Cyber World

INDIAN INFORMATION TECHNOLOGY ACT, 2000 CRIMINAL PROSECUTION MADE EASY
FOR CYBER PSYCHOS

Author(s): Devashish Bharuka
Source: Journal of the Indian Law Institute, Vol. 44, No. 3 (July-September 2002), pp. 354-
379
Published by: Indian Law Institute
Stable URL: https://www.jstor.org/stable/43951825
Accessed: 17-01-2019 16:22 UTC
JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide
range of content in a trusted digital archive. We use information technology and tools to increase productivity and
facilitate new forms of scholarship. For more information about JSTOR, please contact support@jstor.org.
Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at
https://about.jstor.org/terms
Indian Law Institute is collaborating with JSTOR to digitize, preserve and extend access to
Journal of the Indian Law Institute
This content downloaded from 14.139.62.117 on Thu, 17 Jan 2019 16:22:13 UTC
All use subject to https://about.jstor.org/terms
354
INDIAN INFORMATION TECHNOLOGY ACT, 2000

CRIMINAL PROSECUTION MADE EASY
FOR CYBER PSYCHOS
Devashish Bharuka*
THE AIM of this paper is to focus on provisions relating to crimin

liability, analysing a few on-going cyber cases in India, and bridgin
the gap between cyber law and traditional Indian criminal laws. It is n
intended to be a complete in-depth study of the area proposed, bu
merely a bird's eye view of India's first cyber law and a proposal for i
proper application to reduce cyber crimes and to promote furthe
information technology (hereinafter "IT") growth in India. The foc
would be to give an insight into the methodology to be used for su
application. We have to know the law. However, the key to evolution o
a tailored IT jurisprudence is to also understand the technology and its
adoption in the varied circumstances. How can we merge the technolog
and the law to bring justice to the aggrieved? How do we handle th
discovery problems? How do we handle the psychology of the criminal
How important is it for the law enforcement agencies to change their
attitude? How should the courts react? What would be the best way to
interpret laws? What factors are to be taken into consideration? Will th
traditional rules of interpretation suffice? This paper attempts, b
analysing a few on-going cases, to answer a few of these queries.
No developing country has benefited more from the digital
revolution than India, whose software industry is expected to
increase about eightfold, to $85 billion, by 2008.... Indian
companies have become world leaders in designing portals and
web-based applications, and they have successfully sidestepped
bureaucratic delays and outdated infrastructure by building their
own telecommunications systems and beaming their software
products by satellite around the world.1
The information technology explosion in the country has been

unprecedented. The Indian software and information technology service
market is expected to register a 43 per cent compounded annual growt
* LL.M. (Harvard), Advocate, Supreme Court of India and High Court o

Delhi. Visiting Faculty, Indian Law Institute, New Delhi.
1 . Secretary General, " United Nation Millennium Report", at http://www.un.org
millennium/sg/report/full.htm.
20021 INDIAN INFORMATION TECHNOLOGY ACT, 2000 355
rate in the next four years. The Asia-Pacific region will ge

services revenue of a whopping $93.5 billion during thi
this digital period, it is important to safeguard the interests of
and the Internet users from any kind of anti-social activitie
In fact, this might explain the promptness with which the
Information Technology3 was formed in 1999 burdene
enormous duty of making India an IT superpower by 2008. 4
a year, India witnessed the enactment of its first cyber law o
of the Model Law on Electronic Commerce5 adopted by
Nations Commission on International Trade Law. The Information
Technology Act, 2000 (hereinafter "the IT Act") was passed by th
Parliament on May 15, 2000, approved by the President on June 9, 200
and notified to come into force on October 17, 2000.
I Introduction to the IT Act
The Act was passed to facilitate e-commerce. It gives legal

recognition to transactions carried out by means of electroni
communication involving use of alternatives to paper-based methods o
communication and storage of information. It permits filing of docume
during governmental interactions in electronic form. The Act enumera
certain cyber offences authorizing the law enforcement agencies to cra
down on such cyber crimes and establishes appropriate adjudicatin
forum. It further amends certain legislations to effectively carry out t
provisions of the Act. Its immediate significance will be in terms
saving cost, time and hassle for businessmen who normally exchan
loads of documents on contracts, letters of credits and bills in the cour
of their daily transactions.6
Among the relevant provisions in the Code, for our purposes,
section 43, which deals with penalty for damage to computer.
43. Penalty for damage to computer, computer system, etc.
If any person without permission of the owner or any other
person who is in charge of a computer, computer system or
computer network :
2. Dileep Athavale, "Gartner Group Projects 43% CAGR for Indian IT Industry
The Times of India , November 19, 2000, available at 2000 WL 29244025.
3. Ministry of Information Technology, Government of India, at http://
www.mit.gov.in.
4. Functions of Ministry of Information Technology, at http://www.mit.gov.in
about.htm.
5. See, http://www.uncitral.org/enelish/texts/electcom/.
6. "Infotech Act comes into force", The Times of India, October 18, 2000,
available at 2000 WL 28349604.
356 JOURNAL OF THE INDIAN LA W INSTITUTE [Vol. 44 : 3
(a) accesses or secures access to such computer, computer

