A general definition of cyber law states that it is a legal framework that governs all legal issues relating to the internet, computer systems, cyberspace, and information technology.
As the world grows more digitized and cloud-based, the computer and technology industries continue to thrive and adapt. Hackers and other cybercriminals routinely conduct information leaks, data breaches, and outright attacks as technology has become more pervasive in business and consumer affairs. The old saying "the best defense is a good offense" holds true in fields using computers. The need to protect users, networks, and the cloud is greater than ever as fraudsters become more cunning. Any illegal behavior that makes use of a computer as a tool, a target, or both is referred to as cybercrime. The world of the internet created by computers is known as cyberspace, and the rules that govern it or are now in force in this area are known as cyber laws or also known as IT laws. Since these regulations have global reach, they apply to all users of this cyberspace.
Cyber security is governed by a wide variety of laws, many of which are geographically territorial in nature. The penalties for the same range from fines to jail depending on the offense committed. The first cyber law to ever be passed was the Computer Fraud and Abuse Act of 1986. It forbids the misuse of digital data as well as unlawful access to computers.
Cybercrimes have increased along with internet usage. Today's media is filled with reports of various cybercrimes, including child pornography, crypto jacking, identity theft, and cyber terrorism. In cybercrimes, a computer is a tool, a target, or both that is used to carry out illegal activity. Electronic commerce (e-commerce) and online stock trading have dramatically increased in our quickly evolving digital age, increasing the number of cybercrimes.
The most prevalent type of crime in contemporary India is cybercrime, which has a catastrophic effect. Criminals not only seriously harm society and the government, but they also greatly conceal their identity. Technically skilled criminals engage in a number of illegal activities online. Although the term "cybercrime" is not defined in any act or statute approved by the Indian legislature, it has occasionally been interpreted by Indian courts. In India, cyber law is made up of a mix of intellectual property laws, contract laws, data protection laws, and privacy laws, with intellectual property being the most important aspect of information technology laws.
As computers and the internet take over the world and every part of our lives, cyber laws are becoming increasingly important. Cyber laws will regulate the digital exchange of information, e-commerce, software, information technology, and monetary activities. Cyber law encompasses all of these legal structures and regulating mechanisms, and these laws are critical to the success of electronic commerce.
The Model Law on Electronic Commerce on International Trade Law, which was accepted by the General Assembly of the United Nations in a resolution dated January 30, 1997, is what led to the creation of the Information Technology Act.
This resolution recommended, among other things, that all states give the aforementioned Model Law favorable consideration when revising or enacting new laws in order to maintain consistency among the laws of the various cyber-nations that apply to electronic alternatives to paper-based methods of communication and information storage. The bill was written by the Department of Electronics (DoE) in July 1998. However, it wasn't until the new IT Ministry was established on December 16, 1999 (after a lapse of over 1.5 years) that it could be introduced in the House. It underwent significant change as a result of suggestions made by the Commerce Ministry about e-commerce and issues relating to World Trade Organization (WTO) responsibilities.
Then, this joint proposal was reviewed by the Ministry of Law and Company Affairs. Following demands from the Members, the bill was submitted to the 42-member Parliamentary Standing Committee after it was introduced in the House. The bill will now include many recommendations from the Standing Committee. The Ministry of Information Technology only accepted proposals, though, so those were the only ones that were included. One of the ideas that generated a lot of discussion was the requirement that a cyber café proprietor keep a registration of the names and addresses of all customers as well as a list of the websites they visited.
The Information Technology Bill was endorsed by the Union Cabinet on May 13 and passed by both chambers of the Indian Parliament on May 17. The Information Technology Act of 2000 was created after the President gave his approval to the bill on June 9th, 2000. The Act became operative on October 17, 2000.
With time, as technology advanced and new ways of committing crimes online and through computers emerged, it became necessary to revise the IT Act, 2000 to include new categories of cyber offenses and close other gaps that prevented the law's effective implementation. As a result, the Information Technology (Amendment) Act, 2008 was passed and went into force on October 27, 2009. The IT Act of 2000 has undergone significant revisions as a result of the IT (Amendment) Act of 2008.
SYNOPSIS OF CYBERCRIME
Any criminal activity involving a computer, networked device, or other connected equipment is considered a cybercrime.
Some cybercrimes are performed with the intention of generating income for the offenders, while others are committed with the express objective of damaging or incapacitating the computer or other equipment. It's also possible for uninvited parties to utilize computers or networks to spread malware, illegal data, images, or any other kind of content.
Cybercrime enables a wide range of financially motivated criminal actions, such as ransomware attacks, email and internet fraud, identity theft, and frauds involving bank accounts, credit cards, or other payment cards. The goal of cybercriminals may be to steal and sell both personal and business data. Cybercrime includes "virtual only" offenses including the dissemination of unauthorized images, documents, or private information.
