liabilities of the subscribers
and the users of the e-contracts and the digital signatures. The
subscribers are the persons who have generated the key pair and obtained
a digital signature certificate from a certifying authority. The subscribers are
required to generate the key pair by applying the security procedure, accept the
digital signature certificate, exercise reasonable care to retain control of the
private key, and communicate to the certifying authority if the private key has
been compromised. The users are the persons who rely on the e-contracts and
the digital signatures of the subscribers. The users are required to verify the
validity of the digital signature certificates, check the status of the certificates,
and follow the security procedure and practices
The IT Act, 2000 aims to provide a legal framework for the use and recognition
of electronic records and signatures in India. It also aims to promote the
development of e-commerce and e-governance and to prevent and punish
cyber crimes. The Act has been amended in 2008 and 2015 to incorporate new
provisions and changes in the field of information technology and cyber law.
(III) CYBER CAFÉ
ANS-: A cyber cafe is a facility that offers access to the internet to the
members of the public for a fee or as part of a business service. A cyber
cafe can provide various types of services, such as browsing, emailing,
chatting, gaming, downloading, printing, scanning, etc. A cyber cafe can
also have computers, laptops, tablets, mobile phones, or other devices
that are connected to the internet
The IT Act, 2000 is the primary law in India that deals with cybercrime and
electronic commerce. It was enacted by the Indian Parliament in 2000 to
give legal recognition to electronic transactions, digital signatures, and
electronic governance. It also defines various offences and penalties
related to cybercrime and data protection
The IT Act, 2000 does not explicitly define or regulate cyber cafes.
However, it has some provisions that are relevant to the operation and
management of cyber cafes. Some of these provisions are:
 Section 2(na) of the Act defines a cyber cafe as “any facility from
where access to the internet is offered by any person in the ordinary
course of business to the members of the public”
 Section 67C of the Act requires intermediaries, which include cyber
cafes, to preserve and retain certain information for a specified
duration as prescribed by the Central Government. The information
may include the identity and address of the users, the logs of the
computer resources, the time and date of the access, etc
 Section 69 of the Act empowers the Central Government or any
authorized officer to issue directions to any intermediary, including
cyber cafes, to intercept, monitor, or decrypt any information
transmitted, received, or stored through any computer resource, for
the purposes of national security, public order, or investigation of
any offence
 Section 69A of the Act empowers the Central Government or any
authorized officer to issue directions to any intermediary, including
cyber cafes, to block access to any information that is hosted,
stored, or transmitted by any computer resource, for the reasons of
sovereignty, integrity, defence, security, or friendly relations of India,
or public order, or to prevent incitement to the commission of any
cognizable offence.
 Section 69B of the Act empowers the Central Government or any
authorized officer to issue directions to any intermediary, including
cyber cafes, to monitor and collect traffic data or information through
any computer resource, for the purposes of cyber security, analysis,
forecasting, or prevention of any cyber incident.
 Section 72 of the Act penalizes any person, including cyber cafe
owners or employees, who secures access to any electronic record,
book, register, correspondence, information, document, or other
material without the consent of the person concerned, and discloses
such material to any other person, with the intent to cause or
knowing that he is likely to cause injury or wrongful loss or wrongful
gain. The penalty is imprisonment for a term which may extend to
two years, or with fine which may extend to one lakh rupees, or with
both.
 Section 72A of the Act penalizes any person, including cyber cafe
owners or employees, who, while providing services under the
terms of lawful contract, has secured access to any material
containing personal information about another person, and
discloses such material without the consent of the person
concerned, or in breach of a lawful contract, with the intent to cause
or knowing that he is likely to cause wrongful loss or wrongful gain.
 The penalty is imprisonment for a term which may extend to three
years, or with fine which may extend to five lakh rupees, or with both.
In addition to the IT Act, 2000, the Central Government has also issued
the Information Technology (Guidelines for Cyber Cafe) Rules, 2011,
which provide detailed guidelines for the registration, operation, and
management of cyber cafes. The rules cover various aspects, such as the
physical layout, the identification and verification of users, the
maintenance of log registers, the installation of filtering software, the
protection of privacy and data, the compliance with the directions of the
authorities, etc. The rules also prescribe the duties and responsibilities of
the cyber cafe owners, the registration agencies, and the users.

(IV) SOFTWARE.
ANS-> Software is a term used to describe a collection of instructions,
data, or computer programs that enable a computer to perform specific
tasks. It can be categorized into system software, application software,
and utility software. System software provides the basic functions needed
to operate and control the hardware of a computer, while application
software consists of programs that perform specific user-oriented tasks.
Utility software includes tools that provide additional functionality to the
operating system or help maintain the computer system.
The term “software” is not explicitly defined in the Information Technology
Act, 2000 of India. However, the Act does provide definitions for related
terms such as “computer,” “computer system,” and “computer network,”
which are essential for understanding the context in which software
operates within the framework of the Act.
Q. WHAT IS 'ELECTRONIC RECORD'?
ANS-:An “electronic record” as per the Information Technology Act, 2000
of India is defined in Section 2(1)(t) as data, record, or data generated,
image or sound stored, received, or sent in an electronic form or microfilm
or computer-generated microfiche.
The IT Act, 2000 provides a legal framework for electronic governance by
giving recognition to electronic records and digital signatures. It aims to
facilitate electronic filing of documents with government agencies and
further to amend the Indian Penal Code, the Indian Evidence Act, 1872,
the Bankers’ Books Evidence Act, 1891, and the Reserve Bank of India
Act, 1934, for matters connected therewith or incidental thereto.
Provisions for Electronic Records in the IT Act, 2000:
 Legal Recognition of Electronic Records (Section 4): This
section states that if a law requires information to be written,
typewritten, or printed, the requirement is satisfied if the information
is rendered or made available in an electronic form and accessible
for subsequent reference.
 Use of Electronic Records and Digital Signatures in
Government and its Agencies (Section 6): This section allows for
the filing of forms, applications, or any documents with any
government-owned or controlled office, agency, body, or authority
in an electronic form. It also covers the grant or issue of any license,
sanction, permit, or approval in an electronic form, as well as the
receipt or payment of money in a certain way.
 Retention of Electronic Records (Section 7): According to this
section, if the law requires the retention of certain records,
documents, or information for a specific period, the requirement is
also satisfied if the retention is in an electronic form, provided certain
conditions are met.
The Act also addresses the use of electronic records and digital
signatures in government and its agencies, the legal recognition of digital
signatures, and the retention of electronic records. It prescribes penalties
for cybercrimes and directs the formation of a Controller of Certifying
Authorities to regulate the issuance of digital signatures.