or computer network;
(b) downloads, copies or extracts any data, computer d
or information from such computer, computer system or com
network including information or data held or stored
removable storage medium;
(c) introduces or causes to be introduced any computer
contaminant or computer virus into any computer, computer
system or computer network;
(d) damages or causes to be damaged any computer, computer
system or computer network, data, computer data base or any
other programmes residing in such computer, computer system
or computer network;
(e) disrupts or causes disruption of any computer, computer
system or computer network;
(f) denies or causes the denial of access to any person authorised
to access any computer, computer system or computer network
by any means;
(g) provides any assistance to any person to facilitate access to
a computer, computer system or computer network in
contravention of the provisions of this Act, rules or regulations
made thereunder;
(h) charges the services availed of by a person to the account of

another person by tampering with or manipulating any computer,
computer system, or computer network,
he shall be liable to pay damages by way of compensation not
exceeding one crore rupees to the person so affected.
Explanation - For the purposes of this section, -
(i) "computer contaminant" means any set of computer
instructions that are designed -
(a) to modify, destroy, record, transmit data or programme
residing within a computer, computer system or computer
network; or
(b) by any means to usurp the normal operation of the computer,

computer system, or computer network;
(ii) "computer data base" means a representation of information,
knowledge, facts, concepts or instructions in text, image, audio,
video that are being prepared or have been prepared in a
formalised manner or have been produced by a computer,
computer system or computer network and are intended for use
2002] INDIAN INFORMA TION TECHNOLOGY ACT, 2000 357
in a computer, computer system or computer network;

(iii) "computer virus" means any computer instruction,
information, data or programme that destroys, damages, degrades
or adversely affects the performance of a computer resource or
attaches itself to another computer resource and operates when
a programme, data or instruction is executed or some other event
takes place in that computer resource;
(iv) "damage" means to destroy, alter, delete, add, modify or
rearrange any computer resource by any means.
Another area is chapter XI dealing with offences. Section 65 of the
IT Act makes tampering with computer source documents, required to
be maintained by law, punishable. Section 66, which is dealt with quite
extensively in this paper, deals with hacking into a computer system
and makes any act causing wrongful loss by destroying, altering or
deleting any information, etc. punishable under law. Lastly, section 67
deals with cyber pornography. The IT Act has also made certain
amendments to the Indian Evidence Act (enabling it to accept e-records
as evidence) and the Indian Penal Code (enabling punishment of forgery
of e-documents).
II Virtual commotion in prosecuting cyber criminals
India is one of the few countries7 to bring about a cyber legislation

to facilitate e-commerce and bring the cyber-criminals to book. There
have been criticisms from various segments of the society regarding the
ineffectiveness of the IT Act to curb cyber crimes. Not only the legal
group is perplexed about the application of the Act in certain criminal
activities, it is amply unhappy about the exclusion of certain cyber crimes
from the Act. The paper proposes to analyse, rather than support or
criticize, a few of these arguments.
Ill Cyber crimes - introduction
Information technology offences have been taken to encompass any

criminal offence, in the investigation of which investigating authorities
must obtain access to information being processed or transmitted in
7. Australia, Austria, Belgium, Canada, China, Denmark, Finland, France,

Germany, Greece, Hungary, Ireland, Iceland, Israel, Italy, Japan, Luxembourg,
Malaysia, Mauritius, Mexico, The Netherlands, Norway, Peru, Philippines, Poland,
Portugal, Singapore, Sweden, Switzerland, Turkey, the United Kingdom, the United
States; Bill introduced in the Congress (Brazil, New Zealand).
computer system.8 Cyber crimes have been on a rise at

rate.9 Undoubtedly, the criminal class has taken up the new
at a much greater speed than our lawmakers and law e
agencies. It has startled the world as much as the Inter
amazed them. In 1888, an inspector was quoted in the Ch
affirming "a well-known fact that no other section of the
avail themselves more readily and speedily of the latest
science than the criminal class".10 Can there be a greater t
the Internet is concerned?
In order to understand how people commit computer crimes, it is
important to understand first why they do so. Obviously, the motivation
for computer related offences is as varied as the motivation for any
other type of crime, and may run the gamut from personal enrichment,
avarice, revenge, and thrill seeking, to truly psychopathic behaviour. In
general, virtually any type of offence, which can be committed without
a computer, can be committed with the assistance of computers, including
terrorism, espionage and obscenity. However, there are a few
characteristics, which make computer crimes unique among criminal
offences. For example, computer crimes may be committed remotely
and across geographic boundaries. They may have effect years or decades
after they are launched or planned. They may or may not violate
'traditional' criminal laws like trespass or theft statutes. They are difficult
or impossible to investigate, and even more difficult to prosecute.
Investigators, prosecutors, judges, lawyers and juries are frequently
unfamiliar with the technology and its application, further complicating
the prosecution of such offences.11
Also, important for our analysis, as pointed out by Brett Burney12 ,
is analogising crime in physical space and cyberspace.13 This was also
8. Council of Europe: Recommendation No. R (95) 13 concerning problems of

