421 ipr

8/18/2019 421 IPR

http://slidepdf.com/reader/full/421-ipr 1/9

ASSIGNMENT-PGDCL & IPR

COURSE NO: 421 CYBER CRIME&CYBER FORENSICS

PRASAD PATIBANDLA

(ENROL NO: 19CL01254-15)

5. !"# $% #! IT A' ' # A*# (ITA-200+), IT A*# A' ' # 200+.D$%* %% I D #"$ % T! P/ %A' ' #% A N % F / T! S"' ,

The Information Technology Amendment Act, 2008 (IT Act 2008) is a substantial addition to India's InformationTechnology Act (ITA-2000). The IT Amendment Act as !assed by the Indian "arliament in #ctober 2008 andcame into force a year later. The Act is administered by the Indian $om!uter %mergency &es!onse Team ( $%&T-In ).

The original Act as de elo!ed to !romote the IT industry, regulate e-commerce, facilitate e-go ernance and !re ent cybercrime. The Act also sought to foster security !ractices ithin India that ould ser e the country in aglobal conte t. The Amendment as created to address issues that the original bill failed to co er and toaccommodate further de elo!ment of IT and related security concerns since the original la as !assed.

$hanges in the Amendment include redefining terms such as *communication de ice* to reflect current use+alidating electronic signatures and contracts+ ma ing the o ner of a gi en I" address res!onsible for content

accessed or distributed through it+ and ma ing cor!orations res!onsible for im!lementing effecti e data security !ractices and liable for breaches.

The Amendment has been critici ed for decreasing the !enalties for some cybercrimes and for lac ing sufficientsafeguards to !rotect the ci il rights of indi iduals. ection / , for e am!le, authori es the Indian go ernment tointerce!t, monitor, decry!t and bloc data at its discretion. According to "a an 1uggal, a cyber la consultant andad ocate at the u!reme $ourt of India, *The Act has !ro ided Indian go ernment ith the !o er of sur eillance,monitoring and bloc ing data traffic. The ne !o ers under the amendment act tend to gi e Indian go ernment ate ture and color of being a sur eillance state.*

http://searchsecurity.techtarget.in/definition/CERT-In

http://searchwindevelopment.techtarget.com/definition/IP-address



http://searchsecurity.techtarget.in/definition/CERT-In

8/18/2019 421 IPR


In the year 2000, India enacted its first la on Information Technology namely, the Information TechnologyAct,2000. The IT Act,2000 is based on the odel la of %commerce ado!ted by 34$IT&A5 in 6 /. The

!reamble to the IT Act, 2000 !oints out a three fold ob7ecti e , firstly, to !ro ide legal recognition for transactionscarried out through electronic means, secondly, to facilitate the electronic filing of documents ith go ernmentagencies, and thirdly to amend certain Acts, interalia, the Indian "enal $ode,68/0, Indian % idence Act, 68 2. TheIT Act, 2000 ga e legal alidity and recognition to electronic documents and digital signatures and enabledconclusion of legally alid 9 enforceable econtracts. It also !ro ided a regulatory regime to su!er ise the $ertifyingAuthorities issuing digital signature certificates and created ci il and criminal liabilities for contra ention of the

!ro isions of the IT Act,2000. It also conferred on the $entral :o ernment the !o er to a!!oint Ad7udicatingAuthority to ad7udge hether a !erson has committed a contra ention ithin the meaning of the Act and conferredon this Authority the !o ers ested in a ci il court. ;ith the !assage of time, as technology de elo!ed further andne methods of committing crime using Internet 9 com!uters surfaced, the need as felt to amend the IT Act,2000to insert ne inds of cyber offences and !lug in other loo!holes that !osed hurdles in the effecti e enforcement of the IT Act,2000. This led to the !assage of the Information Technology ( Amendment) Act, 2008 hich as madeeffecti e from 2 #ctober 200 . The IT (Amendment) Act,2008 has brought mar ed changes in the IT Act,2000 onse eral counts.