Q.CRITICALLY ANALYZE E-GOVERNANCE WITH REFERENCE TO

THE INFORMATION TECHNOLOGY ACT, 2000.
ANS-: E-governance in India, with reference to the Information
Technology Act, 2000, has been a significant step towards digitizing the
government machinery and making government services more accessible
to citizens. The IT Act, 2000, was enacted to provide legal recognition to
electronic records and digital signatures, which are foundational to e-
governance. It aimed to facilitate electronic transactions and to boost the
IT industry and e-commerce.
Advantages of E-Governance under the IT Act, 2000:
 Increased Efficiency: E-governance initiatives have streamlined
government processes, reducing the time and paperwork involved
in accessing government services.
 Transparency: Electronic records and transactions have made
government operations more transparent, reducing corruption and
increasing accountability.
 Accessibility: With services available online, citizens can access
them conveniently without visiting government offices, which is
particularly beneficial for those living in remote areas.
Challenges and Criticisms:
 Cybersecurity Concerns: The rise of e-governance has led to
increased cybersecurity threats. The IT Act, 2000, has provisions for
 cybercrimes, but enforcement is challenging due to the need for
more technical expertise and resources.
 Digital Divide: There is a significant digital divide in India, with many
citizens lacking access to the internet or the skills to use e-
governance platforms effectively.
 Implementation Issues: The Act has faced challenges in
implementation, with many government officials and citizens
needing to become more aware of the legal framework for electronic
transactions.
Critical Analysis: The IT Act, 2000, has been crucial in establishing a
legal framework for e-governance. However, it has been criticized for its
limited scope in addressing cybercrimes and for not defining them
explicitly in the Act. The provisions mainly focus on digital certification
processes rather than a comprehensive approach to cybercrime.
Moreover, the Act needs to be updated to keep pace with the rapidly
evolving technology landscape and the sophisticated nature of modern
cyber threats.
In conclusion, while the IT Act, 2000, has laid the groundwork for e-
governance in India, it requires amendments to address current
challenges effectively. There is a need for a more robust legal framework,
increased public awareness, and better infrastructure to realize the full
potential of e-governance in India.
Q. EXPLAIN THE PROVISIONS RELATING TO THE 'CYBER SPACE
AND JURISDICTIONAL ISSUES'.
Ans-: Cyberspace refers to the virtual computer world, an electronic
medium used to facilitate online communication. It typically involves a
large computer network made up of many worldwide computer
subnetworks that employ TCP/IP protocol to aid in communication and
data exchange activities. Cyberspace’s core feature is an interactive and
virtual environment for a broad range of participants. It allows users to
share information, interact, swap ideas, play games, engage in
discussions or social forums, conduct business, and create intuitive
media, among many other activities.
Jurisdictional issues in cyberspace are complex due to the lack of physical
boundaries and the global nature of the internet. Here’s an illustration to
help understand these challenges:
 Global Reach: Cyberspace extends across the world, allowing
users from different countries to interact. This global reach makes it
difficult to determine which country’s laws apply when a dispute arises.
 Multiple Jurisdictions: A single internet transaction may involve the
laws of multiple countries. For example, a user in one country can commit
a cybercrime against someone in another country, raising questions
about which jurisdiction’s laws should be applied.
 Legal Variations: Different countries have varying cyber laws, making it
challenging to prosecute international cybercrimes. What may be legal in
one country could be illegal in another.
 Enforcement: Even if a jurisdiction is determined, enforcing laws across
borders can be problematic due to differences in legal systems and the
need for international cooperation.
These issues highlight the need for harmonized international cyber laws and
cooperation between countries to effectively manage jurisdictional challenges
in cyberspace.
Q. DISCUSS THE SALIENT FEATURES OF E-COMMERCE.
Ans-> E-commerce, as facilitated by the Information Technology Act,
2000 (IT Act) in India, has several salient features that have contributed
to its growth and regulation. Here are some of the key features:
1. Legal Recognition of Electronic Contracts: All electronic
contracts made through secure electronic channels are legally
valid, which means that agreements formed online are as legally
binding as traditional paper-based contracts.
2. Digital Signatures: The IT Act provides legal recognition for digital
signatures, ensuring that electronic documents signed digitally are
considered authentic and have legal validity.
3. Security Measures: The Act has put in place security measures
for electronic records and digital signatures to maintain their
integrity and ensure secure online transactions.
4. Regulatory Framework: The IT Act outlines a procedure for the
appointment of adjudicating officers for holding inquiries under the
Act, and it also provides for the establishment of a Cyber
Regulatory Appellant Tribunal to handle appeals against the orders
of the Controller or Adjudicating Officer.
5. Amendments to Other Laws: The IT Act amended various other
laws, including the Indian Penal Code, the Indian Evidence Act,
the Bankers’ Books Evidence Act, and the Reserve Bank of India
Act, to accommodate the legal changes required for e-commerce.
These features have been instrumental in providing a structured legal
environment for e-commerce activities, thereby boosting consumer
confidence and aiding the growth of online businesses in India.
Q. WHAT DO YOU MEAN BY E-BANKING?
Ans-: E-banking, also known as electronic banking or internet banking,
refers to the process of conducting financial transactions and services
through electronic means, typically over the internet. It allows customers
to access banking services remotely from anywhere, at any time, without
the need to visit a physical bank branch. E-banking includes a wide
range of services such as checking account balances, transferring
funds, paying bills, managing investments, and applying for loans.
In reference to the Information Technology Act, 2000 (IT Act) of India, e-
banking is supported by the legal framework that recognizes electronic
records and digital signatures as valid and enforceable. The IT Act
provides the necessary legal backing for e-banking transactions to be
carried out securely and with legal validity. Here are some key points
that highlight the relationship between e-banking and the IT Act, 2000:
1. Legal Recognition: The IT Act gives legal recognition to all
electronic records and digital signatures, ensuring that e-banking
transactions are as legally binding as those conducted through
traditional means.
2. Security Standards: The Act mandates adherence to prescribed
security procedures and practices, including the use of digital
signatures and encryption, to ensure the confidentiality and
integrity of e-banking transactions.
3. Regulatory Compliance: E-banking services are required to
comply with the standards and guidelines set by the Reserve Bank
of India (RBI), which include minimum standards for e-banking and
provisions under the IT Act.
4. Authentication: Section 3(2) of the IT Act provides specific
provisions for authenticating electronic records, such as the
 servers of banks and other virtual platforms used to provide e-
banking services.
5. Legal Remedies: The IT Act outlines the legal remedies available
in case of any breach or contravention related to e-banking
services, including penalties for cybercrimes that affect the security
and privacy of customers.
E-banking has revolutionized the banking sector by making it more
accessible, efficient, and customer-friendly. However, it also presents
challenges such as security risks and the need for robust cybersecurity
measures to protect against fraud and unauthorized access. The IT Act,
2000, plays a critical role in providing a secure legal environment for e-
banking operations in India, addressing both the opportunities and
challenges presented by this digital transformation of banking services.
Q. ELUCIDATE THE LEGAL ISSUES RELATING TO THE E-
BANKING.
ANS-: E-banking, or electronic banking, has transformed the financial
landscape by offering convenience and efficiency in conducting banking
transactions. However, it also presents several legal issues, particularly
in the context of the Information Technology Act, 2000 (IT Act) in India.
Here are some of the legal issues related to e-banking as per the IT Act:
1. Security and Privacy Risks: The IT Act provides a legal
framework for securing electronic transactions and penalizes
unauthorized access, data theft, and privacy breaches. Despite
this, e-banking systems are often targeted by cybercriminals,
leading to concerns over the security of customer data and
financial transactions.
2. Authentication Issues: The IT Act recognizes digital signatures
and electronic authentication methods. However, there are
challenges in ensuring that all e-banking platforms comply with the
prescribed standards and that customers’ digital identities are
adequately protected.
3. Legal Remedies: While the IT Act specifies penalties for various
cybercrimes, there is a need for more explicit provisions regarding
the liability of banks in cases of security breaches and frauds.
Customers affected by such incidents often face difficulties in
seeking redressal.
4. Regulatory Compliance: E-banking services must adhere to the
IT Act’s provisions and the guidelines set by the Reserve Bank of
India (RBI). However, there can be discrepancies in the
interpretation and implementation of these regulations, leading to
compliance issues.
 5. Jurisdictional Challenges: The global nature of e-banking raises
questions about jurisdiction in cases of cross-border fraud or
disputes. The IT Act has provisions for extraterritorial jurisdiction,
but enforcing laws across borders remains a complex issue.
6. Overlap with Other Laws: There are instances where the
provisions of the IT Act overlap with those of other statutes like the
Indian Penal Code, leading to confusion and potential conflicts in
the legal treatment of e-banking-related offenses.

Q. ELABORATELY DISCUSS THE PROVISIONS RELATING TO THE

'COMPUTER RELATED OFFENCES.
ANS-: The Information Technology Act, 2000 (IT Act) of India is a
comprehensive legislation that addresses various aspects of the digital
and cyber domain, including cybercrimes and computer-related
offenses. The Act was enacted to provide legal recognition to electronic
transactions and to facilitate e-governance while also addressing
concerns related to cybercrimes and data security. Here are some of the
salient features and provisions relating to computer-related offenses
under the IT Act:
1. Tampering with Computer Source Documents (Section 65):
This section penalizes the intentional concealment, destruction, or
alteration of any computer source code used for a computer,
computer program, computer system, or computer network 1.
2. Hacking with Computer System (Section 66): It deals with the
act of unauthorized access to a computer system or network,
causing wrongful loss or damage to the public or any person, and
includes the introduction of viruses2.
 3. Publishing of Information which is Obscene in Electronic
Form (Section 67): This provision penalizes the publication or
transmission of obscene material in electronic form 2.
4. Unauthorized Access to Protected Systems (Section 70): It protects
systems designated as ‘protected systems’ by the government, and
unauthorized access to these systems is a punishable offense2.
5. Breach of Confidentiality and Privacy (Section 72): This section
imposes penalties on any person who has secured access to any
electronic record, book, register, correspondence, information,
document, or other material without the consent of the person
concerned2.
6. Publishing False Digital Signature Certificates (Section 73): It
penalizes the publication of a Digital Signature Certificate that is false in
certain particulars2.
7. Cyber Terrorism (Section 66F): This section was introduced to
address the growing threat of cyber terrorism and penalizes acts that
deny access to a computer resource, attempt to penetrate a protected
system, or introduce a contaminant with the intent to threaten the unity,
integrity, security, or sovereignty of India.
8. Identity Theft (Section 66C): This provision deals with the fraudulent
use of the electronic signature, password, or any other unique
identification feature of a person.
9. Cheating by Personation (Section 66D): It penalizes cheating by
personation using a computer resource or a communication device3.
10. Violation of Privacy (Section 66E): This section penalizes the
capturing, publishing, or transmitting of the image of a private area of
any person without his or her consent.
The IT Act also provides for the establishment of a Cyber Appellate Tribunal to
adjudicate matters related to cybercrimes and computer-related offenses. The
Act has been amended several times to address the evolving nature of
cybercrimes and to strengthen the legal framework for cybersecurity in India.
WRITE SHORT NOTES ON ANY TWO OF THE FOLLOWING:

(1) TRADE MARKS IN INTERNET

ANS-: Trademarks on the internet are distinctive signs or symbols used

to identify and differentiate the goods or services of one entity from
those of others. They play a crucial role in the digital marketplace by
helping consumers recognize brands and make informed purchasing
decisions. In the context of the internet, trademarks often take the form
of domain names, logos, or other branding elements displayed on
websites and online platforms.
The protection of trademarks on the internet is governed by various laws
and regulations, including the Trademarks Act, 1999 in India. This Act
defines a trademark as a mark capable of being represented graphically
and capable of distinguishing the goods or services of one person from
those of others. It may include a shape of goods, their packaging, and
combination of colours.
One of the main challenges in internet trademark law is cybersquatting,
where individuals register domain names corresponding to well-known
trademarks with the intent to sell them to the rightful trademark owners
for a profit. To combat this, the Uniform Domain-Name Dispute-
Resolution Policy (UDRP) provides a mechanism for resolving disputes
over domain names that may infringe on trademarks.
In summary, trademarks in the internet age are essential for maintaining
the integrity of brands and ensuring that consumers are not misled by
similar or counterfeit online offerings. They require careful management
and legal protection to uphold the rights of trademark owners and
preserve consumer trust in the digital economy.
(II) LEGAL REQUIREMENTS OF ELECTRONIC RECORDS

ANS-: Electronic records are subject to specific legal requirements to

ensure their validity, integrity, and admissibility as evidence in legal
proceedings. The Information Technology Act, 2000 (IT Act) of India, for
instance, provides a legal framework for electronic records. Key
requirements include:
 Authenticity: Electronic records must be authentic, meaning they
should be created or maintained in a manner that assures they are
trustworthy and reliable.
 Integrity: They must be maintained in a way that ensures their
content has not been altered unlawfully.
 Accessibility: They should be stored in a format that allows for
their retrieval and use for the period required by applicable laws.
 Compliance with Specific Provisions: For example, under the IT
Act, Section 65B specifies the conditions under which electronic
records are admissible in court, including the need for a certificate
that identifies the electronic record and describes how it was
produced.