criminal procedural law connected with information technology, adopted by the
Committee by Ministers on 11 September 1995.
9. In a survey by the CSI (March 12, 2001), 85% of respondents, primarily
large corporations and government agencies, detected computer security breaches
within the last 12 months. 64% acknowledged financial losses due to computer
breaches. 35% were willing and/or able to quantify their financial losses, which
amounted to $377,828,700 in financial losses, up from $265,589,940 in 2000. The
most serious financial losses occurred through theft of proprietary information. See,
http://www.belmontpress.com/statistics.htm.
10. Carolyn Marvin, When Old Technologies Were New . 1988.
1 1 . Mark D. Rasch, "Criminal Law and the Internet", at http://www.cla/org/
RuhBook/chpl l.htm.
12. "The concept of cybercrimes - Is it right to analogize a physical crime to a
cybercrime?", at http://www.cybercrimes.net/Virtual/Burney/page6.html.
13. Burney puts forth an analogy. A New York user unauthorizedly accesses a
Texas computer containing medical information for patients at a hospital. He modifies
2002] INDIAN INFORMATION TECHNOLOGY ACT, 2000 359
emphasized by Judge Preska as he aptly noted, "Judges a

faced with adapting existing legal standards to the novel e
cyberspace struggle with terms and concepts... [and] not
much of the legal analysis of Internet-related issues h
seeking a familiar analogy for the unfamiliar."14 Howeve
puts a cautious note. Though ultimately computer is t
one's and zero's, digital bits, electronic impulses, on's and
do not think in total digital binary terms. In words of W
cyberspace is a "consensual hallucination".15 It is a reality
of one's and zero's. But the reality is more of a 'virtual r
human beings.16 With these initial conceptions in m
ahead....
Cyber crimes - theft
Cyber theft refers to unauthorized acquiring of any information

available on a computer system by accessing the system. This area i
itself has a wide spectrum. It includes the theft of passwords of accessin
the computer including logging into the Internet. Such theft could be
either by accessing, again authorized or not, into another computer to
get information. Information may be gleaned - as in the movie Sneaker
- by "shoulder surfing" information on a computer screen - that is viewing
the computer screen and capturing the information displayed.17 Once
the digital bits on the computer, for example, to make the information require
different medication for the patient than what was prescribed. This action could be
achieved if the person physically broke and physically entered the hospital an
changed the information at the computer that physically resided at the hospital. Th
same result would be achieved but the difference is that of lack of physical presence
Are we as society ready then to regard the collection of digital bits the same as
physical "dwelling"? at http://www.cybercrimes.net/Virtual/Burney/page6.html.
14. American Libraries Association v. Pataki , 969 F. Supp 160 (analogising the
Internet to a highway and thus ruling that the state obscenity statute fell unde
interstate commerce purview) quoted in "Digital Discovery in Criminal Context",
http://cyber.law.harvard.edu/digitaldiscovery/diedisc librarv 3. html.
15. Gibson, Neuromancer 1984. "Cyberspace. A consensual hallucination
experienced daily by billions of legitimate operators, in every nation, by childre
being taught mathematical concepts.... A graphical representation of data abstracted
from the banks of every computer in the human system. Unthinkable complexit
Lines of light ranged in the non-space of the mind, clusters and constellations
data. Like city lights, receding...".
16. Burney, supra note 12, "What we conceive as 'folders' in Microsoft Windows,
are actually just allocations on a hard disk or other storage medium for the one
and zero's. We are not actually physically opening a 'folder' on our computer, but it
appears for all intents and purposes that we are. And we refer to our^ction as
'opening a folder'. This action of 'opening a folder' aooears real to us.
1 7. Mark D. Rasch, supra note 1 1 .
360 JOURNAL OF THE INDIAN LA W INSTITUTE ļ Vol. 44 : 3
one is able to access the computer system, the act of copying,

downloading or in any way 'stealing' the information amounts to cyber
theft.
Problems arise when we make an attempt to rationalize our accusation
of cyber thefts under the traditional notions of 'theft'. Under the Indian
Penal Code, there should be an actual movement of a moveable property
and consequently, a loss to the owner of the property becomes a pre-
condition for a successful prosecution in 'theft' cases. In the wired
world, other difficulties arise in the prosecution of individuals for the
'theft' of information. In the instance of theft of computerized
information, the 'stolen' property remains precisely where it was, and
the owner is not deprived of the actual use of the information.18 What
then should be our consideration for bringing the cyber criminal to
books? Following suggestions have been put forth:
(a) Can it come within the traditional ambit of 'theft' under section
37819 of the Indian Penal Code, 1860? It deals with the offence
of the theft of moveable property only. It is being questioned
whether Internet time can be brought within the ambit of
property, moveable or immoveable. It is being further argued
that time has never been considered a property at any point of
time in history.20 However, can we interpret the law as to
encompass new technological changes21 or should it be that
we should not make such an interpretation on ground that the
drafters would not have such intention at all of including cyber
theft within section 378 since computer was quite unknown in
that era? Interestingly, those trying to work in this area have
not stopped here. Rather, they have actually brought, by
18. ibid.
19. Whoever, intending to take dishonestly any moveable property out of the
possession of any person without that person's consent, moves that property in
order to such taking, is to commit theft.
20. Pawan Duggal, "India's first cyber crook nabbing raises sticky cyber law
issues ", The Financial Express , June 2, 2000, available at http://
www. financialexpress.com/fe/daily/20000602/efe02005. html.
21. Senior Electric Inspector v. Laxmi Narayan Chopra , AIR 1962 SC 159 at
163, '.. in the modern progressive society it would be unreasonable +o confine the
intention of a legislature to the meaning attributable to the word used at the time the
law was made, for a modern legislature making laws to govern a society which is
fast moving must be presumed to be aware of an enlarged meaning the same concept
might attract with the march of time and with the revolutionary changes brought
about in social, economic, political and scientific and other fields of human activity.
Indeed, unless a contrary intention appears, an interpretation should be given to the
words used to take in new facts and situations, if the words -are capable of
comprehending them.'
attempting to prove Internet hours as a moveable prop

cyber theft within the ambit of section 3 78. 22
(b) Can ISPs be held responsible in case of theft of passw

