Jurisdiction Issues in Cyber Crime

The jurisdictional issue in cybercrime is a pressing legal challenge, as cybercrimes often transcend national
boundaries, involving individuals, systems, or networks located in multiple countries. Here’s a closer look at the
key issues and legal frameworks involved:
1. Jurisdiction Under Indian Law
• Extraterritorial Provisions: Under the Nyaya Sanhita, 2023, and Section 75 of the IT Act, 2000, India
claims extraterritorial jurisdiction over cybercrimes. The Nyaya Sanhita extends jurisdiction to offenses
committed by:
o Indian citizens abroad.
o Anyone on an Indian-registered ship or aircraft.
o Anyone targeting computer resources within India.
• IT Act, 2000: Section 75 of this Act broadens the scope, covering offenses committed by anyone,
anywhere in the world, if the crime impacts a computer or network in India. However, enforcing Indian
court decisions internationally remains difficult if the offense isn’t illegal in the offender’s country.
Ajay Aggarwal v. Union of India: This case illustrated the principle that Indian courts can assert jurisdiction
over cybercrimes affecting India, even if initiated abroad. Here, the Supreme Court held that a foreign national
could be tried in India because the crime’s effects were felt in India, providing a basis for establishing jurisdiction
in cybercrimes with cross-border impacts.
2. Civil vs. Criminal Jurisdiction in Cyberspace
• Civil Cyber Disputes: For civil matters, jurisdiction is generally based on the location of the parties or
the subject matter. Indian courts often determine jurisdiction based on where a digital transaction
originated, the location of servers, or the business location of the parties involved.
• Criminal Cyber Jurisdiction: With cybercrimes, the boundaries blur, as crimes may involve perpetrators
and victims in different countries. Determining jurisdiction in criminal cases is further complicated when
technology allows perpetrators to mask their locations.
3. International Challenges and Cooperation Needs
• Technical Anonymity: Cybercriminals frequently use VPNs, encrypted networks, and offshore servers to
hide their identity, making it difficult to establish where the crime originated.
• Need for Global Cooperation: Due to the cross-border nature of cybercrime, international treaties like
the Budapest Convention provide frameworks for international cooperation. India’s absence from this
convention limits its ability to quickly collaborate with other nations on cybercrime cases, though efforts
are underway to improve global collaboration.
4. Limitations and Future Directions
• While Indian laws provide a framework for addressing cybercrimes, enforcing extraterritorial jurisdiction
depends on reciprocal legal arrangements with other countries. Without mutual treaties or agreements,
international courts may not recognize Indian rulings on cybercrimes committed abroad.
 Cyber Crime under the Information Technology Act: A National
Perspective

The Information Technology Act, 2000 (IT Act), and its associated IT Rules serve as
the primary legal framework for addressing cybercrimes in India. Over time, the Act has
evolved to cover a wide range of cyber offenses, from hacking and cyberstalking to
online fraud and identity theft. Additionally, the Companies Act, 2013 and Bharatiya
Nyay Sanhita (BNS) provisions also impact how cybercrimes are dealt with, particularly
in corporate and legal contexts.
Key Provisions of the Information Technology Act, 2000 (IT Act)
1. Cybercrimes Defined
The IT Act specifically criminalizes various forms of cybercrime, including hacking,
identity theft, cyberstalking, and email fraud. The Act defines offenses that use
computers, mobile phones, and internet networks as tools or weapons.
2. Section 66: Hacking
o Punishment: Imprisonment for up to 3 years and/or a fine of ₹5 lakh.
o Details: Unauthorized access or modification of computer systems, networks, or
data.
3. Section 66C: Identity Theft
o Punishment: Imprisonment for up to 3 years and/or a fine of ₹1 lakh.
o Details: Fraudulent use of someone’s personal information to commit a crime.
4. Section 66D: Cheating by Impersonation
o Punishment: Imprisonment for up to 3 years and/or a fine of ₹1 lakh.
o Details: Cyber fraud by impersonating others online to cheat or deceive.
5. Section 67: Publishing Obscene Material
o Punishment: Up to 5 years of imprisonment and a fine of ₹10 lakh.
o Details: Publishing or transmitting obscene material, including pornography, via
digital platforms.
6. Section 67B: Child Pornography
o Punishment: Imprisonment for up to 5 years and a fine of ₹10 lakh for the first
offense, with harsher penalties for subsequent offenses.
o Details: Distribution of child pornography is strictly prohibited.
7. Section 70: Protected Systems
o Punishment: Imprisonment of up to 10 years and/or a fine.
o Details: Unauthorized access or attack on critical national infrastructure or
protected systems.
8. Section 72: Breach of Confidentiality and Privacy
o Punishment: Up to 2 years in prison and a fine of ₹1 lakh.
o Details: Disclosing confidential information or violating the privacy of individuals.
9. Section 85: Offenses by Companies
 o Punishment: Companies can be held responsible for cybercrimes committed by
their employees.
o Details: Organizations can be penalized for failing to prevent cybercrimes within
their operations
o
Companies Act, 2013
The Companies Act, 2013 includes provisions that impact how businesses handle
cybercrimes, particularly in cases of data breaches, identity theft, and fraud.
• Section 134: Directors’ Responsibility
Directors are responsible for ensuring the organization has implemented adequate
measures to prevent cybercrimes. Failure to do so can lead to personal liability for the
board members.
• Section 447: Fraudulent Activities
Deals with fraud committed by the company, including cyberfraud, and prescribes severe
penalties, including imprisonment, for fraudulent activities.
• Section 29: Corporate Governance
This section encourages businesses to have a robust corporate governance structure that
includes cybersecurity measures to prevent online fraud and misuse of information.