Professional programming teams are also included in this group; they provide digitally stated efforts and products to everyone, from governments to unidentifiable individuals, including denial of service attacks and accountability for traded off systems. We will spend more time online, which will lead to an increase in the frequency of bad online activity. Law enforcement will undoubtedly go further online as a result of this trend.
The Information Technology Act, 2000 and the Indian Penal Code, 1860 both apply to cybercrimes in India. The Information Technology Act of 2000 is the law that addresses matters relating to online crime and internet trade. The Act was modified in 2008 to include a definition and punishment for cybercrime, nevertheless. Additionally, changes were made to the Reserve Bank of India Act and the Indian Penal Code 1860.
We do not have a specific definition of cybercrime however the Oxford Dictionary defines cybercrime as follows: “Criminal activities committed via computers or the Internet.”
DIFFERENT FORMS OF CYBER CRIME
The practice known as ‘cyber grooming’ is developing a rapport with an adolescent in order to coerce, tease, or even force them into engaging in sexual activity.
A cyber bully is someone who uses electronic tools like computers, mobile phones, laptops, etc. to harass or bully others. Cyber bullying is the term for bullying that takes place online.. It could involve the usage of social media, messaging services, gaming platforms, and mobile devices. This frequently entails repeating actions meant to frighten, infuriate, or degrade the targets.
Cyber stalking is the practice of harassing or stalking someone over the internet or through other technological means. Through texts, emails, social media posts, and other channels, cyber stalking is frequently persistent, methodical, and intentional.
Child sexual exploitation or child pornography (CSAM):
Child sexual abuse materials (CSAMs) are, in the broadest sense, any type of media that includes sexual imagery of any kind that may show the victimized or exploited child. A provision in the Information Technology Act specifies that it is unlawful to publish or transmit any content electronically that shows youngsters engaging in sexually explicit behavior.
Identity theft and impersonation:
When someone fraudulently uses an electronic signature, a password, or any other unique identifier on another person's behalf, they are engaging in impersonation or risking identity theft.
Vishing involves utilizing victims' phones to steal private information. To trick victims into disclosing personal information and granting access to personal accounts, cybercriminals employ sophisticated social engineering techniques. Vishing connives to convince victims that they are being courteous by returning the call, much like phishing and smishing do. Many times, callers will pose as representatives of the government, the tax authority, the police, or the victim's bank.
Online sextortion: These criminals use threats to coerce victims into providing them with a sexual image, a sexual favor, or money.
Phishing fraud occurs when an email purports to be from a reliable source but actually contains a harmful attachment that is intended to steal the user's personal information, such as their ID, IPIN, Card number, expiration date, CVV, etc., before selling the data on the dark web.
Trojans, worms, and viruses:
A programme known as a computer virus is made to penetrate your computer, damage or alter your files or data, and then replicate itself. Worms are malicious software applications that duplicate themselves on the local drive, network shares, and other sites. A virus is not the same as a Trojan horse. It's a malicious programme posing as a trustworthy programme. Trojan horses can be just as deadly as viruses despite not replicating themselves. Trojans give malicious people and applications a backdoor into your computer, allowing them to steal sensitive and private data.
Debit card fraud or credit card fraud:
These crimes involve making unlawful transactions using or withdrawals from another person's card in order to access their funds. Credit/debit card fraud is the use of a customer's account to make unauthorized purchases or cash withdrawals. When a criminal has access to the cardholder's debit/credit number or personal identification number, fraudulent conduct takes place (PIN). Hackers or dishonest employees may get your information.
CYBER LAWS IN INDIA
India's cyber laws have aided in the growth of electronic commerce and government by ensuring maximum connection and reducing security concerns. Additionally, this has increased the scope and efficiency of digital media and made it accessible in a larger range of applications.
Information Technology Act, 2000
The Information Technology Act, which came into effect in 2000, regulates cyber laws in India. The main goal of this Act is to safeguard e-Commerce's legal protection by making it simple to register real-time records with the government. The sophistication of cybercriminals and people's propensity to abuse technology led to a number of adjustments. The Information Technology Act highlights the severe penalties and sanctions enacted by the Indian Parliament to protect the e-government, e-banking, and e-commerce industries. The scope of Information Technology Act has been expanded to include all modern communication devices. Some of the important provisions of the act are as follows:-
▪ Section 43: This section of the IT Act is applicable to those who commit cybercrimes, such as harming the victim's computer without the victim's consent. If a computer is damaged in such a case without the owner's permission, the owner is completely entitled to a refund for the whole damage.
▪ Section 66: Applies to any dishonest or fraudulent behavior covered by Section 43. In such cases, the maximum penalty is three years in prison or a fine of Rs. 5 lakh.