An umbrella protection has been given to them under se
7923 of the IT Act. Ramesh Ramnath, vice- president in ch
of retail business, Satyam Infoway, is of the view that IS
take measures to prevent misuse of Internet hours like u
caller identification line preventing two users to log ont
Internet at the same time with same identity and passwor
(c) Can section 2524 of the Telegraph Act be of any help?
been alleged to that it was invoked in India's first cyber
it talks of intentionally damaging or tampering with teleg
But the definition of telegraph, loosely defined, cann
stretched so much as to include Internet and cyberspace.
us take a hypothetical situation to understand the IT
application here:
22. The question which arises is whether the Internet hours are mov
immovable property. Before that can be answered one more point which ar
time a property? In the author's humble opinion, Internet hours should be
moveable property. The reasons for it are that one can use his Internet
anywhere in the circuit/country. The author further points out that it is
property as it can be severed from the earth, but to use it we may have t
substance from the earth viz., telephone line; it can be totally severed from
if connection is vide VSAT. As far as Internet hours are concerned the
"time" i.e. to say 9:15 a.m. or 12:00 noon or 6:00 p.m. They are hours,
hours or 25 hours or 500 hours. This is the time, which one can consum
his Internet account, it is his property which comes with an expiry date,
expiry date means not only within period of 3 months or 1 year but in
This brings the act well within s.378 of IPC and thus punishable u/s 3
Charu Mathur, "Cyber Chori", at http://www.indcyberlaws.com/~ind
cyber_chori.htm).
23. Network service providers not to be liable in certain cases - For the
of doubts, it is hereby declared that no person providing any service as
service provider shall be liable under this Act, rulés or regulations made th
for any third party information or data made available by him if he prov
offence or contravention was committed without his knowledge or tha
exercised all due diligence to prevent the commission of such o
contravention.
24. If any person, intending - (a) to prevent or obstruct the transmission or

delivery of any message, or (b) to intercept or to acquaint himself with the contents
of any message, or (c) to commit mischief, damages, removes, tampers with or
touches any battery, machinery, telegraph line post or other thing whatever, being
part of or used in or about any telegraph or in the working thereof, he shall be
punished with imprisonment for a term which may extend to three years, or with
fine, or with both.
25. Pawan Duggal, "Cyber Theft and the Indian Telegraph Act, 1 885 ", available
at http://www.cyberlawindia.com/colouml3june.htm.
Case situation : X, a computer user, unauthorizedly gains acc

ISP's computer system, copies usernames and passwords an
the Internet hours. Can he be prosecuted under the IT Act an
other law? In the author's view, the IT Act has introduced certain
provisions within which X can be prosecuted.
Analysis
Firstly, section 43(a) of the IT Act makes a person liable if he,

without the permission of the owner or any other person who is in
charge of a computer, computer system or computer network, accesses
or secures access to it. Clearly, X can be found guilty since he gained
access into the ISP's computer system without any authorization.
Secondly, section 43(b) of the IT Act makes unauthorized
downloading, copying or extracting any data, computer data base or
information from such a computer including information or data held or
stored in any removable storage medium a wrong as well. Again, X can
be held under this category for copying the usernames and passwords.
Thirdly, section 43(f) of the IT Act deals with denial or causing the
denial of access to any person authorized to access any computer,
computer system or computer network by any means. Now, let us take a
customer, Y, who has 100 hours in his account. If X is able to gain
access to the username and password of Y and exhausts the entire Internet
hours, Y would be unable to access the ISP's computer system in order
to log on to the Internet. So, by the act of wrongfully exhausting the
entire Internet hours, X has caused the denial of access of Y into the
ISP's computer system, which otherwise Y was entitled to. X can,
therefore, be held under this section.
Section 43 of the IT Act deals only with civil liability and X will be
liable to pay damages by way of compensation. This does not, however,
solve the problem of putting the question of 'Internet hours' into the
category of 'cyber-thefť. For this we will have to look into section 66 26
of the IT Act. The section makes certain actions an offence if it is done
with the intent of causing wrongful loss or damage to the public.
Technically, the username and password information is in a database
in the ISP's computer system. Further, the number of unused hours
would also be indicated in an internally connected database. As the
number of hours is being used, this information is being altered by the
26. "Hacking with computer system (1) Whoever with tKe intent to cause or
knowing that he is likely to cause wrongful loss or damage to the public or any
person destroys or deletes or alters any information residing in a computer resource
or diminishes its value or utility or affects it injuriously by any means, commits
hack:...."
2002] INDIAN INFORMA TION TECHNOLOGY A CT, 2000 363
the unauthorized user, here, X. Also, the value of the informa