In this "a!er I intend to discuss the ma7or changes brought about by the IT (Amendment) Act ,2008 9 comment onits effecti eness in the conte t of Indian cyberla . I ha e also suggested fe strategies to meet ith the intended

ob7ecti es of the amended Act for an o erall effecti e im!lementation. There are also challenges !osed by theamended Act that can be foreseen and our country needs to be ell e<ui!!ed to o ercome these challenges. =urther,there are still some lacunae in the amended Act hich I ha e briefly discussed at a!!ro!riate !laces. The role of Ad7udicating Authority in the amended Act is ery significant. The sub7ect matter of its 7urisdiction, ad7udgingmatters alleging contra ention and a arding com!ensation under cha!ter is e !lained in clearer terms in theAmended IT Act . The amended Act also curtails the !o er 9 7urisdiction of the Ad7udicating officers and e cludesthose matters here com!ensation claimed is more than > crores. This !a!er discusses the im!ortant dimensions thatemerge from the recent amendments and challenges that ill be faced by the Ad7udicating officers in com!lying

ith its !rescribed duties under the IT Act,2008. At the outset, I ould li e to e !ress my gratitude to the ?on ble ‟

8/18/2019 421 IPR


embers of the 4ational "ro7ect $ommittee on %nforcement of $yberla for gi ing me the o!!ortunity to !resentthis !a!er in the 4ational eminar on %nforcement of $yberla at 4e 1elhi on 8 ay 2060. I ho!e this !a!er illfulfill the intended !ur!ose. IT A$T, 2000 s IT (Amendment ) Act, 2008 (6) %lectronic signatures introduced;iththe !assage of the IT ( Amendment) Act,2008 India has become technologically neutral due to ado!tion of electronicsignatures as a legally alid mode of e ecuting signatures . This includes digital signatures as one of the modes of signatures and is far broader in ambit co ering biometrics and other ne forms of creating electronic signatures.This is a !ositi e change as India has different segments !eo!le and all may not be technologically ade!t tounderstand and use the digital signatures . Therefore, allo ing 4ational eminar on %nforcement of $yberla , 4e1elhi on 8 th ay 2060 @ forms of authentication that are sim!ler to use such as retina scanning can be <uite usefulin effecti e im!lementation of the Act.

?o e er, the challenge it !oses is accessibility to authentication tools and im!arting education to !eo!le to use thesame . It is a challenging tas for the $entral go ernment to !rescribe conditions for considering reliability of electronic signatures or electronic authentication techni<ues under ection @A (2), the !rocedure for ascertainingelectronic signature or authentication under ection @A(@),the manner in hich information may be authenticated byelectronic signatures in ection >. It also in ol es e !enditure as such authentication tools ill re<uire !urchase,installation 9 training, !articularly in all go ernment de!artments here it is !ro!osed to be used. %<uallychallenging ill be the drafting of duties of subscriber of electronic signature certificate under ection 0 A of theAct hich ill need to incor!orate security measures subscribers can ado!t de!ending on electronic signature beingused for signatures. =urther, in a mo e to secure the flo of data and information on the internet, and !romote e-commerce 9 ego ernance, the amended Act in ection 8 A has em!o ered the $entral :o ernment to !rescribemodes or methods for encry!tion.

These !arameters should be laid do n in consultation ith organi ations such as 4asscom andBor go ernmentalagencies that can assist in formulation of necessary standards and related rules. (2) $or!orate res!onsibilityintroduced in . @A The cor!orate res!onsibility for data !rotection is incor!orated in @A in the amended ITAct, 2000 hereby cor!orate bodies handling sensiti e !ersonal information or data in a com!uter resource areunder an obligation to ensure ado!tion of Creasonable security !ractices to maintain its secrecy, failing hich they‟

may be liable to !ay damages. Also, there is no limit to the amount of com!ensation that may be a arded by irtueof this section. This section must be read ith ection 8> of the IT Act,2000 hereby all !ersons res!onsible to thecom!any for conduct of its business shall be held guilty incase offence as committed by a com!any unless no

no ledge or due diligence to !re ent the contra ention is !ro ed. Insertion of this !ro ision is !articular significance to D"# com!anies that handle such sensiti e information in the regular course of their business. This

!ro ision is im!ortant to secure sensiti e data and is hence a ste! in the right direction. ?o e er, the challenge is to 4ational eminar on %nforcement of $yberla , 4e 1elhi on 8 th ay 2060 first elucidate hat e <ualify as Ereasonable security !racticesF . The Act in e !lanation to ection @A indicates these !rocedures designed to !rotectsuch information from Gunauthorised access, damage, use, modification, disclosure, or im!airment, as may bes!ecified in an agreement bet een !arties or as may be s!ecified by any la for the time being in force and in‟

absence of both, as may be !rescribed by $entral :o ernment in consultation ith !rofessional bodiesBassociations.

The la e !laining the definition of Greasonable security !ractices is yet to be laid do n andBor $entral‟

go ernment is yet to frame its rules thereon.