▪ Section 66B: This section outlines the consequences of receiving computers or other electronic equipment that have been fraudulently obtained, and it indicates a potential three-year prison sentence. A fine of up to Rs. 1 lakh may also be imposed, depending on the severity.
▪ Section 66C: Digital signatures, password hacking, and other types of identity theft are the main topics of this section. This section carries a fine of one lakh rupees and a maximum sentence of three years in prison.
▪ Section 66D: This section discusses computing resources personation cheating. If found guilty, the penalty carries a maximum three-year prison sentence as well as a maximum fine of Rs. 1 lakh.
▪ Section 66F: Terrorism committed online. If found guilty of a crime, a person could spend the rest of their life in prison. As an illustration, consider the time when an email threat was issued to the National Stock Exchange and the Bombay Stock Exchange, challenging the security authorities to thwart a terror attack plot against these institutions. The offender was captured and charged in accordance with Section 66F of the IT Act.
▪ Section 67: Obscene material is being electronically published in this. If found guilty, the maximum prison sentence is five years, and the maximum fine is Rs. 10 lakh.
INDIAN PENAL CODE, 1860 (IPC):
The following IPC sections may be used by law enforcement agencies if the IT Act is insufficient to address particular cybercrimes:
▪ Section 292: Although the original intent of this section was to address the sale of pornographic materials, it has since developed to cover a variety of cyber offences as well. This section also applies to how pornographic or sexually explicit activities or exploits of youngsters are publicized or distributed electronically.
▪ Section 420: This section discusses deception and coercing the delivery of property. Under this clause, cybercriminals who commit offenses including fabricating websites and conducting online fraud face a seven-year prison sentence in addition to a fine. This part of the IPC deals with offenses including creating fraudulent websites or stealing passwords for financial gain.
▪ Section 463: This section addresses electronic document or record falsification. Under this clause, spoofing emails is punishable by up to 7 years in prison and/or a fine.
▪ Section 465: This section usually discusses how forgery is punished. Under this section, offenses including email spoofing and creating fraudulent papers online are dealt with and penalized with up to two years in prison, fines, or both.
▪ Section 468: Fraud that is committed with the intent to defraud is punishable by a seven-year prison term and a fine. Email spoofing is also prohibited by this provision.
IT RULES (INFORMATION TECHNOLOGY RULES):
The following are some of the aspects of data collection, transmission, and processing that are covered by the IT Rules:
▪ The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011:
These regulations require companies holding sensitive personal information about individuals to uphold specific security standards.
▪ The Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021:
These rules regulate the function of intermediaries, particularly social media intermediaries, to protect the safety of users' data online and to stop the spread of dangerous content online.
▪ The Information Technology (Guidelines for Cyber Cafe) Rules, 2011:
These regulations state that cybercafés must register with the proper organization and keep a record of patrons' names and internet usage.
▪ The Information Technology (Electronic Service Delivery) Rules, 2011:
In essence, these rules provide the government the power to mandate that certain services, such applications, certificates, and licenses, must be delivered electronically.
COMPANIES ACT, 2013:
The Companies Act of 2013 is viewed by the majority of corporate stakeholders as being the most important legal need for effectively managing daily operations. This Act codifies the necessary techno-legal requirements, posing a challenge to noncompliant businesses by putting the legislation into effect.
The SFIO (Serious Fraud Investigation Office) is given authority to look into and prosecute serious frauds perpetrated by Indian firms and their directors as part of the Companies Act 2013 (Act).
The Companies Inspection, Investment, and Inquiry Rules, 2014 announcement has caused the SFIOs to take this matter even more seriously and proactively. The legislation made sure that every component of cyber forensics, e-discovery, and cyber security diligence is sufficiently addressed by making sure that all regulatory compliances are properly covered. In addition, the 2014 Companies (Management and Administration) Rules establish a stringent set of principles that confirm the cyber security requirements and responsibilities of corporations.
Shamsher Singh Verma vs State Of Haryana on 24 November, 2015
After having his request to display the Compact Disc submitted to the court for defense and to have it proven by the Forensic Science Laboratory rejected by the HC, the accused filed an appeal before the SC. Whether, in accordance with Section 294 (1) of the CrPC, Compact Disc necessitates a personal admission or denial from the complainant or witness regarding a document.
Avnish Bajaj Vs State (NCT) of Delhi (2008) 150 DLT 769
Avnish Bajaj, the CEO of Bazee.com, was detained in this case for screening cyber pornography in accordance with Section 67 of the IT Act. However, someone else was selling copies of a CD containing sexual content on the Bazee.com website.