being diminished, as each hour signifies a certain value. As the
of hours reduces, the value of such information in the database
number of unused hours diminishes. And this causes loss to the c
Y. Using this analysis, X has knowingly caused loss to Y by alt
information regarding the Internet hours residing in the ISP's
system to the effect Y can no longer make use of all the hours f
he had paid the ISP. This act is an offence and punishable unde
43(2) with imprisonment up to three years or with fine w
extend up to two lakh rupees, or with both. Therefore, we
concern ourselves with an inquiry as to whether 'time' is a pro
whether 'cyber-thefť is 'theft' under the traditional law. A
changes and new cases come up, we have to analyse and interp
laws and decide such cases not only in the light of the enactm
also by understanding the technology and its working. With t
of the IT Act, neither the Telegraph Act nor the Indian Penal
any consequence for certain crimes, which can be explained on
cyber law and understanding the technology working behind it
Cyber crimes - hacking: section 6627 of the IT Act
One of the serious cyber crimes with which the net users, e
governmental agencies and the corporations, are concerned is
In simple terms, it refers to the act of unauthorized entry into a p
computer system. However, there is more to it than just this.
has been termed as interacting with a computer in a play
exploratory rather than a goal-directed way.28 The word 'hack
Massachusetts Institute of Technology (MIT) usually refers to
benign, and "ethical" prank or practical joke, which is both ch
for the perpetrators and amusing to the MIT community (and s
even to the rest of the world!).29 Those who hack also concern t
with hack ethic (belief that system-cracking for fun and expl
ethically OK as long as the cracker commits no theft, vand
breach of confidentiality).30 However, trouble arises when thes
go overboard and start prying into protected system and data fo
gain or mischief.
27. "Hacking with computer system. (1) Whoever with the intent to
knowing that he is likely to cause wrongful loss or damage to the pub
person destroys or deletes or alters any information residing in a comput
or diminishes its value or utility or affects it injuriously by any mean
hack ..." (emphasis added).
28. The Jargon Dictionary at http://info.astrian.net/jargon/terms/h.html
29. See, http://hacks.mit.edu.
30. Supra note 28.
Section 66 has been drafted in wide terms and covers a pr

wide range of activities relating to computers. We might b
by taking a few real-life cases, which have come up in Indi
Act was enforced.
Case situation # 1
There is a contract between the Internet service provider (hereinafter

4 ISP') and the website owner for providing of space for the website and
hosting and/or maintaining the website. The owner is required to pay a
certain sum of monthly fee. The owner after some time defaults and the
ISP discontinues the service. The owner sues the ISP under section 66
alleging 'hacking'.
Analysis
In the IT industry, the CEOs of companies which are in the web-

hosting businesses complained that because of the definition of 'hacking'
under section 66, they cannot do anything even if a website's owner
does not pay the rent of the server he uses to host the site. In fact,
server space providers have started restoring the websites, which they
had earlier blocked because of the non-payment of the hosting charges.31
ISPs have been receiving threatening calls to either restore the sites or
they could complain against them for hacking the sites.32 However, no
statutory support could be found in such reasoning. There is no reason
for the ISPs to feel unprotected under section 66. Rather, the section
has been drafted so as to eliminate the ISPs from any kind of liability,
which might have inflicted upon them in case of their discontinuing the
service due to valid reasons like non-payment of the service contract
price. Two legal arguments to protect the ISPs can be put forth:
(1) Hacking: It is being argued that the section does not make any
distinction between acts committed by a hacker and a service provider.33
Further, the general notion prevalent in the IT industry is that if the
ISPs block a website as its owner has not paid the rent for the server it
uses, they would fall under the category "diminishes its value or utility"
of the definition of hacking and, therefore, would be held liable for that.
In this situation, no website owner would pay them anything for the
renewal and still the service provider would not be able to take any
action.34
31. Prabhakar Sinha & N. Vidyasagar, "Hacking under Section 66 creates

confusion". The Times of India, February 12, 2001, available at 2001 WL 10612091.
32. Id (quoting G. P. Singh, President of Delhi Net).
33. Id. (quoting Chander Lall, IT lawyer).
34. Id. (quoting Rajiv Chugh of Economical Host, a server space provider).
One fails to understand this interpretation. Section 66 st