(III) DATA BASES IN INFORMATION TECHNOLOGY

ANS- Databases in Information Technology (IT) are structured

collections of data stored and managed electronically. They are
essential for organizing, storing, retrieving, and managing data across
various applications and systems. Databases are typically controlled by
Database Management Systems (DBMS), which provide the tools for
database creation, querying, update, and administration.
A database is an organized collection of data that is stored and
accessed electronically from a computer system. It is usually controlled
by a Database Management System (DBMS), which is a software used
to manage the data within the database. The primary purpose of a
database is to operate a large amount of information by storing,
retrieving, and managing data efficiently
Databases play a pivotal role in the field of Information Technology (IT)
as they serve as the backbone for storing and managing data across
various applications and systems.
Types of Databases:
 Relational Databases: Use tables to store data and SQL for
querying.
 NoSQL Databases: Designed for specific data models with
flexible schemas.
 Distributed Databases: Store data across multiple physical
locations.
 Cloud Databases: Run on cloud platforms, offering database
services.
Databases support a wide range of applications, from dynamic websites
to large-scale data analytics, and are crucial for the functioning of
modern businesses and services. They must be managed effectively to
ensure data integrity, security, and performance.

(IV) FORMULATION AND VALIDITY OF ELECTRONIC CONTRACTS.

ANS-: Electronic contracts, or e-contracts, are agreements created and
signed in a digital format. They are formulated through electronic
communications such as emails, website forms, or electronic document
signing platforms. The validity of e-contracts is recognized under various
legal frameworks, including the Information Technology Act, 2000 (IT Act)
in India, which ensures that contracts formed electronically are as
enforceable as traditional paper-based contracts.
Key points regarding the formulation and validity of e-contracts include:
 Formation: E-contracts are formed by the exchange of offers and
acceptances through electronic means.
 Legal Recognition: The IT Act, under Section 10A, states that
contracts formed through electronic means shall not be deemed
unenforceable solely because they are in electronic form.
 Authentication: Digital signatures and other e-authentication
techniques provide a secure method of signing e-contracts,
ensuring the parties’ identities.
 Admissibility: E-contracts are admissible as evidence in courts,
provided they meet the requirements of integrity and authenticity.
E-contracts have become increasingly popular due to their convenience
and efficiency, especially in the context of global business transactions.

Q. WHAT DO YOU MEAN BY INFORMATION TECHNOLOGY-:

ANS-: Information Technology (IT) is the application of computers and

telecommunications equipment to store, retrieve, transmit, and
manipulate data, often in the context of a business or other enterprise. IT
is considered a subset of information and communications technology
(ICT). Here’s an illustration to explain the concept:

Imagine a library that’s been around for centuries. Traditionally, it has a

card catalog system where you look up the title of a book and then
search for it on the shelves. Now, replace that card catalog with a
computer database that can be searched in seconds and the books with
digital files that can be accessed instantly from anywhere in the world.
That’s the essence of IT.

In this digital library:

  Data Storage: Just like books are stored on shelves, data is
stored in databases.
 Data Retrieval: As you would retrieve a book using the catalog,
you can retrieve data using queries.
 Data Transmission: Information can be sent across the world
through networks, similar to how books can be loaned out.
 Data Manipulation: You can edit, update, or analyze data, much
like how you can annotate or index a book.

IT encompasses everything from the computer you use to type an email,

to the networks that carry that email, to the server that stores it, and the
software that makes sending it possible. It’s a vast field that includes
many types of technology and serves a variety of functions in personal
and professional settings.

Q. DISCUSS THE HISTORICAL PERSPECTIVE, OBJECT AND

SCOPE OF THE INFORMATION TECHNOLOGY ACT, 2000.
ANS-: The Information Technology Act, 2000 (IT Act) of India was a
landmark legislation that aimed to address the legal challenges and
opportunities presented by the advent of the internet and digital
technologies. The historical perspective of the IT Act is rooted in the
global and national developments in information technology:
 Global Influence: The IT Act was influenced by the United
Nations Commission on International Trade Law (UNCITRAL)
Model Law on Electronic Commerce, adopted in 1996, which
aimed to harmonize the legal framework for electronic commerce
on an international level.
 Computer Revolution in India: The seeds of the IT Act can be
traced back to the computer revolution in India during the 1980s,
particularly after Rajiv Gandhi became Prime Minister in 1984. His
 government’s policies, such as reducing import taxes and duties
for computer systems, played a significant role in integrating
computers into various sectors of the Indian economy.
 Economic Reforms: The economic reforms of 1991, which
included liberalization, privatization, and globalization, further
accelerated the growth of the IT sector in India. These reforms led
to an influx of technology and the development of software
companies, setting the stage for the need for cyber laws.
 UNCITRAL Model Law on Electronic Commerce: The
UNCITRAL Model Law provided the basis for many countries,
including India, to draft their own laws to facilitate electronic
commerce and recognize electronic documents as legal
equivalents to paper documents.
 Enactment of the IT Act: The IT Act was passed in the year 2000,
making India the 12th country to adopt legislation for cybercrimes.
The Act provided the legal infrastructure to support e-commerce,
electronic data interchange, and other forms of electronic
communication.
The IT Act, 2000, marked the beginning of a new era in the legal
recognition of electronic transactions and set the foundation for
addressing the complexities of cyber law in India. It has since been
amended to keep pace with the evolving nature of technology and cyber
threats. For more detailed insights, you can refer to comprehensive
reviews and studies on the economic impact of IT.
Objectives of the Act:
 To provide legal recognition to transactions carried out through
electronic data exchange and other means of electronic
communication.
  To facilitate electronic filing of documents with government
agencies and departments.
 To give legal recognition to digital signatures for authenticating
electronic records.
 To enable and give legal sanction to the electronic transfer of
funds between banks and financial institutions.
 To amend the Indian Penal Code 1860, the Indian Evidence Act
1872, the Bankers’ Books Evidence Act 1891, and the Reserve
Bank of India Act 1934 to accommodate electronic records1.
Scope of the Act:
 The IT Act covers a wide range of activities related to e-commerce,
e-governance, and cybercrimes.
 It provides a legal framework for the recognition of electronic
contracts, security measures for electronic records and digital
signatures, and the appointment of adjudicating officers for
inquiries under the Act.
 The Act also established a Cyber Regulatory Appellate Tribunal to
handle appeals against the orders of the Controller or Adjudicating
Officer.
The IT Act, 2000, represents a significant step in India’s efforts to
address the legal challenges of the digital age, providing a foundation for
secure electronic transactions and effective governance of cyberspace1.
For more detailed insights, you can refer to comprehensive reviews and
studies on the economic impact of IT.
Q. WHO CAN ISSUE DIGITAL SIGNATURE CERTIFICATE
ANS-: Under the Information Technology Act, 2000 (IT Act), Digital
Signature Certificates (DSCs) can be issued by licensed Certifying
Authorities (CAs). Under Section 24 of the IT Act, Certifying Authorities
(CAs) are granted the license to issue DSCs. These CAs are appointed
by the office of the Controller of Certification Agencies (CCA), which
operates under the provisions of the IT Act. The CAs are recognized and
regulated by the Controller of Certifying Authorities (CCA), which operates
under the Ministry of Electronics and Information Technology,
Government of India.
Here’s an illustration of the process:
1. Licensing of CAs: The CCA grants licenses to entities to operate
as CAs after ensuring they meet the criteria set by the IT Act.
2. Issuance of DSCs: Once licensed, CAs can issue DSCs to
individuals and organizations that seek to authenticate their
electronic documents.
3. Types of DSCs: There are different classes of DSCs, such as Class
2 and Class 3, each serving different levels of security
requirements1.
4. Application Process: Applicants must submit required documents
and undergo verification before a DSC is issued..
5. Usage: DSCs are used for secure electronic transactions, e-filing
with government agencies, and signing digital documents.
The CAs play a crucial role in the digital ecosystem by ensuring the
authenticity and integrity of electronic transactions as per the provisions
of the IT Act, 2000.
Q. WHAT ARE THE REMEDIES PROVIDED UNDER THE
INFORMATION TECHNOLOGY ACT, 2000 AGAINST THE
OFFENCES RELATING TO DIGITAL SIGNATURE CERTIFICATE?
ANS-: Under the Information Technology Act, 2000, various remedies
are provided against offences related to Digital Signature Certificates
(DSC). Here’s an elaboration of some of the key provisions:
 Section 38: This section provides a framework for the revocation
of DSCs. It outlines the circumstances under which a DSC can be
revoked, either voluntarily by the subscriber or initiated by the
Certifying Authority (CA) due to reasons such as compromise of
security, expiration, or other specified reasons.
 Section 43: If any person without permission of the owner or any
other person who is in charge of a computer, computer system, or
computer network, accesses or secures access to such computer,
computer system or computer network; downloads, copies or
extracts any data, computer database or information from such
computer, including information or data held or stored in any
removable storage medium; introduces or causes to be introduced
any computer contaminant or virus, he shall be liable to pay
damages by way of compensation to the person so affected.
 Section 65: Tampering with computer source documents is
punishable with imprisonment up to three years, or with a fine
which may extend up to two lakh rupees, or with both.
 Section 66: Hacking with computer systems, data alteration, etc.,
is punishable with imprisonment for a term which may extend to
three years, or with a fine which may extend to five lakh rupees, or
with both.
 Section 74: This section deals with the penalties for the misuse of
DSCs. If any person knowingly creates, publishes, or otherwise
 makes available a DSC for any fraudulent or unlawful purpose,
they shall be liable to pay a penalty of up to Rs. 1,00,000,
imprisonment for up to 2 years, or both.
These sections are part of a comprehensive legal framework established
by the IT Act to address the challenges and offences related to digital
signatures and electronic transactions. The Act also amends other laws
like the Indian Penal Code and The Evidence Act to include electronic
records and digital signatures within their scope, thus providing a legal
basis for addressing cyber offences.