"erha!s, e can ta e guidance from certain foreign la s on data !rotection 9 standards laid do n in %uro!ean3nion or by organi ations such as #%$1 in !rotection of sensiti e !ersonal data. It is a challenge for the $entral:o ernment to !rescribe in consultation ith !rofessional bodies the information that ill fall ithin the meaning of Esensiti e !ersonal data or informationF. To describe hat these !arameters should be is beyond the sco!e of this

8/18/2019 421 IPR


Article but is an interesting issue for discussion. (@) $riti<ue on amended section @ of IT ActThe amended Act !ro ides the distinction bet een Gcontra ention and Goffence by introduction of the element of mens rea for an‟ ‟

offence (s @ for contra entions and s // of the Act for offences). It is !ertinent to note that no ceiling limit for com!ensation is !rescribed under s @ of the Amendment Act, 2008 hich as one crore ru!ees in the IT Act. Theremo al of the ceiling limit can be misused or abused !articularly seen in instances here com!any files fri olousclaims against its e -em!loyee ho may ha e 7oined a com!etitor firm ithout breaching its em!loyment contract.In my o!inion, one ma7or di ersion from the earlier IT Act is the fact that the amended ection @ has the insertionof ection @ (i) 9 (7)in the amended Act hich may re<uire an element of mens rea ith actus reus. "articularly

ection @(7) re<uires !resence of mens rea ( !lease note use of ords CstealingH and Cintention to cause damageH inthe section) and the same acts mentioned in section @ hen committed Gdishonestly or Gfraudulently are‟ ‟

!unishable under amended ection //.

The intent behind this change is to not only !unish the offender for its criminal act but also to com!ensate the ictimith !ecuniary damages for loss incurred 4ational eminar on %nforcement of $yberla , 4e 1elhi on 8 th ay

2060 > due to acts of the offender. In my ie this is a !ositi e change since a ceiling on com!ensation that may bea arded in s. @ renders at ris those com!anies that in est huge amounts of money in their research 9 de elo!mentand an em!loyee sim!ly steals ay that aluable information or resource by electronic means ithout due remedyor a ard of com!ensable damages. The rele ant !ro ision is as under- E If any !erson ithout the !ermission of theo ner or any other !erson ho is incharge of a com!uter , com!uter system or net or . teal, causes,destroys or alters or causes any !erson to steal, conceal, destroy or alter any com!uter source code used for a com!uter resource

ith an intention to cause damage he shall be liable to !ay damages by ay of com!ensation to the !erson soaffected .F The intention of the amended Act is to introduce the element of intention in this clause of the ection andthis mens rea element also finds its roots in ection // here a !erson ill be sentenced if he does the same actGdishonestly or Gfraudulently ithin the meaning of I"$ i.e ith intention to defraud or cause rongful loss.‟ ‟

GIntention to cause damage in . @(7) can be said to also include intention to cause rongful loss. "er se Gstealing‟ ‟

cannot be done ithout the mens rea in !lace and therefore this act should fall under s.// and not @ incase . @ isto co er only acts done inad ertently or by negligence. This certainly cannot be the intention Bob7ecti e of the

amendment. ?ence, a clarification on this !oint is necessary. ( ) Im!ortant definitions added T o ery im!ortantdefinitions are added to the IT Act through IT Amendment Act,2008- ection 2(ha)- E$ommunication de ice E andection 2 ( ) JEintermediaryF. Although cell !hones and other de ices used to communicate ould fall under the

definition of com!uter in the IT Act.This amendment remo es any ambiguity and brings ithin the ambit of the Actall communication de ices, cell !hones, i!ods or other de ices used to communicate, send or transmit any te t, ideo ,audio or image.

The insertion of 4ational eminar on %nforcement of $yberla , 4e 1elhi on 8 th ay 2060 / definition of Gintermediary similarly clarifies the categories of ser ice !ro iders that come ithin its definition that includes‟

telecom ser ice !ro iders, net or ser ice !ro iders, internet ser ice !ro ider, ebhosting ser ice !ro iders, searchengines, online !ayment sites, online auction sites, online mar et !laces and cyber cafes. (>) 5egal alidity of electronic documents re-em!hasi ed T o ne sections ection A and 60A in the amended Act reinforce the

e<ui alence of !a!er based documents to electronic documents. ection A in the amended Act ma es audit of electronic documents also necessary here er !a!er based documents are re<uired to be audited by la . ection60A confers legal alidity 9 enforceability on contracts formed through electronic means. These !ro isions areinserted to clarify and strengthen the legal !rinci!le in ection of the IT Act,2000 that electronic documents areat!ar ith electronic documents and e-contracts are legally recogni ed and acce!table in la . This ill facilitategro th of e-commerce acti ity on the internet and build neti en s confidence. (/) $riti<ue on "o er of $ontroller ‟

under the amended Act ection 28 of the Act !ro ides that the $ontroller or any authori ed officer shall in estigateGany contra ention of the !ro isions of this Act, rules or regulations made thereunder .These ords should be‟