Bharatiya Nyay Sanhita (BNS) Provisions

The BNS provisions, proposed as a part of India's new criminal law, also address
cybercrimes. They aim to expand the scope of crimes covered under the Indian Penal
Code (IPC) and include provisions that focus on technology-related offenses.
• Cyber Terrorism: The BNS provisions cover acts of cyber terrorism, including attacks
on critical national infrastructure and spreading false information to incite panic or
violence.
• Identity Fraud: BNS has provisions for identity fraud, including the misuse of digital
identity for committing crimes.
• Cyberbullying and Harassment: New provisions for online harassment, including the
use of technology for stalking, defamation, or blackmail
Cyber Crime Under Information Technology Act: International Perspective
United States: The United States has enacted comprehensive laws to address cybercrime, aimed at safeguarding
information systems, ensuring privacy, and protecting intellectual property rights. Key legislations include:
1. Federal Statutes Governing Intellectual Property Rights:
o The U.S. legal framework addresses various IP-related cybercrimes, including:
▪ Copyright and Trademark Offenses: Criminalizing unauthorized use and distribution.
▪ Trade Secret Offenses: Protecting proprietary information from unauthorized access.
▪ Misuse of Dissemination Systems: Targeting unauthorized sharing or use of IP materials
online.
2. Electronic Communications Privacy Act (ECPA) of 1986:
o This act prohibits unauthorized electronic eavesdropping, protecting individuals’ private
communications.
3. CAN-SPAM Act (2003):
o Governs commercial emails, banning false header information, deceptive subject lines, and
requiring clear opt-out methods. Violations can lead to significant fines and even imprisonment in
certain cases.
4. Federal Information Security Management Act (FISMA) of 2002:
o This act mandates federal agencies to implement secure systems to protect government data.
The U.S. has established strict investigation and sentencing protocols, with agencies like the FBI playing a pivotal
role in enforcing these laws, reflecting the country's proactive approach toward cybercrime prevention.
United Kingdom: The United Kingdom has a structured approach to combat cybercrime, focusing on
unauthorized access and modification of data. Key legislations include:
1. Computer Misuse Act (1990): This act categorizes cybercrimes into:
▪ Unauthorized Access to Computer Material: Punishable by fines and prison sentences.
▪ Unauthorized Access with Intent: Where further offenses are intended.
▪ Unauthorized Modification of Computer Material: Addressing actions such as altering
or damaging data.
2. Police and Justice Act (2006):
o The 2006 Act amended the Computer Misuse Act to address emerging cyber threats and strengthen
penalties. It increased maximum prison sentences for unauthorized access and introduced
measures to reflect technological advancements over the years.
Both the U.S. and the U.K. have developed a robust legal framework to combat cybercrime, with respective
amendments to adapt to the rapidly evolving cyber landscape. These legislations serve as a model for international
efforts in protecting cyberspace
International Conventions on Cyber Crime
In the context of cyber law, international conventions are agreements between countries that establish global
standards and frameworks for addressing cybercrime, data protection, and digital security. These conventions aim
to facilitate cooperation between nations in combating cyber threats, such as hacking, identity theft, and online
fraud, which often cross national borders. They set out legal obligations for member states to criminalize certain
online activities, ensure the protection of electronic data, and enhance law enforcement's ability to investigate and
prosecute cybercrimes. By providing a unified approach, these conventions help countries work together more
effectively in tackling the complex and rapidly evolving challenges of cyberspace.
1. Budapest Convention: The Budapest Convention on Cybercrime, formally known as the Council of Europe
Convention on Cybercrime, was adopted in 2001 and is the first international treaty aimed at addressing crimes
committed over the internet and other computer networks. The Convention focuses on criminalizing a wide range
of cybercrimes, including illegal access to computer systems, data interference, computer-related fraud, and the
distribution of child pornography. It also provides procedural law tools to enhance the investigation of
cybercrimes and secure electronic evidence, which is vital for criminal justice.
• Criminalization of Cybercrime: It mandates the criminalization of cybercrimes like unauthorized access
to systems, data manipulation, fraud, and child pornography.
• Procedural Tools for Law Enforcement: The Convention provides tools for effective international
cooperation, aiding investigations and securing evidence in cases related to cybercrime.
• International Cooperation: It promotes international police and judicial cooperation, with an emphasis
on mutual assistance for criminal investigations across borders.
In 2014, the Council of Europe established a dedicated Programme Office on Cybercrime (C-PROC) in
Bucharest, Romania, to provide a dynamic framework under the Convention, including follow-ups, assessments,
and capacity-building initiatives for member states.
India’s Cybercrime Strategy:
India’s approach to cybercrime remains cautious regarding the Budapest Convention. It has not yet joined the
Convention, citing several concerns:
• Non-participation in negotiations: India did not take part in the Convention's formation and cannot
influence its provisions.
• Sovereignty Concerns: The Convention allows transborder access to data, which could infringe on
India’s national sovereignty, especially when data is stored in foreign jurisdictions.
• Focus on Criminal Justice: The Convention’s focus is on individual or group cybercrimes, leaving out
state-sponsored cyberattacks, which are a growing concern for India.
• Lack of Human Rights Safeguards: The Convention has been criticized for not adequately protecting
human rights, particularly regarding privacy and due process.
India has been advocating for a UN-level treaty on cybercrime, focusing on international security and
terrorism. The country believes a global treaty should concentrate on state-to-state relations and cybersecurity,
rather than primarily addressing criminal justice issues.
 2.Russia-led Resolution