Q. WHAT IS A CYBER SPACE?

ANS-: Cyberspace, as referenced in the Information Technology Act,
2000, is a term that encompasses the virtual environment where internet
users interact, communicate, and exchange information. It is a digital
landscape, often visualized as a space without physical boundaries,
where data travels across networks and is accessible through computers
and other digital devices.
The IT Act, 2000, does not explicitly define “cyberspace,” but it
addresses various aspects of electronic communication and transactions
that occur within this virtual realm. The Act provides a legal framework
for recognizing electronic records and digital signatures, which are
essential components of activities conducted in cyberspace. It also
outlines the responsibilities and liabilities of different stakeholders,
including users, intermediaries, and certifying authorities, to ensure the
security and legality of online interactions.
Cyberspace under the IT Act is significant because it is where most
modern communication, commerce, and data exchange take place. The
Act’s provisions aim to facilitate and secure these activities by
establishing standards for authentication, privacy, and cybercrime
prevention. For instance, the Act includes measures to address offences
such as hacking, identity theft, and the unauthorized use of digital
signatures.
In summary, cyberspace in the context of the IT Act, 2000, is the virtual
domain of electronic communication, governed by legal regulations to
ensure that the integrity, confidentiality, and availability of data are
maintained, and that the rights of individuals and entities are protected in
the digital world.

Q. WHAT ARE THE PRINCIPLE ELEMENTARY ISSUES IN

DETERMINATION OF CYBER JURISDICTION?
ANS-: Determining cyber jurisdiction involves several elementary issues
due to the borderless nature of the internet. Here are some of the
principal issues:
1. Location of the Parties: Often, the parties involved in a cyber
dispute may be located in different countries, which complicates
the determination of jurisdiction.
2. Place of the Offence: Identifying the geographical location where
the cyber offence was committed can be challenging, as the
internet does not adhere to physical boundaries.
3. Applicable Laws: Different countries have varying laws and
regulations regarding cyber activities, making it difficult to ascertain
which legal framework should apply.
4. Enforcement of Judgments: Even if a court has jurisdiction and
passes a judgment, enforcing it in another country where the
defendant or their assets are located can be problematic.
5. Minimum Contacts Theory: This theory suggests that for a court
to have jurisdiction, the defendant must have sufficient contacts
with the territory of the forum.
6. Sliding Scale Theory: This theory is used to determine jurisdiction
based on the level of interactivity of a website with users in a
particular jurisdiction.
7. Effects Test and International Targeting: This test considers
whether the actions of the defendant have had an effect in the
jurisdiction where the plaintiff is located or whether the defendant
targeted the jurisdiction intentionally.
Q. "E-COMMERCE NOW-A-DAYS HAVE BECOME VERY POPULAR
ESPECIALLY IN THE CORPORATE SECTORS".

ANS-: E-commerce has indeed become increasingly popular, particularly

in the corporate sector. This trend is driven by the convenience and
efficiency of online transactions, which allow businesses to reach a wider
audience and operate more effectively. Here’s an illustration of the
statement:

 Global Reach: E-commerce platforms enable corporations to sell

products and services to customers around the world, breaking
down geographical barriers and expanding their market presence.
 Cost Reduction: By operating online, businesses can reduce
overhead costs associated with physical stores, such as rent and
utilities.
 Data Analytics: E-commerce provides corporations with valuable
data on customer behavior, preferences, and trends, which can be
used to tailor marketing strategies and improve customer
experiences.
 24/7 Availability: Unlike traditional brick-and-mortar stores, e-
commerce websites are accessible at any time, providing customers
with the convenience of shopping at their leisure.
 Customization and Personalization: E-commerce allows for
personalized marketing and product recommendations based on
user data, enhancing the shopping experience and increasing
customer satisfaction.
 Supply Chain Efficiency: E-commerce facilitates efficient
inventory management and logistics, enabling faster delivery times
and better supply chain control.

For instance, in India, the e-commerce industry has been on an upward

growth trajectory, with the Government e-marketplace (GeM) registering
its highest ever Gross Merchandise Value of $2011 Bn in FY 2022-23.
More than 60% of transactions and orders come from tier two cities and
smaller towns, indicating the widespread adoption of e-commerce beyond
metro cities.
Q. E-COMMERCE NOW-A-DAYS HAVE BECOME VERY POPULAR
ESPECIALLY IN THE CORPORATE SECTORS"..DISCUSS THE
VARIOUS MODES OF E-COMMERCE IN THE LIGHT OF THE ABOVE
STATEMENT.

ANS-: E-commerce has indeed become a cornerstone of the corporate

sector, revolutionizing the way businesses operate and interact with
customers. The various modes of e-commerce reflect the diverse nature
of online transactions and the wide range of participants involved. Here
are the primary modes of e-commerce:
1. Business to Consumer (B2C): This is the most common e-
commerce model, where businesses sell goods and services
directly to consumers. Examples include online retailers like
Amazon and Flipkart, which offer a vast array of products to
individual customers.
2. Business to Business (B2B): In this model, transactions occur
between businesses, such as a manufacturer selling to a wholesaler
or a wholesaler to a retailer. B2B e-commerce platforms like Alibaba
and Udaan facilitate bulk transactions and often involve more
complex processes and larger transaction volumes.
3. Consumer to Consumer (C2C): Platforms like eBay and OLX
enable individuals to sell goods and services to each other. This
model supports second-hand sales, auctions, and peer-to-peer
services.
4. Consumer to Business (C2B): Here, individuals offer products or
services to businesses. This can include freelance work,
crowdsourcing, or influencer marketing, where a consumer’s
influence or assets are valuable to a business.
5. Business to Government (B2G): Companies provide products or
services to government agencies through this model. It often
 involves tenders and contracts for public sector projects and
services.
6. Consumer to Government (C2G): This less common mode
involves individuals providing services or payments to government
entities, such as paying taxes or fees online.
7. Business to Business to Consumer (B2B2C): This model
combines B2B and B2C, where a business sells a product or service
to another business before it reaches the end consumer.
Each mode of e-commerce offers unique benefits and challenges, and
businesses may operate in multiple modes simultaneously to maximize
their reach and efficiency. The growth of e-commerce in the corporate
sector is a testament to its adaptability and the value it provides to all
parties involved in the digital marketplace.

Q. DEFINE THE TERM "ELECTRONIC RECORD"?

ANS-: The term “Electronic Record” as defined in the Information
Technology Act, 2000, refers to data, records, or data generated, image
or sound stored, received, or sent in an electronic form or microfilm or
computer-generated microfiche. This definition encompasses a wide
range of digital formats and includes any information that is created,
maintained, or used in a digital format.
To illustrate, consider a scenario where a business issues an invoice to
a customer. Traditionally, this would be a physical document. However,
under the IT Act, 2000, if the invoice is generated and sent via email as
a PDF file, it is considered an electronic record. This electronic record
has the same legal standing as its physical counterpart, provided it
meets the requirements set out in the Act, such as being accessible for
subsequent reference and capable of being retained.
Furthermore, the Act encourages the use of electronic records by the
government and its agencies, promoting e-governance. For example,
when a citizen files taxes online, the submitted forms and documents are
electronic records. The IT Act ensures that these records are legally
recognized, thereby facilitating efficient and paperless governance.
In summary, an electronic record under the IT Act, 2000, is any piece of
information that is stored or transmitted digitally, and it is legally
recognized for all purposes that would require written or printed records.
This legal recognition is crucial for the advancement of digital
transactions and e-governance in India.
Q. BRIEFLY ENUMERATE THE RELEVANT PROVISIONS OF THE
INFORMATION TECHNOLOGY ACT, 2000 ABOUT THE
AUTHENTICITY OF ELECTRONIC RECORDS.
ANS-: The Information Technology Act, 2000, provides a legal framework
for the recognition and authenticity of electronic records. Here are the key
provisions relevant to the authenticity of electronic records:
1. Legal Recognition of Electronic Records (Section 4): This
section grants legal recognition to electronic records, ensuring that
any requirement for information to be in written, typewritten, or
printed form is satisfied if it is presented in electronic form and
accessible for subsequent reference.
2. Legal Recognition of Digital Signatures (Section 5): It states that
digital signatures are legally recognized for authenticating electronic
records. The Central Government prescribes the manner in which
digital signatures are to be used.
3. Use of Electronic Records and Digital Signatures in
Government and its Agencies (Section 6): This provision
encourages the use of electronic records and digital signatures in
government offices, agencies, and bodies for filing documents,
issuing licenses, and making payments.
4. Retention of Electronic Records (Section 7): According to this
section, if the law requires the retention of certain records,
documents, or information for a specific period, this requirement is
also satisfied if the retention is in electronic form, provided it is
accessible for subsequent reference.
5. Secure Electronic Records and Secure Digital Signatures
(Sections 14 and 15): These sections define what constitutes a
secure electronic record and a secure digital signature, ensuring the
 integrity of the electronic record and the authenticity of the digital
signature.
6. Audit of Documents, etc., Maintained in Electronic Form
(Section 7A): This section mandates the audit of electronic records
to ensure compliance with the provisions of the IT Act and the rules
and regulations made thereunder.
These provisions collectively establish the legal validity of electronic
records and digital signatures, ensuring their authenticity and
enforceability in the eyes of the law. They form the cornerstone of e-
governance and digital transactions in India, providing the necessary legal
infrastructure to support the digital economy.