8/18/2019 421 IPR


re!laced ith ords Gany contra ention of the !ro isions of this $ha!terH in light of the fact that the amendment inection 2 for $ontrollers !o er to access com!uters and data has been curtailed by remo al of ords E any

contra ention of the !ro isions of this Act, rules or regulations made thereunderF for insertion of ords E anycontra ention of the !ro isions of this $ha!terF . Also, the $ontroller s !o er cannot mean to o erla! ith‟

Ad7udicating officers ho are authori ed to ad7udicate on cases of contra ention that fall under ection @ or thesub7ect matter 7urisdiction of $AT or the "olice. Therefore , the !o er of $ontroller has to be inter!reted ee!ing in

ie the intent 9 ob7ecti es of the Act hich can be clarified. 4ational eminar on %nforcement of $yberla , 4e1elhi on 8 th ay 2060 The role of the $ontroller to act as re!ository of digital signatures has been re!ealed bythe IT Amendment Act, 2008. This role has no been assigned to the $ertifying Authority in ection @0 of the ITAct. This change !oses a ma7or challenge to ensuring the secrecy and !ri acy of electronic signatures is maintained.The $ertifying authorities ill bear greater res!onsibility and need to strengthen their security infrastructure toensure its role as re!ository is deli ered ith efficacy. It ill need to allocate more resources and man!o er toregularly !ublish information regarding its !ractices, electronic signatures certificates and !ublish the current statusof each certificate. ( ) The &ole of Ad7udicating officers under the amended ActThe Ad7udicating officer Gs !o er under the amended Act in ection / (6A) is limited to decide claims here claim for in7ury or damage does note ceed > crores. Deyond > crore the 7urisdiction shall no est ith com!etent court. This has introduced another forum for ad7udication of cyber contra entions. The ords Gcom!etent court also needs to be clearly defined. As‟

!er ection /(2),the <uantum of com!ensation that may be a arded is left to the discretion of Ad7udicatingofficers.This lea es a ide room for sub7ecti ity and <uantum should be decided as far as !ossible ob7ecti ely

ee!ing in ie the !arameters of amount of unfair ad antage gained amount of loss caused to a !erson ( here er <uantifiable), and re!etiti e nature of default. The Information Technology (<ualification and e !erience of ad7udicating officers and manner of holding en<uiry) &ules,200@ lay do n the sco!e and manner of holding in<uiryincluding reliance on documentary and other e idence gathered in in estigations. The rules also !ro ide for com!ounding of contra entions and describe factors that determine <uantum of com!ensation or !enalty. In the ITAct,2000 the office of ad7udicating officer had the !o ers of ci il court and all !roceedings before it are deemed to

be 7udicial !roceedings. A ne change is incor!orated in ection /(>)K hereby the Ad7udicating officers ha e been conferred ith !o ers of e ecution of orders !assed by it, including order of attachment and sale of !ro!erty,arrest and detention of accused and a!!ointment of recei er. This em!o ers the office of Ad7udicating officer ande tends greater enforceability and effecti eness of its orders.

4ational eminar on %nforcement of $yberla , 4e 1elhi on 8 th ay 2060 8 (8) $om!osition of $ATTheamended Act has changed the com!osition of the $yber A!!ellate Tribunal .The "residing officer alone ouldearlier constitute the $yber &egulations A!!ellate Tribunal hich !ro ision has no been amended. The tribunal

ould no consist of $hair!erson and such number of members as $entral :o ernment may a!!oint. The<ualifications for their a!!ointment, term of office salary , !o er of su!erintendence, resignation and remo al,filling of acancies ha e been incor!orated. The decision ma ing !rocess allo s more ob7ecti ity ith ection >2 1that !ro ides that the decision shall be ta en by ma7ority. It is !ertinent to note that there has not been anyamendment in ection >> by 2008 amendments hich states that no order of $AT shall be challenged on ground thatthere e isted a defect in constitution of a!!ellate tribunal. ?o e er, in my ie this runs contrary to !rinci!les of

natural 7ustice. An analogy is dra n to Arbitrations here defect in constitution of a tribunal renders an a ardsub7ect to challenge as !er Indian la s. ( ) 4e cybercrimes as offences under amended Act any cybercrimes for

hich no e !ress !ro isions e isted in the IT Act,2000 no stand included by the IT (Amendment) Act, 2008.ending of offensi e or false messages (s //A), recei ing stolen com!uter resource (s //D), identity theft (s //$),

cheating by !ersonation (s //1), iolation of !ri acy (s //%). A ne offence of $yber terrorism is added in ection// = hich !rescribes !unishment that may e tend to im!risonment for life . ection // = co ers any act committed

ith intent to threaten unity ,integrity,security or so ereignty of India or cause terror by causing 1o attac s,introduction of com!uter contaminant, unauthori ed access to a com!uter resource, stealing of sensiti e information,