The court found that Mr. Bajaj was not involved in the broadcast of obscene material. On the Bazee.com website, which earns a commission and makes money from sales and advertisements made on its pages, such content could not be seen. The evidence shows that someone other than Bazee.com was responsible for the cyber pornographic offence, the court notes. In exchange for two sureties of Rs. 1 lakh apiece, the CEO has granted bail. The burden of proof is with the accused, who must demonstrate that he was merely a service provider and not a content creator.
Devidas Ramachandra Tuljapurkar Vs the State of Maharashtra (2015) 6 SCC 1
When a poem including historical personalities was published, the Supreme Court considered whether Section 292 of the Indian Penal Code applied to the case. Due to the fact that the poem had already been performed and published by others, as well as the fact that he offered an unreserved apology prior to the start of the proceedings after hearing the views of specific employees, the court dismissed the claims. According to the court, the community standard test is employed to determine whether anything is obscene. The question of whether the contested matter falls within one of the exceptions listed in the section may come up after the matter has been declared to be obscene.
Christian Louboutin SAS Vs Nakul Bajaj &Ors (2018) 253 DLT 728
An e-commerce portal was sued by a high-end shoe manufacturer for enabling trademark infringement with a vendor of knockoff shoes. If the plaintiff's trademarks, logos, and images are protected under Section 79 of the Information Technology Act, may the defendant use them? According to the Court, the defendant is more than just a middleman because the website has all authority over the goods supplied through its platform. It acknowledges and encourages independent traders to market their goods. The court further declared that the active involvement of an e-commerce platform would shield it from the privileges accorded to intermediaries under Section 79 of the IT Act.
Shreya Singhal Vs Union of India AIR 2015 SC 1523
The two women were detained in accordance with Section 66A of the IT Act on suspicion of posting offensive remarks on Facebook regarding Mumbai's total closure following the death of a political figure.
According to Section 66A of the IT Act, anyone found to have distributed offensive, misleading, or otherwise harmful material through the use of a computer resource or communication faces a prison sentence. In a petition, the women argued that Section 66A of the IT Act is unconstitutional because it violates their right to free speech and expression. Before the Supreme Court, Section 66A of the IT Act's legality was contested. Three concepts—discussion, advocacy, and incitement—were covered by the court as it announced its ruling. The court held that the fundamental right to freedom of speech and expression is the ability to advocate for a cause, no matter how unpopular it may be. The court determined that section 66A is unclear, violates the right to free speech, and includes innocent speech in its purview.
It amended the IT Act, 2000 to eliminate an arbitrary clause and supported Indian citizens' fundamental right to free speech. It was of the opinion that even when section 66A is repealed, provisions in the Indian Penal Code, 1860 will still be applicable, forbidding communication that is racist, insults a woman's modesty, promotes hostility, uses abusive language, intimidates criminals, is racist, etc.
Technological development has led to the emergence of unpleasant aspects on the dark web. Intelligent people have turned the Internet into a tool for wicked activities, which they occasionally use for financial benefit. Cyber laws therefore enter the picture at this time and are crucial for every person.
Some actions are categorized as gray activities that are not subject to legal regulation because cyberspace is a very challenging area to manage. India has taken a big step toward eliminating cybercrime with the adoption of the Information Technology Act and the giving of exclusive powers to the police and other authorities to combat cybercrime.
With people relying more and more on technology, both in India and around the world, cyber laws need to be updated and improved on a regular basis to keep up. As a result of the pandemic, there has also been a large rise in the number of remote workers, which has raised the requirement for application security. Legislators must take further efforts to stay ahead of the imposters so they can take action against them as soon as they emerge.
Cybercrime cannot be completely eliminated from the internet. They can only be examined carefully. History has proven that no policy has ever been able to eradicate crime globally. The only way to stop crime is to make laws more strictly enforced and to educate people about their rights and obligations (such as reporting crime as a shared duty to society). Without a doubt, the Act marks a turning point in the development of cyberspace.
However, the decision to take part in the battle against cybercrime ultimately rests with the users. The only way for the development of online safety and resilience to occur is by taking into account these stakeholders' actions and ensuring they adhere to the rules of cyberspace.
--  The Information Technology Act, 2000, No. 21, Acts of Parliament, 2000 (India).  Oxford by Lexico, https://www.lexico.com/definition/cybercrime  Section 67B in The Information Technology Act, 2000 Section 43 in The Information Technology Act, 2000 Section 66 in The Information Technology Act, 2000 Section 66B in The Information Technology Act, 2000 Section 66C in The Information Technology Act, 2000 Section 66D in The Information Technology Act, 2000 Section 66F in The Information Technology Act, 2000 Section 67 in The Information Technology Act, 2000 Section 292 in The Indian Penal Code Section 463 in The Indian Penal Code Section 465 in The Indian Penal Code Section 468 in The Indian Penal Code
This article is written by Ashish Lobo of G.J. Advani Law College, Mumbai.