alia that a person will be held liable for 'hacking' only if
intent to cause or knowing that he is likely to cause wrong
damage to any person, diminishes the value or utility of any
residing in a computer resource or affects it injuriously by a
we argue that an ISP, by discontinuing the service, has dim
value of the information thereby leading to loss or damage
site owner, it has also to be considered that such loss or dam
be "wrongful". It means that the act of ISP should be suc
have no legal justification or righteousness which would the
judicial inquiry for adjudicating upon the question of 'ha
section 66. However, to the author, discontinuation of servi
non-payment seems an acceptable legal excuse to eliminate an
of usage of section 66.
(2) Breach of contract argument: Providing of service by
the website owner is under a service agreement. One of t
this contract relate to payment for the service provided. In
breach of contract, one can very well presume that the other
under the legal excuse of breach of contract, discontinue
This cannot and should not be taken as hacking under sectio
Dewang Mehta, President, NASSCOM35 , opined that
provider is very much within the law to withdraw his se
does not get the payment for it. He felt that under the
provider is not allowed to deface or change the content
According to him, world over even the domain name of a site
if the payment does not come in time. The service is bei
under a contract, if one party has violated it, the other party
action as per the agreement.36
As already discussed above, both under section 66 and
law of contracts, the ISP can discontinue service in case of n
of the fee for hosting and/or maintaining the website. The
recent Indian court order dated February 9, 2001, made und
66, rejecting the bail plea of two persons who were charged w
a site, which was hosted on their server. It was felt by the co
blockings of the site by the server space providers "have no j
as the payment for hosting the site was made up to April 2
has stirred commotion since the order was passed under
which deals with hacking only37 instead of, under a civil suit
35. National Association of Software and Sefrvice Companies, the

information technology software and services industry in
www.nasscom.org.
36. Supra note 31 (quoting Dewang Mehta).
37. Supra note 3 1 .
of contractual obligation.
What is objectionable is that the court referred to sectio
in the view of the author, is of no consequence. The case i
of contractual obligation and should be treated as such. W
Act coming into play, we should be careful in interpr
developing the Indian IT jurisprudence lest in our haste an
we take wrong turns which would later take time to unra
be harmful to the booming IT industry in India.
Case situation # 2 - MTX virus case:
The first cyber crime since the enactment of the IT Act was cracke
by the White Collar Offences (WCO) team in Hyderabad38 when, o
complaint of receiver of an e-mail with a virus39 attachment along wit
Diwali40 greetings posted by Satyam41 Online staff to all of
subscribers, the e-mail addressed was traced to the mailer. Investigatio
revealed the virus to be MTX42 , which got spread through the bu
Diwali greetings sent by Satyam Online staff.
Analysis
The question is whether the accused can at all be rounded up for

any offence. In this case, the virus causing loss/damage of data is of the
nature, which spreads without the knowledge of the sender. The virus
sends itself automatically as an attachment with e-mail without the
knowledge of the sender. It is only when the receiver informs the sender
of such attachment that the sender might become aware that his/her
computer is infected. One could as a precaution use an effective, updated
virus engine to avoid such a situation. However, would failure to use an
effective scanner amount to negligence giving rise to a civil action
38. "City sleuths crack first cyber crime", Times of India , November 25, 2000,
available at http://www.timesofindia.com/25 1 1 00/25mhvd3.htm.
39. IT Act, s. 43, Explanation (iii) - "computer virus" means any computer
instruction, information, data or programme that destroys, damages, degrades or
adversely affects the performance of a computer resource or attaches itself to another
computer resource and operates when a programme, data or instruction is executed
or some other event takes place in that computer resource.
40. A Hindu festival in India celebrated in October-November.
41. One of the private Internet service providers in India; www.satyam.com.
42. MTX is a 32bit PE file infector for Windows 9x/NT systems. This virus
modifies WSOCK32.DLL in an effort to hook SMTP traffic as an attachment. This
virus searches for available shares through network neighbourhood in an effort to
transfer to host systems. It was discovered on August 23, 2000. (See, http://
vil.mcafee.com/dispVirus.asp? virus_k=98797&).
2002] INDIAN INFORMA TION TECHNOLOGY ACT. 2000 367
under the common law of torts? Alternatively, would it be acc

a cyber offence and thus, leading to criminal liability? Can we
presence of any mens rea to initiate a criminal action?
In the author's view, it is difficult to bring these cases under
Code or the cyber offences section of the IT Act. Under a civil
one might be held liable for negligence for failure to use ef
electronic protective software against the spread of virus. This m
fact be a stronger argument against the ISP, which undoubtedl
heavier responsibility. In this case, in the author's view, the ISP
held vicariously liable for any damage done.
The question also arises whether such a liability should be an a
liability or not. Should it be that because the ISP is providing a
to the general public, it is irrelevant whether he was negligent
His act of providing service in itself also gives a guarantee of e
service and the ISP is strictly liable for any damage caused
consumer due to such service.
Another concept, which can be thrown into the court at this stage, is
that of mitigation of damages. Questions relevant in this context would
be:
(1) Whether the ISP took adequate steps to ensure that there is no
virus attached to the e-mail?
(2) Whether the ISP, after being informed of the virus, took
immediate adequate steps to inform the consumers of the virus
and the remedies available?
(3) A virus does not get activated unless the virus file attached to
the e-mail is opened. Is the consumer sophisticated enough to
take precaution not to open an attachment, which he/she is not
expecting from the sender?
(4) Is the consumer using an effective, updated virus scanner?
(5) Did the consumer immediately inform the ISP in case the virus
hit him/her?
How would the Indian courts surf through these inquiries is yet to be
seen....
Cyber crimes - spamming
You get up one morning, check your e-mail and

your inbox. You spend almost 40 minutes of your I
reading and deleting them since they are all unsoli
mails. Welcome to the world of cyberspamming!
Spam is flooding the Internet with many copies o
in an attempt to force the message on people who
368 JOURNAL OF THE INDIAN LA W INSTITUTE [Vol . 44 : 3
choose to receive it. Most spam is commercial advertising.43