8/18/2019 421 IPR


any information li ely to cause in7ury to interests of so ereignty or integrity of India, the security, friendly relationsith other states, !ublic order, decency , morality, or in relation to contem!t of court, defamation or incitement to an

offence , or to ad antage of any foreign nation, grou! of indi iduals or other ise. =or other offences mentioned inection // , !unishment !rescribed is generally u!to three 4ational eminar on %nforcement of $yberla , 4e

1elhi on 8 th ay 2060 years and fine of oneBt o la hs has been !rescribed and these offences are cognisable and bailable. This ill not !ro e to !lay a deterrent factor for cyber criminals. =urther, as !er ne . 8 D, abetment tocommit an offence is made !unishable ith the !unishment !ro ided for the offence under the Act and the ne .8 $ ma es attem!t to commit an offence also a !unishable offence ith im!risonment for a term hich may e tendto onehalf of the longest term of im!risonment !ro ided for that offence.

In certain offences, such as hac ing (s //) !unishment is enhanced from @ years of im!risonment and fine of 2 la hsto fine of > la hs. In . / , for !ublishing of obscene information im!risonment term has been reduced from fi eyears to three years (and fi e years for subse<uent offence instead of earlier ten years) and fine has been increasedfrom one la h to fi e la hs (ru!ees ten la hs on subse<uent con iction). ection / A adds an offence of !ublishingmaterial containing se ually e !licit conduct !unishable ith im!risonment for a term that may e tend to > years

ith fine u!to ten la hs. This !ro ision as essential to curb attac s and ideo ouyerism. ection / D !unishes offence of child !ornogra!hy, child s se ually e !licit act or conduct ith im!risonment on first‟

con iction for a term u!to > years and fine u!to 60 la hs.This is a !ositi e change as it ma es e en bro sing andcollecting of child !ornogra!hy a !unishable offence. "unishment for disclosure of information in breach of la fulcontract under sec 2 is increased from 2 yrs u!to > yrs and from one la h to > la h or both.This ill deter thecommission of such crime. Dy irtue off ection 8 D !erson ho abets a cybercrime ill be !unished ith

!unishment !ro ided for that offence under the Act. This !ro ision ill !lay a deterrent role and !re entcommission of cons!iracy lin ed cybercrimes.

Also, !unishment for attem!t to commit offences is gi en under ection 8 c hich ill be !unishable ith one half of the term of im!risonment !rescribed for that offence or such fine as !ro ided or both. 60) ection / $ to !lay asignificant role in cyber crime !rosecution ection / $ brings a ery significant change in the IT Act,2000.According to this section, intermediaries shall be bound to !reser e and retain such information as may be

!rescribed by the $entral go ernment and for such duration and format as it may 4ational eminar on %nforcement

of $yberla , 4e 1elhi on 8 th ay 2060 60 !rescribe. Any intermediary that contra enes this !ro isionintentionally or no ingly shall be liable on con iction for im!risonment for a term not e ceeding 2 yrs or fine note ceeding one lac or both. any cybercrime cases cannot be sol ed due to lac of e idence and in many cases thisis due to the fact that I " failed to !reser e the record !ertaining to rele ant time .This !ro ision is ery hel!ful incollection of e idence that can !ro e indis!ensable in cybercrime cases. 66) ection / - "o er of the controller tointerce!t amended ection / that deals ith !o er of $ontroller to interce!t information being transmitted througha com!uter resource hen necessary in national interest is amended by ection / .In fact the !o er ests no iththe $entral :o ernment or tate :o ernment that em!o ers it to a!!oint for reasons in riting, any agency tointerce!t, monitor or decry!t any information generated , transmitted , recei ed or stored in any com!uter resource .