Q. HOW COMPENSATION ARE PAYABLE IN CASE OF FAILURE TO

PROTECT DATA UNDER THE INFORMATION TECHNOLOGY ACT,
2000
Ans-: Under the Information Technology Act, 2000, compensation for
failure to protect data is addressed in Section 43A. This section
specifically deals with the liability of a body corporate in the event of
negligence in implementing and maintaining reasonable security
practices and procedures, resulting in wrongful loss or wrongful gain to
any person. Here’s a detailed note on the provision:
Section 43A: Compensation for Failure to Protect Data
 Body Corporate: The term refers to any company, including firms,
sole proprietorships, or other associations of individuals engaged
in commercial or professional activities.
 Sensitive Personal Data or Information: This includes
information such as passwords, financial information, health
 conditions, medical records, and any other personal information
deemed sensitive by the Central Government.
 Reasonable Security Practices and Procedures: These are the
practices and procedures designed to protect sensitive personal
data from unauthorized access, damage, use, modification,
disclosure, or impairment. They may be specified in an agreement
between the parties, any law currently in force, or as prescribed by
the Central Government in consultation with professional bodies or
associations.
 Negligence and Liability: If a body corporate, while possessing,
dealing, or handling sensitive personal data in a computer
resource it owns, controls, or operates, is found to be negligent in
maintaining the required security practices, it becomes liable to
pay damages by way of compensation to the affected person.
 Compensation: The amount of compensation is not specified in
the Act and is determined based on the extent of the damage
suffered by the individual due to the negligence of the body
corporate.
The provision under Section 43A emphasizes the importance of
maintaining stringent security measures to protect sensitive personal
data and holds corporates accountable for any negligence leading to
data breaches. It serves as a deterrent against lax security practices and
underscores the need for corporates to invest in robust data protection
mechanisms to avoid legal and financial repercussions.
Q. DEFINE "CYBER CRIME"? IS OUR CYBER LAW FRAMEWORK
CAPABLE OF SUPPORTING THE DIGITAL INDIA?-COMMENT.
Ans-: “Cyber Crime” in reference to the Information Technology Act,
2000 (IT Act 2000) encompasses a range of illegal activities where a
computer or network is the tool, target, or both. The IT Act 2000, which
is based on the UNCITRAL Model Law on Electronic Commerce 1996, is
the primary legal framework in India that deals with cybercrime and e-
commerce. It defines various cybercrimes and prescribes penalties for
them, such as hacking, data theft, identity theft, cyberstalking, and more.
The Act also provides legal recognition to electronic documents,
supporting e-filing and e-commerce transactions.
The IT Act 2000 has been amended to keep up with the evolving nature
of cybercrimes. For instance, the 2008 amendment introduced specific
provisions for identity theft, cyber terrorism, and child pornography,
among others3. The Act also outlines the roles and responsibilities of
intermediaries and users, and it has provisions for due diligence and
reasonable security practices to be followed by corporates to protect
sensitive personal data.
Regarding the capability of India’s cyber law framework to support
Digital India, the government has been proactive in updating and
introducing new policies to strengthen the legal infrastructure for a digital
economy. The proposed Digital India Act 2023 aims to provide a
contemporary legal framework for India’s evolving digital ecosystem,
focusing on online safety, trust, accountability, and the regulation of
new-age technologies like artificial intelligence and blockchain. This
forward-looking approach, along with amendments to the IT Act and
other related policies, indicates that India’s cyber law framework is
gearing up to support and secure the Digital India vision.
The Digital India initiative aims to transform India into a digitally
empowered society and knowledge economy. It focuses on providing
digital infrastructure as a utility to every citizen, governance and services
on demand, and digital empowerment of citizens. The cyber law
framework plays a crucial role in this transformation by ensuring the
security and legality of online activities, which is essential for building
trust and confidence in digital services.
In conclusion, while challenges remain, India’s cyber law framework is
evolving to address the complexities of cybercrime and support the
nation’s digital aspirations. Continuous updates and new legislations like
the Digital India Act are steps towards creating a robust legal
environment that can support and protect the digital ecosystem.

Q. WRITE A SHORT NOTE ON E-GOVERNANCE.

ANS-: E-Governance, or electronic governance, is the application of
information and communication technology (ICT) to deliver government
services, exchange information, and facilitate communication
transactions. It aims to make government services more accessible to
citizens, increase efficiency, and promote transparency and accountability
in government operations.
Definition and Significance E-Governance involves using ICT to
improve government functioning and address the needs of society. It
encompasses the publishing of policy and program-related information
and transacting with citizens. The goal is to extend beyond providing
online services to using IT for strategic planning and achieving the
government’s development goals.
Objectives of E-Governance The objectives of e-governance include:
 Making government information available to the public.
  Creating a cooperative structure between the government and the
people.
 Increasing and encouraging people’s participation in the
governance process.
Features of E-Governance E-Governance features include:
 Transparency: Providing information in the public domain, making
government functions and processes clear.
 Accountability: Developing effective information management
systems to ensure public service accountability.
 Efficiency and Effectiveness: Streamlining processes to make the
system more responsive and cost-effective.
 Inclusiveness: Ensuring reliable access to information within
government and between government, citizens, and businesses.
Types of Interactions in E-Governance There are several types of
interactions facilitated by e-governance:
 Government to Citizen (G2C): Interaction between the government
and citizens, enabling efficient delivery of public services.
 Government to Business (G2B): Transactions between government
and businesses, facilitating commercial activities.
 Government to Government (G2G): Interactions within government
agencies at different levels to enhance cooperation and
coordination.
 Government to Employees (G2E): Communication between
government and its employees to improve internal administration.
Initiatives and Plans Several initiatives and plans have been
implemented to promote e-governance, such as:
 The National e-Governance Plan (NeGP): Aims to make all
government services accessible to the common man.
  E-Kranti – Electronic Delivery of Services: Focuses on electronic
delivery of key services to citizens.
E-Governance is a critical component of modern governance, offering a
platform for more direct interaction between government and citizens,
enhancing the quality of services, and fostering a more informed and
engaged citizenry. It is an integral part of the government’s push towards
a Digital India, where technology is leveraged to create a participatory,
transparent, and responsive government. The continuous evolution of e-
governance strategies and the implementation of new technologies are
essential for meeting the changing needs of citizens and ensuring the
long-term success of governance initiatives.
Q. WRITE A SHORT NOTE ON CYBER DEFAMATION.
ANS-: Cyber defamation, as addressed in the Information Technology
Act, 2000 (IT Act 2000), refers to the act of publishing defamatory
material about an individual or entity in cyberspace, such as on social
media platforms, blogs, or websites. The IT Act 2000, along with
provisions from the Indian Penal Code (IPC), provides the legal
framework to address and penalize such acts.
Key Provisions Related to Cyber Defamation:
 Section 499 IPC: Defines defamation and extends to electronic
documents. It states that defamation can occur through words,
signs, or visible representations made with the intent to harm the
reputation of a person.
 Section 469 IPC: Amended by the IT Act 2000 to include
‘electronic record forged’ for the purpose of harming reputation,
punishable with imprisonment up to three years and a fine1.
 Section 66A IT Act: Although struck down by the Supreme Court
in 2015 for being vague and unconstitutional, it previously dealt
with punishment for sending offensive messages through
communication services.
Challenges and Issues: Cyber defamation poses unique challenges
due to the anonymity of the internet, jurisdictional issues, and the rapid
dissemination of information. The lack of a specific provision in the IT
Act 2000 for cyber defamation means that cases are often dealt with
under related provisions or the IPC. Additionally, the absence of a
comprehensive Data Protection Act in India complicates the legal
landscape for addressing defamation in cyberspace.
Supporting Digital India: The current legal framework, including the IT
Act 2000, provides a foundation for addressing cyber defamation.
However, to support the Digital India initiative effectively, there is a need
for more specific laws and amendments to existing ones to keep pace
with the evolving nature of cybercrimes and to protect individuals’
reputations online.
In conclusion, while the IT Act 2000 and IPC provide mechanisms to
address cyber defamation, the legal framework must evolve to address
the complexities of the digital age and support the vision of a digitally
empowered society. Continuous updates and the introduction of new
legislation, such as a dedicated Data Protection Act, will be crucial in this
regard.

