The term "cyberspace" refers to a worldwide computer network that facilitates online communication. It enables users to, communicate and interact, exchange information, express ideas and opinions, do commerce, and perform a variety of other tasks. Wherever there is digital data, opportunity, or motivation, cybercrime can begin. Cybercriminals come in all shapes and sizes, from a single user indulging in state-sponsored attackers to cyberbullying.
Cybercrime does not occur in a vacuum; it is a diffused phenomenon in many ways. To put it another way, hackers frequently solicit the assistance of third parties to carry out their schemes. To prevent and regulate such instances, legislations and statutes are created.
Cybercrime in India
Cybercrime can simply be explained as illegal acts carried out using computers or the internet. There are various forms and types of cybercrimes not just confined to India, but to countries all over the world.
i. Identity Theft: When a person gathers a user's personal information and uses it to commit fraud related to tax or health insurance, steal, acquire access to sensitive data, or.
ii. Phishing: In such assaults, hackers send URL’s or malicious email attachments to victims in order to gain access to their computers and accounts.
iii. Cyber Stalking: Cyberstalking is when criminals follow one on social media accounts in order to gain one’s personal information so that they can exploit it to obtain benefits in one’s name. This form of behavior includes threats, sexual harassment, libels, slander and other behaviors aimed at intimidating, influencing or controlling its victim. iv. Botnets: Botnets are hacker-controlled networks of infected machines. Remote hackers then utilize these botnets to attack systems or send spam. They can also act as malware or be used to carry out malicious tasks.
Cyber Law in India
Cybercrime includes mischief, forgery, theft, fraud and defamation, all of which are punishable under the Indian Penal Code. The Information Technology Acti regulates a wide range of new-age crimes that have arisen as a result of computer usage. The Indian Penal Code 1860, Indian Evidence Act 1872, the Bankers' Books Evidence Act 1891, and the Reserve Bank of India Act 1934 were all immediately altered by the IT Act. Sections of these Acts have been changed to bring them up to date with modern technology. By assuring tight legal recognition and placing them under the spotlight, these changes attempted to tone down all electronic transactions/communications.
The Information Technology Actin India contains cyber laws. The major goal of this law is to give e-commerce and electronic formats legal status, as well as to make filing electronic documents with the government easier. Cybercrime, electronic formats, authentication, information and digital signatures, and network service provider liability are all covered by this regulation. The United Nations Model Law on Electronic Commerce 1996 (UNCITRAL Model) was recommended by the UNGA in a decision dated 30 January 1997.
The Indian Cyber Law makes any electronic format legal, which makes it possible to write, share, and publish anything online. It legalizes all electronic contracts, suggesting that a legitimate and binding electronic contract can be established and accepted electronically. The concept of digital signatures and electronic authentications is recognized and legalized by the Indian Cyber Law. The law criminalizes practically all types of cybercrime and punishes those who commit them. It also punishes people of other nationalities if their crimes are committed on an Indian computer or network.
The I.T Act was amended in 2008. In order to make the Act more technology-neutral, "digital signature” had been substituted with the term "electronic signature." The term 'communication device' had been established. Cell phones, personal digital assistants, or a combination of the two, as well as any other device used to send or receive image, audio, video and text or to communicate in general were included. "Cybercafe" was elaborated upon as "any facility from which any person in the ordinary course of business provides access to the internet to members of the public." Additionally, new sections on data protection and privacy had been included.
NASSCOM v. Ajay Sood & Othersii is an important case. Under the guise of NASSCOM, the defendants produced and sent emails to third parties in order to collect personal data for headhunting purposes. The Delhi High Court, according to the Court, acknowledged the plaintiff's trademark rights and issued an ex-parte ad interim injunction barring the defendants from using the trade name or any other name confusingly similar to NASSCOM. It was also unlawful for the accused to claim NASSCOM membership or affiliation. During the course of the inquiry, it was discovered that the defendants' names were made up on the defendants' orders in order to avoid detection and legal action. For infringing on the plaintiff's trademark rights, the defendant was ordered to pay damages. The Supreme Court created history when it ruled that online "phishing" is illegal and subject to injunctions and damages recovery.