This !o er is to be e ercised under great caution and only hen it is satisfied that it is necessary or e !edient to doso in interests of so ereignty, or integrity of India, defense of India, security of the tate , friendly relations ith

foreign states or !ublic order or for !re enting incitement to the commission of any cogni able offence relating toabo e or for in estigation of any offence . The !rocedure and safeguards to e ercise this !o er are laid out by theInformation Technology (!rocedure and safeguards for interce!tion , monitoring and decry!tion of Information )&ules, 200 . The subscriber or intermediary that fails to e tend coo!eration in this res!ect is !unishable offence

ith a term hich may e tend to yrs and im!osition of fine. The element of fine did not e ist in the erst hileection / . The said rules !ro ide am!le safeguards to ensure the !o er in this section is diligently e ercised, ith

due authori ation !rocedures com!lied ith and not abused by any agencyBintermediary including maintainingconfidentiality and rules for maintaining or destruction of such records. 62) "o er to bloc unla ful ebsites

8/18/2019 421 IPR


should be e ercised ith caution- 4ational eminar on %nforcement of $yberla , 4e 1elhi on 8 th ay 2060 66ection / A has been inserted in the IT Act by the amendments in 2008 and gi es !o er to $entral go ernment or

any authori ed officer to direct any agency or intermediary(for reasons recorded in riting ) to bloc ebsites ins!ecial circumstances as a!!licable in ection / .3nder this ection the grounds on hich such bloc ing is !ossibleare <uite ide. In this res!ect, the Information Technology ("rocedure and afeguards for Dloc ing for Access of Information by "ublic ) &ules, 200 ere !assed ide : & 86(%) dated 2 #ct 200 hereby ebsites !romotinghate content, slander, defamation, !romoting gambling,racism, iolence and terrorism, !ornogra!hy, iolent se canreasonably be bloc ed. The rules also allo the bloc ing of ebsites by a court order.It further !ro ides for re iecommittee to re ie the decision to bloc ebsites. The intermediary that fails to e tend coo!eration in this res!ectis !unishable offence ith a term hich may e tend to yrs and im!osition of fine. ;e need to use this !o er ithcaution as it has a thin line that distinguishes reasonable e ercise of !o er fro $ensorshi!. 6@) ection / D added toconfer "o er to collect, monitor traffic data As a result of the amendments in 2008 , ection / D confers on the$entral go ernment !o er to a!!oint any agency to monitor and collect traffic data or information generated,transmitted, recei ed, or stored in any com!uter resource in order to enhance its cyber security and for identification, analysis, and !re ention of intrusion or s!read of com!uter contaminant in the country . TheInformation Technology (!rocedure and safeguard for monitoring and collecting traffic data or information ) &ules,200 ha e been laid do n to monitor and collect the traffic data or information for cyber security !ur!oses under

ection / D .It !laces res!onsibility to maintain confidentiality on intermediaries, !ro ides for !rohibition of monitoring or collection of data ithout authori ation. This !rescribes stringent !ermissions re<uired to e ercise the

!o ers under this ection hich are fully 7ustified as abuse of this !o er can infringe the right to !ri acy of neti ens. It also !ro ides for re ie of its decisions and destruction of records. The intermediary that fails to e tendcoo!eration in this res!ect is !unishable offence ith a term hich may e tend to @ yrs and im!osition of fine.

4ational eminar on %nforcement of $yberla , 4e 1elhi on 8 th ay 2060 62 6 ) ignificance of the termE$ritical Information Infrastructure F ection 0 has a ery im!ortant definition added by the IT (amendment)Act,2008. The e !lanation to ection 0 defines hat is Ecritical information infrastructureF .It encom!asses thecom!uter resource the destruction of hich not only has an ad erse im!act on defence of India but also economy,

!ublic health or safety.

This is ery significant ste! as today our IT infrastructure may also be used to manage certain ser ices offered to

!ublic at large, destruction of hich may directly affect !ublic health and safety . ?ence, their !rotection is e<uallyim!ortant as is the maintaining of security and so ereignty of India. Dy irtue of ection 0 A and D Indian $%&Thas been a!!ointed as the 4ational nodal agency for critical information infrastructure !rotection. The $%&T shall

!lay an indis!ensable role in maintaining cybersecuriy ithin the country. A ery im!ortant ste! is coordination bet een $%&T and ser ice !ro iders, data centres, body cor!orates,and other !ersons ( ection 0D (/)). That illlead to effecti e !erformance of the role of $%&T in. It has multi!le roles education ,alert system , emergencyres!onse, issuing guidelines , re!orting of cyber incident amongst other functions . Incase any !erson fails to com!ly

ith its directions, such !erson shall be !unishable ith im!risonment of term that may e tend to one year and fineof one la h or both. It also e cludes the court from ta ing cogni ance of any offence under this section e ce!t on acom!laint made by authori ed officer of $%&T to !re ent misuse of the ection. 6>) Im!ortant clarifications on theActHs a!!lication 9 effect Dy irtue of ection in the amended Act, it has been clarified that a arding of com!ensation ,!enalty im!osed or confiscation made under this Act shall not !re ent the a ard of com!ensation,or im!osition of any other !enalty or !unishment under any la for the time being in force.This ection can be read