Q. WRITE A SHORT NOTE ON KEY PAIR

ANS-: In the context of the Information Technology Act, 2000 (IT Act
2000), a “key pair” refers to the concept of asymmetric cryptography,
which is a fundamental component of digital signature technology. As
per Section 2(1)(f) of the IT Act 2000, an asymmetric crypto system is
defined as a system of a secure key pair consisting of a private key for
creating a digital signature and a public key to verify the digital signature.
Key Pair Explained:
 Private Key: This is a secret key that is kept confidential by the
owner. It is used to create a digital signature on an electronic
document or transaction. The private key must be protected to
ensure the security of the digital signature.
 Public Key: This key is made available to anyone who needs to
verify the digital signature. It is used to confirm that the digital
signature was created using the corresponding private key and
that the electronic document has not been altered since it was
signed.
Importance in the IT Act 2000:
  Authentication: The key pair is crucial for authenticating the
identity of individuals or entities in electronic transactions. It
ensures that the signer of a document is indeed who they claim to
be.
 Integrity: By using a key pair, any changes made to the electronic
document after it has been signed can be detected, thereby ensuring
the integrity of the document.
 Non-repudiation: The use of a key pair in digital signatures provides
non-repudiation, meaning the signer cannot later deny having signed
the document.
Application in E-Governance and E-Commerce:
 The IT Act 2000 facilitates the use of key pairs in various e-
governance and e-commerce applications, allowing for secure online
transactions and the exchange of legally binding electronic
documents.
Regulation and Oversight:
 Certifying Authorities: The IT Act 2000 provides for the
appointment of Certifying Authorities (CAs) who issue digital
signature certificates containing the public key. The CAs play a
critical role in the digital signature ecosystem by verifying the identity
of the key pair holder before issuing a certificate.
 Security Procedures: The Act also outlines the security procedures
to be followed for generating, storing, and safeguarding the key pair
to prevent unauthorized access and use.
In summary, the key pair is an essential element of the digital signature
framework under the IT Act 2000, enabling secure and trustworthy
electronic transactions that are vital for the growth of the digital economy in
India. The Act’s provisions ensure that key pairs are used effectively and
responsibly, with adequate legal backing to support their use in various
digital applications.
Q. WRITE A SHORT NOTE ON OBSCENITY.
ANS-: Obscenity in the context of the Information Technology Act, 2000
(IT Act 2000) is a significant legal issue that pertains to the publication or
transmission of material in electronic form that is considered lascivious
or appeals to prurient interests. The IT Act 2000, through its provisions,
seeks to address and penalize the spread of obscene content in
cyberspace.
Section 67 of the IT Act 2000 is the primary provision that deals with
obscenity in electronic form. It states that anyone who publishes or
transmits or causes to be published or transmitted in the electronic form
any material which is lascivious or appeals to the prurient interest, or if
its effect is such as to tend to deprave and corrupt persons who are
likely, having regard to all relevant circumstances, to read, see or hear
the matter contained or embodied in it, shall be punished. The
punishment for the first conviction is imprisonment of either description
for a term which may extend to three years and with a fine which may
extend to five lakh rupees. In the event of a second or subsequent
conviction, the imprisonment may extend to five years and also with a
fine which may extend to ten lakh rupees.
The IT Act 2000 has an overriding effect over the Indian Penal Code
(IPC) when it comes to offences relating to obscene content in electronic
form, as stated in Section 81 of the IT Act. This means that any offence
relating to obscene content in electronic form can only be tried under the
IT Act 2000 and not under the IPC.
The definition of obscenity is not universally fixed and often varies
according to the moral standards and notions of communities and
countries. What may be deemed obscene in one country may not attract
the same meaning in another. The challenge lies in finding the balance
between freedom of expression and the protection of societal morals,
especially in the digital age where content can be easily accessed and
disseminated across borders.
In conclusion, the IT Act 2000 provides a legal framework to combat the
spread of obscene material in electronic form, reflecting the need to
adapt traditional concepts of obscenity to the modern digital
environment. The Act aims to protect individuals and society from
content that is deemed harmful while navigating the complexities of
regulating such content in cyberspace.

Q. WRITE A SHORT NOTE ON E-BANKING

ANS-: E-banking, also known as electronic banking or internet banking,
has been significantly influenced by the Information Technology Act,
2000 (IT Act 2000) in India. The IT Act 2000 provides the legal
framework necessary for secure electronic transactions, which is the
foundation of e-banking services. Here’s a detailed note on e-banking in
reference to the IT Act 2000:
Legal Recognition of Electronic Transactions: The IT Act 2000 gives
legal recognition to electronic records and digital signatures, which are
essential for e-banking transactions. This means that electronic
contracts entered into through e-banking are legally binding and
enforceable1.
Security Standards for E-Banking: The IT Act 2000 mandates that
banks and financial institutions follow prescribed reasonable security
practices and procedures to protect sensitive personal data. This
includes implementing robust cybersecurity measures to safeguard
against unauthorized access and data breaches1.
Authentication of Electronic Records: The IT Act 2000 provides
specific provisions for authenticating electronic records, such as the
servers of banks and other virtual platforms, which are crucial for the
integrity of e-banking services. This ensures that the transactions
conducted are secure and the records maintained are accurate2.
Regulatory Oversight: The Reserve Bank of India (RBI) sets minimum
standards for e-banking services, which are complemented by the
provisions of the IT Act 2000. The RBI guidelines cover various aspects
of e-banking, including technology risk management, customer privacy,
and legal compliance1.
Overlap with Other Laws: There is an overlap and disconnect between
the IT Act 2000 and the Indian Penal Code (IPC) regarding cybercrimes
that affect e-banking. While the IT Act 2000 primarily deals with
electronic fraud and data protection, the IPC covers criminal acts that
can also occur in the digital domain1.
Challenges and Future Prospects: Despite the existing legal structure,
the rapid evolution of technology and the introduction of artificial
intelligence in banking processes pose new challenges. The legal
framework may need to be updated to keep pace with these
advancements and continue to protect consumers effectively1.
In conclusion, the IT Act 2000 plays a pivotal role in the functioning and
growth of e-banking in India by providing a secure legal environment for
electronic transactions. As technology evolves, there may be a need for
further amendments to the Act to address emerging challenges and
ensure the continued success of e-banking services.
Q. WRITE A SHORT NOTE ON THEFT OF INFORMATION
ANS-:The Information Technology Act, 2000 (IT Act 2000) addresses
the theft of information under several provisions, recognizing the
importance of data security in the digital age. Here’s a detailed note on
the theft of information as per the IT Act 2000:
Section 43: This section deals with unauthorized access and data theft.
It states that if any person without permission accesses or secures
access to a computer, computer system, or computer network,
downloads, copies, or extracts any data, or introduces any computer
contaminant, they shall be liable to pay damages to the affected person.
Section 66: This section provides for punishment for the theft of
information, computer hacking, and other related offences. It states that
whoever, with the intent to cause or knowing that they are likely to cause
wrongful loss or damage to the public or any person, destroys, deletes,
or alters any information residing in a computer resource or diminishes
its value or utility or affects it injuriously by any means, commits the
offence of hacking.
Section 66B: It specifically addresses the receipt of stolen computer
resources or communication devices. Under this section, anyone who
dishonestly receives or retains any stolen computer resource or
communication device, knowing it to be stolen, is punishable with
imprisonment of up to three years or with a fine of up to one lakh rupees
or with both.
Section 66C: This section pertains to identity theft and prescribes
punishment for anyone who fraudulently or dishonestly uses the
electronic signature, password, or any other unique identification feature
of another person.
Section 66D: It deals with cheating by personation using a computer
resource or a communication device, with the punishment being
imprisonment of up to three.

Q. WHO IS A CONTROLLER?
ANS-: Under the Information Technology Act, 2000 (IT Act 2000), the
Controller of Certifying Authorities (CCA) is a key regulatory figure
appointed by the Central Government. The Controller’s primary role is to
supervise and regulate the activities of Certifying Authorities (CAs),
which are entities authorized to issue digital signature certificates. Here’s
a detailed note on the functions and responsibilities of the Controller:
Appointment and Offices:
 The Controller is appointed by the Central Government and
operates under its general control and directions.
 The Controller may have Deputy Controllers and Assistant
Controllers to assist in performing the functions.
 The qualifications, experience, and terms of service of the
Controller and deputies are prescribed by the Central Government
 The Controller’s office may have a head office and branch offices
at locations specified by the Central Government.
Q. WRITE A NOTE ON THE FUNCTION OF A CONTROLLER UNDER
IT, ACT 2000
Ans-:Under the Information Technology Act, 2000, the Controller of
Certifying Authorities (CCA) plays a crucial role in regulating and
overseeing the issuance of digital signatures and ensuring the security of
electronic transactions.
The Controller may perform all or any of the following functions, namely:
-
 exercising supervision over the activities of the Certifying
Authorities.
 certifying public keys of the Certifying Authorities.
 laying down the standards to be maintained by the Certifying
Authorities.

 specifying the qualifications and experience which employees of the

Certifying Authorities should possess.
 specifying the conditions subject to which the Certifying Authorities
shall conduct their business.
 specifying the contents of written, printed or visual materials and
advertisements that may be distributed or used in respect of a Digital
Signature Certificate and the public key.
 specifying the form and content of a Digital Signature Certificate and
the key.
 specifying the form and manner in which accounts shall be
maintained by the Certifying Authorities.
 specifying the terms and conditions subject to which auditors may
be appointed and the remuneration to be paid to them.
  facilitating the establishment of any electronic system by a Certifying
Authority either solely or jointly with other Certifying Authorities and
regulation of such systems.
 specifying the manner in which the Certifying Authorities shall
conduct their dealings with the subscribers.
 resolving any conflict of interests between the Certifying Authorities
and the subscribers.
 laying down the duties of the Certifying Authorities.
 maintaining a data base containing the disclosure record of every
Certifying Authority containing such particulars as may be specified
by regulations, which shall be accessible to public.