'spam', as used in a newsgroup, means, "the same article (or
the same article) posted an unacceptably high number of tim
more newsgroups". Content is irrelevant. 'Spam' doesn't m
doesn't mean 'abuse'. It doesn't mean 'posts whose content
Spam is a funky name for a phenomenon that can be measu
objectively: did that post appear X times?44
E-mail spam targets individual users with direct e-mail m
no other form of advertisement does the advertiser pa
compared to those to whom the advertisement is aimed. Th
unsolicited commercial electronic mail may result in costs t
who cannot refuse to accept such mail and who incur co
storage of such mail, or for the time spent, reviewing and
such mail, or for both. It may impose significant monet
providers of Internet access services, as there is a finite vol
that such providers can handle without further investment.
of such mail is increasingly and negatively affecting the qual
provided to customers of Internet access service, and shiftin
the sender of the advertisement to the provider of Internet
and the recipient.45
From the above discussion, we can deduce that there can be two
groups interested in taking legal action against the spammers: (A) the
Internet service providers; (B) the recipient of the e-mail that is the
user.
(A) The Internet service providers: They have a critical int

this matter. Statistics show that, due to spamming by Cyber P
AOL almost lost around 5,000 hours of connect time disca
spam.46 It also puts enormous pressure on their computer sy
network.47 The consequent result is the loss of consumers wh
43. Scott Hazen Mueller, "What is Spam ?", at http://spam.

whatisspam.html.
44. "The Net Abuse FAQ", available at http://www.cybemothing.org
abuse-faq.html#2. 1 (Twenty appears to be the magic number for the fi
45. Findings, S, 630, CAN SPAM Act of 2001 (introduced in th
available at http://thomas.loc.gov.
46. AOL has said* that they were receiving 1.8 million spams fro
Promotions per day until they got a court injunction to stop it. Assu
takes the typical AOL user only 1Ó secojnds to identify and discard a me
still -5,000 hours per day of connect time per day spent discarding thei
on AOL. (See, "Why is Spam Bad" at http://spam.abuse.net/spam/spam
47. Michael Mangino, a software developer for Compuserve who m
mail processing computer equipment, states by affidavit that handling t
volume of mass mailings that Compuserve receives places a tremendou
its equipment. (See, Compuserve Inc. v. Cyber Promotions, 962 F. Sup
prefer an alternative service provider and lesser number of spa

In Compuserve Inc. v. Cyber Promotions , the court found that
mailing by the defendants caused "the value of [Compuserve's equ
to be] diminished even though it is not physically damaged by de
conduct".
Though there has been some concern that there is no provision for
spamming under the IT Act, the author feels that this activity could
squarely be brought under section 43(e)48 of the Act. Spamming leads
to disruption49 of the ISP's computer network which is a pre-requisite
for pressing section 43(e) into service. The huge amount of unsolicited
e-mail leads the ISPs to have them reviewed by technical experts to get
a clue as to their origin, have them removed from the system, loss of
Internet hours, misuse of resources, loss of customers and overall
stagnation of the system. Though one might argue that the network is
still on and the Internet service is still being provided, but it is evident
that the system becomes much slower, the wastage of hours is enormous
and over and above, it is unauthorized and unwarranted which complies
with the statutory provision.
(B) Consumer/user: It is the user of the e-mail account who suffers
the most in case of spamming. However, not much remedy has been
provided under the IT Act. Since, there is no specific provision regarding
spamming, we have to fit in the case in one of the available provisions.
Let us re-visit section 43 and concentrate on clause (f)50 of that section.
Let us suppose that Y, a spammer, spams X, a user, with an e-mail
account with an ISP. The ISP due to over-quota disables the account. In
such a situation, the author feels, Y can be rightly held liable under
section 43(f) for causing the denial to access to X his own e-mail account.
Since Y spammed the e-mail account, X's e-mail account went over the
quota with the result that the ISP had to disable the account. X was
denied access to his own e-mail account due to Y 's unauthorized action.
However, this will be an extreme case. Generally, just a few messages
are sent to a particular user each day by the spammer. In such a case,
48. If any person without permission of the owner or any other person who is
incharge of a computer, computer system or computer network, - (e) disrupts or
causes disruption of any computer, computer system of computer network; he shall
be liable to pay damages by way of compensation not exceeding one crore rupees to
the person so affected.
49. To throw into confusion or disorder (See, http://www.dictionary.com/cgi-
bin/dict.pl? term=disruptiort).
50. If any person without permission of the owner or any other person who is
incharge of a computer, computer system or computer network, - (f) denies or
causes the denial of access to any person authorized to access computer, computer
system or computer network by any means; he shall be liable to pay damages by way
of compensation not exceeding one crore rupees to the person so affected.
there won't be any denial of e-mail service. However, the user