ith ection 86 !ro iso herein it is clarified that IT Act shall not restrict any !erson from e ercising any rightconferred under co!yright Act, 6 > or !atents Act, 6 0. 4ational eminar on %nforcement of $yberla , 4e1elhi on 8 th ay 2060 6@ 6/) The combined effect of ection and DDy irtue of ection $om!ounding of offences other than offences for hich im!risonment for life or !unishment for a term e ceeding has been !ro idedhas been made !ossible. ection D ma es offences !unishable ith im!risonment of three years and abo e ascogni able and offence !unishable ith @ years of !unishment as bailable. ince the ma7ority of cyber crimeoffences defined under the amended IT Act are !unishable ith im!risonment for three years, the net effect of all

8/18/2019 421 IPR


amendments is that a ma7ority of these cybercrimes are bailable. This means that the moment a cybercriminal isarrested by the !olice, barring a fe offences, in almost all other cyber crimes, he has to be released on bail as amatter of right, by the !olice. A cyber criminal, once released on bail, ill immediately attem!t at destroying or deleting all electronic traces and trails of his ha ing committed any cyber crime. This ma es the tas of laenforcement agencies e tremely challenging. 6 ) $ombined effect of ection 8 9 80- The ection 8 of the Act isamended to confer !o er to in estigate offences under the Act from 1 " le el to Ins!ector le el. This ill beinstrumental in <uic er in estigation in the cybercrime cases !ro ided ade<uate tools and training is !ro ided.

ection 80 has been amended and !o er to enter and search in a !ublic !lace is no ested in any !olice officer not belo the ran of ins!ector or any authori ed officer of central go ernment or state go ernment. uch officer isem!o ered to arrest ithout arrant a !erson found therein ho is reasonably sus!ected of ha ing committed or of committing or being about to commit any offence under this Act.

?o e er, this section may be misused easily. 3nless it is reasonably sus!ected that a !erson has committed , iscommitting or is about to commit an offence, he should not be arrested ithout arrant . #ther ise cybercafLs , in

!articular could be ad ersely affected. 4ational eminar on %nforcement of $yberla , 4e 1elhi on 8 th ay2060 6 68) 5iability of Intermediary amendedThe earlier section made net or ser ice !ro iders liable for third

!arty content only hen it fails to !ro e that the offence as committed ithout his no ledge or that he hade ercised due diligence to !re ent the commission of such offence or contra ention. The burden of !roof as on thenet or ser ice !ro ider. The amended ection states that the intermediary shall not be liable for any third !artyinformation if it is only !ro iding access to a communication system o er hich information made a ailable bythird !arties is transmitted or tem!orarily stored or hosted or the intermediary does not initite the transmission, selectthe recei er and select or modify the information contained in transmission. It !ro ides that the Intermediary shall

be liable if he has cons!ired or abetted or induced, hether by threats or !romise or other ise in the commission of the unla ful act ( ection (@)(a). ?o e er, it is !ertinent to note that the onus to !ro e cons!iracy has no shiftedon the com!lainant. This may be e tremely difficult for a com!lainant to !ro e. ection @ (b) renders anintermediary liable in case u!on recei ing actual no ledge or on recei ing notice from a go ernment agency, theintermediary fails to e !editiously remo e or disable access to the unla ful material ithout itiating the e idencein any manner. 6 ) % aminer of %lectronic % idence created;ith amendments in 2008, ection A is added thatem!o ers the $entral go ernment to a!!oint any de!artment or agency of $entral or tate go ernment as % aminer

of %lectronic % idence.

This agency ill !lay a crucial role in !ro iding e !ert o!inion on electronic form of e idence The e !lanation tothe ection has an inclusi e definition of Eelectronic form e idenceF that means any information of !robati e aluethat is either stored or transmitted in electronic form and includes com!uter e idence,digital audio, digital

ideo,cell!hones , digital fa machines.;ith the increasing number of cybercrime cases it ill become necessary toset u! atleast one % aminer of %lectronic % idence in each tate. The $= I5 laboratory in ?yderabad is !layingsimilar role at !resent in cybercrime 4ational eminar on %nforcement of $yberla , 4e 1elhi on 8 th ay 20606> cases here forensic study of hard discs and other com!uter accessories, digital e<ui!ment is underta en to