Q. WRITE A SHORT NOTE ON CYBER FRAUD

ANS-: Cyber fraud refers to the use of the internet and digital
technologies to deceive individuals or organizations for financial or
personal gain. It encompasses a wide range of illegal activities, including
identity theft, phishing, hacking, and online scams. Cyber fraudsters
often exploit vulnerabilities in computer systems, manipulate digital
communications, or use social engineering tactics to trick victims into
divulging sensitive information or transferring funds to fraudulent
accounts.
Types of Cyber Fraud:
 Phishing: Sending fraudulent emails or messages that appear to
be from legitimate sources to trick recipients into providing
personal information or login credentials.
 Identity Theft: Stealing personal information to impersonate
someone else, often to access their financial accounts or commit
fraud in their name.
  Online Scams: Deceptive schemes that promise rewards, such as
lottery winnings or investment returns, in exchange for upfront
payments or personal information.
 Hacking: Unauthorized access to computer systems to steal data,
disrupt operations, or install malware.
Consequences of Cyber Fraud:
 Financial Loss: Victims can suffer significant financial damage,
including loss of funds and damage to credit ratings.
 Reputational Harm: Businesses can experience a loss of customer
trust and damage to their brand reputation.
 Legal Implications: Both individuals and organizations may face
legal challenges and regulatory penalties.
Prevention and Protection:
 Security Measures: Implementing robust cybersecurity practices,
such as firewalls, antivirus software, and secure passwords.
 Education and Awareness: Raising awareness about common
cyber fraud tactics and training individuals to recognize and avoid
them.
 Regular Monitoring: Keeping a close watch on financial
transactions and credit reports to detect any unauthorized activity
early on.
Legal Framework: The Information Technology Act, 2000 provides a legal
framework to address cyber fraud in India. It includes provisions for
punishment of various cybercrimes and mandates due diligence for
intermediaries and corporate bodies to protect sensitive personal data 1.
In conclusion, cyber fraud is a growing concern in the digital age, with far-
reaching impacts on individuals and organizations. Vigilance, education,
and robust cybersecurity measures are essential to combat this threat and
protect against potential losses. The legal framework, including the IT Act
2000, plays a crucial role in deterring cyber fraud and providing recourse
for victims.

Q. WRITE A SHORT NOTE ON CHILD PORNOGRAPHY AND

OBSCENITY
ANS-:Cyber pornography and obscenity are significant concerns in the
realm of IT law, particularly under the Information Technology Act, 2000
(IT Act 2000) in India. The Act includes specific provisions to address the
creation, distribution, and consumption of obscene and pornographic
content in electronic form.
Cyber Pornography:
 Section 67: It penalizes the publication or transmission of obscene
material in electronic form. The punishment for a first conviction can
extend to three years of imprisonment and a fine of up to five lakh
rupees.
 Section 67A: Deals with the punishment for publishing or
transmitting material containing sexually explicit acts or conduct in
electronic form. The imprisonment may extend to five years and a
fine of up to ten lakh rupees.
 Section 67B: Specifically addresses child pornography and
penalizes the publication or transmission of material depicting
children in sexually explicit acts. It includes stringent punishments
to deter such crimes.
Obscenity:
 The term “obscene” is not explicitly defined in the IT Act 2000, but it
generally refers to material that is considered to be offensive or
indecent by community standards. The Act’s provisions against
obscenity aim to protect societal morals and prevent the corruption
of public decency.
Challenges and Enforcement:
 One of the main challenges in regulating cyber pornography and
obscenity is the subjective nature of what is considered offensive,
which can vary widely across different cultures and communities.
 Enforcement is also complicated by the global nature of the internet,
which allows for the rapid and borderless dissemination of content.
Constitutional and Societal Approach:
 The Indian Constitution guarantees freedom of speech and
expression, but it also allows for reasonable restrictions in the
interest of decency and morality.
 The societal approach to cyber pornography and obscenity in India
tends to be conservative, with a focus on maintaining public decency
and protecting vulnerable groups, especially children, from
exposure to harmful content.
In conclusion, the IT Act 2000 provides a legal framework to address
cyber pornography and obscenity, reflecting the need to balance
individual freedoms with the protection of societal values in the digital age.
Continuous updates to the legal framework are necessary to address
emerging challenges and ensure the safety and security of individuals
online. The Act aims to deter the spread of illegal content while navigating
the complexities of regulating such content in cyberspace.
Q. EXPLAIN THE AUTHENTICITY AND SECURITY OF DIGITAL
SIGNATURE UNDER THE INFORMATION TECHNOLOGY
(AMENDMENT) ACT, 2008.
Ans-: The Information Technology (Amendment) Act, 2008, enhanced
the legal framework for digital signatures in India, providing a basis for
their authenticity and security. Here’s an overview:
Authenticity of Digital Signatures:
 Legal Recognition: Digital signatures are legally recognized
under the IT Act, ensuring that electronic records authenticated by
digital signatures are considered equivalent to physical signed
documents1.
 Certifying Authorities: Digital signatures are issued by Certifying
Authorities (CAs) licensed by the Controller of Certifying
Authorities (CCA), which adds a layer of trust and authenticity1.
Security of Digital Signatures:
 Asymmetric Cryptography: Digital signatures use asymmetric
cryptography, involving a private key for signing and a public key
for verification. This ensures that only the authorized signer can
create the signature2.
 Integrity: Any alteration to the signed document after it has been
signed invalidates the digital signature, ensuring the integrity of the
document3.
 Non-repudiation: The signer cannot deny signing the document,
as the digital signature is unique to both the signer and the
document4.
The Amendment Act has strengthened the legal and technical standards
for digital signatures, making them a secure and reliable form of
authentication for electronic transactions and documents.
Q. EXPLAIN THE DUTIES OF SUBSCRIBER UNDER THE
INFORMATION TECHNOLOGY (AMENDMENT) ACT, 2008.

ANS-:The duties of a subscriber under the Information Technology

(Amendment) Act, 2008, are detailed in Chapter VIII of the Act. Here’s a
detailed explanation of the key duties:
1. Generating Key Pair: The subscriber is responsible for generating
a key pair, where the private key is kept confidential, and the
public key is listed in the Digital Signature Certificate (DSC).
2. Acceptance of Digital Signature Certificate: A subscriber must
accept the DSC, which implies that they hold the private key
corresponding to the public key listed in the DSC and that all
information contained within the DSC is true and accurate.
3. Control of Private Key: The subscriber must exercise reasonable
care to retain control of the private key and take all necessary
steps to prevent its disclosure. If the private key is compromised,
the subscriber must inform the Certifying Authority without any
delay1.
4. Duties of Subscriber of Electronic Signature Certificate: In
respect of Electronic Signature Certificates, the subscriber must
perform duties as prescribed by the Act 1.
These duties ensure the integrity and security of digital transactions and
signatures, which are critical for maintaining trust in electronic
communications and commerce.

Q. WHAT DO YOU MEAN BY DATABASE ? HOW THE DATABASES

PROTECTED IN INDIA ? EXPLAIN IN DETAIL IN REFERENCE TO
THE IT ACT 2000.
ANS-: A database is a structured collection of data that is stored and
accessed electronically. It is designed to manage, store, and retrieve
information efficiently. Databases are used in various applications, from
simple systems like a contact list on a phone to complex systems like a
national identity card database.
In India, databases are protected under the Information Technology Act,
2000 (IT Act), which provides a legal framework for electronic
governance and secure electronic transactions. The IT Act includes
provisions for the protection of data and penalties for the breach of data
privacy. Here’s how databases are protected in India in reference to the
IT Act 2000:
1. Secure Electronic Records: The IT Act includes provisions for
secure electronic records and secure electronic signatures,
ensuring the integrity and authenticity of data stored in databases.
2. Regulation of Certifying Authorities: The Act regulates certifying
authorities that issue digital certificates to affirm the authenticity of
the data and the identity of the individuals involved in electronic
transactions.
3. Penalties and Compensation: The IT Act prescribes penalties
and compensation for unauthorized access, damage, and misuse
of data in electronic form. This includes data stored in databases.
4. Reasonable Security Practices: The IT Act, along with the
Information Technology (Reasonable Security Practices and
Procedures and Sensitive Personal Data or Information) Rules
2011, mandates the implementation of reasonable security
practices to protect data, including databases, from unauthorized
access and breaches2.
5. Copyright Protection: Databases may also be protected under
the Copyright Act, 1957, as a literary work, which includes the
 labor and investment involved in compiling, verifying, and
presenting data in a valuable format.
The protection of databases in India is thus a combination of
constitutional rights, statutory provisions under the IT Act, and copyright
law.

Q. DISCUSS AND EXPLAIN THE DOMAIN NAME DISPUTE WITH

SPECIAL REFERENCE TO AKASH ARORA VS YAHOO INC. PTC
1999

ANS-: The domain name dispute case of Yahoo!, Inc. vs Akash Arora &
Anr. is a landmark case in Indian jurisprudence concerning
cybersquatting and intellectual property rights. Here’s a detailed
illustration of the case:
Background
Yahoo! Inc., the plaintiff, owned the well-known trademark “Yahoo!” and
the corresponding domain name “yahoo.com.” Akash Arora, the
defendant, started using the domain name “yahooindia.com” for similar
internet services, which led to the dispute.
Legal Proceedings
Yahoo! Inc. filed a suit against Akash Arora seeking a permanent
injunction to restrain him from using the “yahooindia.com” domain name
or any other mark that is deceptively similar to the “Yahoo!” trademark.
The plaintiff argued that the defendant’s actions constituted passing off
and violated their trademark rights.
Court’s Decision
The Delhi High Court held that the domain name serves the same
function as a trademark and is not a mere address or like finding a
number in a telephone directory. The court recognized the importance of
domain names in the digital age and the potential for misuse through
cybersquatting.
The court concluded that the domain name “yahooindia.com” was
deceptively similar to the “Yahoo!” trademark and that the defendant’s
use of it was likely to cause confusion among consumers, thereby
amounting to passing off. The court issued an injunction restraining
Akash Arora from using the domain name “yahooindia.com” or any other
similar name.
Significance
This case set a precedent in India for the protection of domain names
under the trademark law. It established that domain names could be
legally protected as trademarks, and that cybersquatting could be
challenged under the principles of passing off.
Q. STATE IN BRIEF THE ROLE OF UNCITRAL MODEL LAWS
RELATING TO E-COMMERCE.