The Russian-led proposal, called "Countering the Use of Information and Communications Technologies for Criminal
Purposes," was presented at the United Nations General Assembly (UNGA). The aim of this proposal is to create a new
international treaty for countries to share information and work together to prevent cybercrime.

India voted in favor of this proposal, even though it is not a member of the Budapest Convention, a European-led treaty on
cybercrime. India has been avoiding joining the Budapest Convention but supports Russia's push for a separate UN treaty
on cybercrime.

This move follows Russia's earlier attempts, like the 2017 proposal for a "UN Convention on Combating Cybercrime."
India's support for Russia shows that it prefers a UN-based framework for handling cybercrime over regional ones like the
Budapest Convention

Mobile Phones and Crimes: An Overview

Telecommunication in India has evolved significantly, from its introduction in 1882 to the arrival of
mobile technology in 1995 and the rise of smartphones post-2005. With this rapid advancement in
technology, crimes utilizing these technologies have also evolved. While security measures in
mobile technology have improved, they have not kept pace with the rising crime rates. One key
issue is that many people fail to believe they can become victims of these crimes.
Mobile technology-related crimes fall under the broader category of cybercrimes, which can be
defined as any crime where a computer or device is used as a tool or weapon to commit illegal
activities. Despite the general association with laptops and desktops, modern devices like
smartphones are also vulnerable to such crimes.

Types of Mobile Crimes

1. Mobile Hacking
Hacking involves illegal intrusion into mobile devices, networks, or communication
systems. Hackers use programs to attack targets like mobiles or communication devices,
making it a form of cybercrime.
2. Mobile Cyber Defamation
This crime involves sending derogatory or obscene messages, often through SMS or
email, to damage a person's reputation.
3. Mobile Pornography
The internet has made it easier for criminals to abuse children, with mobile phones being
a tool to spread pornography. This is punishable under Section 67B of the Indian
Information Technology Act, 2000.
4. Identity Theft
Mobile phones are increasingly used in identity theft crimes, such as subscription fraud,
where criminals impersonate others to steal personal information.
5. Cloning or Re-chapping of Mobile Phones
Mobile cloning involves programming one phone to imitate another, using stolen
identifiers such as the ESN (Electronic Serial Number). New technology has enabled the
creation of phones that can scan and clone identities from nearby phones.
6. Mobile Cyber Stalking
Cyberstalking involves repeated harassment through mobile phone services and the
internet, such as threatening calls or messages. This can escalate into violent acts and is
considered a serious crime.
7. Denial of Service Attack (DoS)
In this type of attack, criminals flood the victim’s network or email with spam, preventing
them from accessing their services.
8. Mobile Virus Dissemination
Mobile viruses attach themselves to software, infecting mobile phones and
communication devices. This malicious software can disrupt device functions.
9. Mobile Software Piracy
Piracy occurs when mobile software is illegally copied, distributed, or counterfeited,
bypassing legal purchase or use.
10.Mobile Credit Card Fraud
This involves unauthorized use of a mobile device to make illegal purchases using a
stolen credit card.
11.Mobile Phishing
Mobile phishing refers to sending fraudulent emails that appear to come from legitimate
mobile service providers, attempting to steal personal information from users for identity
theft.