!ro ide e !ert o!inion on the digital e idence analysed. $onclusion The IT( Amendment ) Act,2008 from an o erall !ers!ecti e has introduced remar able !ro isions and amendments that ill facilitate the effecti e enforcement of cyberla in India. India is no technologically neutral ith electronic signatures re!lacing the re<uirement of

digital signatures . The im!ortance of data !rotection in today s information technology age cannot be undermined‟

and it finds !lace in ection @, @A, ,//, 2 of the IT Act,2000. In this era of con ergence the definition of Gcommunication de ice and Gintermediary ha e been rightly insertedBre isited and alidity of e-contracts is‟ ‟

reinforced by insertion of ection 60 A. . ection /(>)K of the IT Act is a elcome !ro ision that em!o ers theAd7udicating officers by conferring !o ers of e ecution on the office of Ad7udicating officer at !ar ith a ci ilcourt."lethora of ne cybercrimes ha e been incor!orated under cha!ter MI as offences under the amended Act tocombat gro ing inds of cybercrimes !articularly, serious crimes such as child !ornogra!hy, and cyber terrorism.The Intermediaries ha e been !laced under an obligation to maintain and !ro ide access to sensiti e

8/18/2019 421 IPR


information to a!!ro!riate agencies to assist in sol ing cybercrime cases under ection / $, ection / . ?o e er,liability of I "s has been re isited and onus shall lie on com!lainant to !ro e lac of due diligence or !resence of actual no ledge by intermediary as !ro ing cons!iracy ould be difficult.

These are some of the challenges that cyberla enforcement teams ill be faced ith The !o er of interce!tion of traffic data and communications o er internet ill need to be e ercised in strict com!liance of rules framed under

res!ecti e ections in the Act conferring such !o ers of monitoring, collection , decry!tion or interce!tion. "o er for bloc ing ebsites should also be e ercised carefully and should not transgress into areas that amounts tounreasonable censorshi!. any of the offences added to the Act are cogni able but bailable hich increases theli elihood of tam!ering of e idence by cybercriminal once he is released on bail. The !olice must therefore !lay a

igilant role to collect and !reser e e idence in a timely manner .=or this , the !olice force ill need to be 4ationaleminar on %nforcement of $yberla , 4e 1elhi on 8 th ay 2060 6/ ell e<ui!!ed ith forensic no ledge and

trained in cyberla s to effecti ely in estigate cybercrime cases.The introduction of % aminer of %lectronic% idence ill also aid in effecti e analysis of digital e idence 9 cybercrime !rosecution. ?a ing discussed the neamendments and challenges before Indian cyberla regime , em!loying the strategies recommended belo canfacilitate the enforcement of cyber la s in our country J (6) educating the common man and informing them abouttheir rights and obligations in $ybers!ace. The !ractical reality is that most !eo!le are ignorant of the la s of thecybers!ace, different inds of cybercrimes, and forums for redressal of their grie ances. There is an im!erati e needto im!art the re<uired legal and technical training to our la enforcement officials, including the Nudiciary and the"olice officials to combat the $ybercrimes and to effecti ely enforce cyberla s . (2) The re!orting and access !ointsin !olice de!artment re<uire immediate attention. In domestic territory, e ery local !olice station should ha e acybercrime cell that can effecti ely in estigate cybercrime cases . Accessibility is one of the greatest im!ediments indeli ery of s!eedy 7ustice. (@) Also e ha e only one :o ernment recogni ed forensic laboratory in India at?yderabad hich !re!ares forensic re!orts in cybercrime cases. ;e need more such labs to efficiently handle theincreasing olume of cybercrime in estigation cases.

Trained and ell-e<ui!!ed la enforcement !ersonnel - at local, state, and global le els can ensure !ro!er collectionof e idence, !ro!er in estigation, mutual coo!eration and !rosecution of cybercases. ( ) =urther under ection of the IT Act ,2000 no guidelines e ist for I "s to mandatorily store and !reser e logs for a reasonable !eriod to assist

in tracing I" addresses in $ybercrime cases. This needs urgent attention and !rom!t action. 4ational eminar on%nforcement of $yberla , 4e 1elhi on 8 th ay 2060 6 (>) The in estigation of cybercrimes and !rosecution of cybercriminals and e ecution of court orders re<uires efficient international coo!eration regime and !rocedures.Although ection 6(2) read ith ection > of the IT Act,2000, India assumes !rescri!ti e 7urisdiction to try accusedfor offences committed by any !erson of any nationality outside India that in ol es a com!uter, com!uter system or net or located in India, on the enforcement front, ithout a duly signed e tradition treaty or a multilateralcoo!eration arrangement, trial of such offences and con iction is a difficult !ro!osition. IT (Amendment) Act, 2008is a ste! in the right direction , ho e er, there are still certain lacunae in the Act, (fe of hich ere briefly !ointedout in this !a!er) hich ill surface hile the amendments are tested on the an il of time and ad ancingtechnologies.

421 ipr

Documents