ANS-:The UNCITRAL Model Laws play a crucial role in the realm of E-

commerce by providing a legal framework that facilitates and harmonizes
electronic commerce on an international scale. Here’s a detailed
explanation of their role:
Objectives of UNCITRAL Model Laws
The primary objectives of the UNCITRAL Model Laws on E-commerce are
to:
 Remove Legal Barriers: By providing a set of internationally
accepted rules, the Model Laws aim to eliminate legal obstacles that
may hinder the conduct of electronic commerce.
 Enhance Legal Predictability: The laws increase legal
predictability for businesses engaged in electronic commerce,
thereby fostering an environment of trust and confidence.
 Promote Technological Neutrality: The Model Laws are designed
to be technologically neutral, meaning they do not favor any specific
technology, thus accommodating future technological
advancements without the need for additional legislative work.
 Establish Functional Equivalence: They establish the principle of
functional equivalence, which ensures that electronic
communications and documents are given the same legal status as
their paper-based counterparts.
Key Provisions
The UNCITRAL Model Laws on E-commerce include provisions that:
 Recognize Electronic Transactions: They provide legal
recognition to electronic transactions and establish that electronic
 documents cannot be denied legal validity solely because they are
in electronic form.
 Facilitate Electronic Contracting: The laws facilitate the use of
electronic contracts by setting out the requirements for their
formation, validity, and enforceability.
 Protect Electronic Signatures: They ensure the legal validity of
electronic signatures and provide criteria for their reliability and
acceptance.
Impact on International Trade
The UNCITRAL Model Laws have had a significant impact on international
trade by:
 Harmonizing Legal Frameworks: They have helped harmonize
legal frameworks across different jurisdictions, making it easier for
businesses to engage in cross-border electronic commerce.
 Encouraging Paperless Trade: The laws encourage the adoption
of paperless trade practices, which can lead to increased efficiency
and reduced costs in international trade transactions.
The UNCITRAL Model Laws on E-commerce have become a cornerstone
for the legal infrastructure of electronic commerce globally, influencing
national legislations and contributing to the growth and development of
the digital economy.
For more comprehensive insights, you can refer to the analysis and
discussions available in the provided resources.
Q. WRITE A LONG NOTE ON LEGAL REQUIREMENTS OF E-
RECORDS
ANS-: The legal requirements for electronic records, often referred to as
e-records, are crucial for ensuring their validity and admissibility in legal
proceedings. Here’s a comprehensive note on the subject:
Admissibility and Evidentiary Value
Electronic records must comply with specific provisions to be admissible
as evidence in court. In India, the Indian Evidence Act, 1872, particularly
Sections 65A and 65B, lays down the procedure for the admissibility of
electronic records. An electronic record must be attributed to the
originator, and its receipt must be acknowledged by the addressee. The
dispatch and receipt of an electronic record are determined by when it
enters and leaves the computer resources of the originator and
addressee, respectively.
Authentication and Integrity
For an electronic record to be legally binding, it must be authenticated.
This means it should be capable of being attributed to a person who has
the intent to sign the record. The record must be unalterable and maintain
its integrity from the time of its creation to its presentation as evidence.
Digital signatures and other secure electronic signature methods are
commonly used to ensure authentication.
Retention and Preservation
Legal requirements also dictate how electronic records should be retained
and preserved. They must be stored in a manner that allows for their
accessibility and accurate reproduction for the duration of their retention
period. The IT Act specifies that electronic records must be retained in
their original format or in a format that accurately represents the original
information. Additionally, the records must include details that facilitate the
identification of the origin, destination, date, and time of dispatch or
receipt.
Compliance with Privacy Laws
With the growing concern for data privacy, electronic records must also
comply with privacy laws such as the GDPR and the upcoming Indian
Privacy Law. These laws set out requirements for the lawful processing
and storage of personal data, which includes electronic records containing
such data.
Recent Developments
The Bharatiya Sakshya Bill, 2023, aims to address the admissibility of
electronic and digital records as evidence, potentially replacing the Indian
Evidence Act, 1872. This bill reflects the need to update legal frameworks
to accommodate the advancements in technology and digitalization.
In summary, the legal requirements for electronic records encompass
their admissibility, authentication, retention, and compliance with privacy
laws. These requirements ensure that electronic records are treated with
the same level of seriousness and legal recognition as traditional paper-
based documents, facilitating a secure and reliable digital environment.

Q. WRITE A NOTE ON DATA

ANS-: Data is a fundamental concept that refers to the qualitative or
quantitative attributes of a variable or set of variables. It’s typically
collected, observed, or created for reference or analysis. Here’s a
detailed note on data:
Definition and Types of Data
Data can be classified into several types:
 Quantitative Data: Numerical values that can be measured and
expressed in numbers, such as height, weight, temperature, or
age.
  Qualitative Data: Descriptive attributes that are not numerical,
such as colors, names, labels, or characteristics.
 Structured Data: Highly organized information that fits neatly
within a database or a spreadsheet, making it easily searchable.
 Unstructured Data: Information that doesn’t have a pre-defined
model or organization, like emails, videos, or social media posts.
 Big Data: Extremely large datasets that may be analyzed
computationally to reveal patterns, trends, and associations.
Importance of Data
Data is crucial for various reasons:
 Decision Making: Data helps individuals and organizations make
informed decisions by providing evidence and insights.
 Problem-Solving: Analyzing data can help identify the root causes
of problems and find effective solutions.
 Trend Analysis: Data analysis can reveal trends and patterns that
can be used for forecasting and planning.
 Performance Measurement: Data allows for the measurement of
performance and progress against goals.
Data in Computing
In the context of computing and programming, data refers to the
information processed by a computer system. This includes:
 Primitive Data Types: Basic types like integers, floats, and
characters.
 Derived Data Types: Types derived from primitive data types,
such as arrays and pointers.
 User-Defined Data Types: Custom types defined by the user, like
structures and unions.
Data Management
Effective data management is essential for ensuring data integrity,
security, and accessibility. It involves:
 Data Collection: Gathering information from various sources.
 Data Storage: Keeping data in databases, data warehouses, or
other storage systems.
 Data Security: Protecting data from unauthorized access and
breaches.
 Data Analysis: Using statistical and computational methods to
interpret data.
Data and the Law
Data is also subject to legal regulations, especially concerning privacy
and protection. Laws like the GDPR and various national regulations
govern how personal data should be handled by organizations.
Challenges with Data
With the increasing volume and complexity of data, challenges arise:
 Data Quality: Ensuring the accuracy and reliability of data.
 Data Privacy: Protecting individuals’ personal information.
 Data Analysis: Developing sophisticated tools and algorithms for
analyzing large and complex datasets.
Data is a valuable asset in today’s digital world, and its significance
continues to grow as we generate and collect more information every
day. Whether it’s used for scientific research, business analytics, or
personal decision-making, the proper understanding and use of data can
lead to breakthroughs and advancements across various fields.
Q. FORMULATION AND VALIDITY OF E- CONTRACTS’
ANS-; The formulation and validity of electronic contracts, commonly
known as e-contracts, are governed by various legal frameworks to
ensure that they hold the same weight as traditional paper-based
contracts. Here’s a detailed note on the subject:
Formulation of E-Contracts
E-contracts are agreements created and signed electronically, without
the need for physical paper or pen. They can be formed through various
electronic means such as emails, website forms, or electronic
signatures. The formulation of e-contracts involves several steps:
 Offer and Acceptance: Just like traditional contracts, there must
be a clear offer by one party and an acceptance by another.
 Intention to Create Legal Relations: The parties must intend for
the e-contract to be legally binding.
 Consideration: There must be something of value exchanged
between the parties.
 Capacity: Parties must have the legal capacity to enter into a
contract.
 Consent: Consent must be freely given, and parties must agree
on the terms without any form of coercion or fraud.
Validity of E-Contracts
The validity of e-contracts is established by their adherence to the
principles of contract law and specific legislation that recognizes
electronic forms of agreements. In India, the Information Technology
Act, 2000, particularly Section 10-A, states that an electronic contract is
valid and enforceable as long as it complies with the necessary
prerequisites provided under the Indian Contract Act, 18721. The
UNCITRAL Model Law on Electronic Commerce also affirms that
contracts can be made by exchanging data messages, and their validity
should not be denied if they are formed electronically.
Enforceability of E-Contracts
For e-contracts to be enforceable, they must meet the following criteria:
 Authentication: Parties must be able to authenticate the e-
contract through electronic signatures or other secure electronic
means.
 Record Retention: The e-contract must be stored in a way that it
can be reproduced for later reference, maintaining its integrity over
time.
 Compliance with Relevant Laws: E-contracts must comply with
all relevant laws, including those related to consumer protection,
data privacy, and electronic transactions.
Challenges and Considerations
While e-contracts offer convenience and efficiency, they also present
unique challenges:
 Security: Ensuring the security of electronic transactions to
prevent fraud and unauthorized access.
 Jurisdiction: Determining the applicable jurisdiction and laws,
especially in cross-border transactions.
 Technology Dependence: The need for reliable technology and
infrastructure to facilitate the creation and storage of e-contracts.
In conclusion, e-contracts are a modern adaptation of traditional
contracting methods, enabled by advancements in technology. They are
legally recognized and can be as valid and enforceable as paper
contracts, provided they meet all the legal requirements and are
formulated with clear terms and conditions. As the digital landscape
evolves, so too will the laws and regulations governing e-contracts,
ensuring their continued relevance and reliability in the digital economy.