Poona Auto Ancillaries Pvt. Ltd., Pune v. Punjab National Bank, HO New Delhi & Othersiii is also a landmark case. Maharashtra's IT secretary, Rajesh Aggarwal, had directed Punjab National Bank (PNB) to pay Rs 45 lakh to the MD of Pune-based Poona Auto Ancillaries, Manmohan Singh Matharu. A fraudster deposited Rs 80.10 lakh into Matharu's PNB account in Pune after he reacted to a phishing email. The complainant was urged to share the blame because he reacted to the phishing email, but the bank was held guilty due to a lack of adequate security checks against fraudulent accounts created to fool the Complainant.
Despite the legislative’s aim of being modern and fitting for the new era, there had been an instance wherein certain section of the act confined certain aspects of the Fundamental Rights Provided under the third part of the Indian Constitution. This was seen in the case of Shreya Singhal Vs. Union of Indiaiv. In this case, Shaheen Dhaba and Renu Srinivasan were arrested by Mumbai police in 2012 for participating in a Bandh in the aftermath of Shiv Sena president Bal Thackrey's death. They conveyed their dissatisfaction by leaving Facebook remarks. They were also imprisoned under the Information Technology Act(Section 66 A), but were released. It was thought that the police had abused their authority by citing section 66 A, saying that it violated, among other things, freedom of speech and expression. The Court found that section 66 A is arbitrary and infringed on people's right to freely express themselves on the internet since it violated Article 19(1)(a). Justice Nariman emphasized the different measures that can be used to assess when speech restrictions are allowed under Article 19(2) of the Indian Constitution.
Analysis of the Act
The IT Act of 2000 strives to reform outdated legislation and give cybercrime solutions. It establishes a crucial legal framework to ensure that information does not lose its legal significance, validity, or enforceability just because it is kept electronically. In light of the increasing number of communications done via electronic form of records, the act aims at empowering government departments to accept creation, filing and storage of official documents in a digital format. Companies can use any electronic form allowed by the Government to file any application, form of document of other nature with any agency, body, authority or office, managed or owned by the responsible Government. It additionally tackles the essential security issues that are crucial to the success of electronic transactions. The Act gives legal definition to the concept of secure digital signatures, which must go through a security procedure system that the government will specify at a later date.
This statute, like any other piece of legislation, has some drawbacks. The foundation of electronic commerce is domain names. Domain names, domain owner rights, and domain owner obligations are not covered under the IT Act of 2000. Despite the fact that copyright and patent problems are common in the context of computer programmes and networks, it does not protect intellectual property rights. The statute's list of covered and described offences is not exhaustive. Because computer programmes and networks are always changing and evolving as a result of technological advancements, cybercrime is changing as well. This Act does not cover cyber fraud, chat room abuse, cyberstalking, theft of internet hours, or other sorts of cybercrime. The act does not address issues like as privacy and content regulation, which are critical given the internet's vulnerability. Finally, the primary concern with this Act is how it will be implemented. The Information Technology Act does not set any guidelines for its implementation or restrictions.
Even if internet users freely exchange personal information, it is still the government's responsibility to protect its citizens' interests. Large corporations, such as Facebook, have recently been discovered to use their users' personal information and data to influence their political ideas. This is a serious threat to both individual privacy and national security. The Information Technology Act, 2000, was a wise response to the problem of cybercrime in India, but its effective execution is still lacking. The need for robust cyber legislation is evident in light of the current scenario, but individuals should also be aware of such risks while surfing the internet.
i Information Technology Act, 2000
ii 119 (2005) DLT 596, 2005 (30) PTC 437 Del
iii (2013) Cyber Appeal 4/2013
iv (2013) 12 Scc 73.
This article is written by Aadiya Sinha of Rajiv Gandhi National University of Law.