to go through the trouble of viewing the messages and deleti
and in case of excessive spamming, reporting them to the ISP
follow-up. All this requires time, money and effort. In such
user might have a case under the common law of torts for nu
Another argument could be that of trespass to chattels. By
the spam e-mails, the spammer is trespassing into my ter
diminishing its value. Some might object to this argument, as
physical trespass. However, we have to understand that w
protecting is the right/interest of a person in the property an
property itself. Of course, the interest of the person in the pro
protect the property. In such a situation, what is essential is
done to the interest of the person rather then the way it is be
might be done physically or digitally. On this theory, even th
has been no physical entry, there has been an unauthori
penetration into the computer by the action of the spammer b
the spam e-mail destined to make its way into the user's e-m
Whether any harm has been caused or not is not essenti
essential is that it is within the right/interest of the user to e
entry of such e-mails into his account. Therefore, what is req
'opt-in'51 method rather than an 'opt-out'52 option. Unsolicited
generally work on 'opt-out' method rather than 'opt-in'. This
wrong. Taking an analogy, we would not enter into other's pro
start using it unless the owner asks us to enter. Rather, we w
ask and then enter. In case of former situation, we would be
trespass. In the same way the unsolicited messages should be t
being trespassing into the user's account without any auth
appropriately, an action should lie against the offender. Howe
the courts will react to such an argument situation is to be se
To clarify all ambiguity, it will be preferable if specific p
on spamming were introduced making unsolicited commun
51. "Opt-in" means the e-mail recipient chooses to join the list. It
permission, meaning the recipient has given the sender explicit permi
him/her e-mail in a certain capacity.
52. "Opt-out" means that you tell a company that you don't want t
your information for certain purposes or sell it to others. Typically, wh
out, you are not aptually taken off of a list "but added to a list of people
want their personal information shared with other companies or who do
receive telemarketing calls or direct mail. Sometimes businesses allow
out of having them use your information to send you solicitations. Freq
will receive some kind of confirmation (e.g., online you may get a We
mail confirmation), but sometimes you may not. A company's privacy
give you more information about their opt-outs. (See, http://opt-out.cdt.org
#1).
messages across the wires, for the purpose of commercial a

the cost of the recipient, unlawful.
IV Digital discovery and law enforcement agencie
In criminal prosecutions, discovery procedure and une

relevant evidence is of utmost importance. How much
legislatures enact laws and judges interpret them, with
evidence, it is quite impossible to book the guilty. With the
computers, the procedure of evidence digging becomes
fascinating, challenging, technical and troublesome. Tech
savvy law enforcement agencies and absence of any link
the technical expertise and such agencies adds to the proble
IT Act springing up in action, the relevancy of knowing th
know-how and establishing nexus with the digital world is g
surely being recognized.
Digital discovery refers to the discovery of digital inf
document files, e-mail and data files from servers, desktops
and back-up tapes. The digital revolution has enabled us to c
in a more sophisticated and more efficient manner. It has a
inadvertently, left behind data trails that more perfectly ch
we have thought and done than any other method of pr
interaction in history. As we have come to understand, the
of digital communication represent a powerful tool of tran
those interested in exposing wrongdoing.53
One way to see the digital world is that, once in it, all the
put by any individual or company leaves a digital data trail
all communications and actions. That data is then networke
to any analyst of that network. Companies that have embr
communications for their business processes have d
remarkably little concern for the consequences in litigation
the government's devastating use of discovered e-mails again
in the Microsoft antitrust case served as a startling wake-u
managers of corporate America.54
People are accepting with feverish realization the fac
their computers, computer disks, computer memory, data
e-mail messages sent and received, and all back-up computer
be made use to extract evidence for a successful prosecu
mail leaves a digital trail that with some effort can be traced
sender. Without talking specifically about cyber crimes, ev
53. See, http://cyber.law.harvard.edu/digitaldiscovery/CLE.html.

54. Charles Nesson, Digital Discovery.
litigation areas as well, how much important and devastating

digital data is unimaginable.
One has also to be cautious about digital evidence co
Investigators are troubled by the fact that a user, with
technologies, can quickly delete long lists of relevant inform
little evidence of the event. Users can also encrypt their files
difficult or impossible to obtain readable information from a
disk. The owner of the disk can conveniently claim they have
the password.55
Even the White House has been a target. In mid-February
chief of the White House computer operations Sheryl Hall all
Clinton administration officials were involved in an e-mail co
mail messages written between August 1996 and November
intentionally made unavailable to both the justice depart
congressional investigators. E-mails pertained to certain litiga
Monica Lewinsky, Filegate, campaign finance, etc.56 However
mails were merely labelled as classified and made unavailab
Question is whether deleting any digital information woul
completely unavailable. Is all the information 'deleted' actually
James Rosenbaum argues that a computer's delete key rep
elaborate deception. The deception is pure, and inheres in
name: When the delete key is used, nothing is deleted.57
contrary to the popular notion, deleting the key does not
information vanish. Rather the information is merely labelle
'deleted' on the storage media so that the space is now ava
writing. With just the proper software and a good operating
one can very possibly retrieve the 'deleted' data.
It is important that in cyber prosecutions, one should not o
the knowledge but also the inclination to use the technologies
55. Mike Dockery, "Digital Discovery and Recovery, A New Kind of

Gathering", at http://www.pimall.eom/nais/n.digit.discer.htrhl.
56. "Case Study - You've Lost Mail: The White House E-mail Saga"
at http://cyber.law.harvard.edu/digitaldiscovery/digdisc library 6.html.
57. For those with little knowledge, and less interest, a computer'
acts somewhat like a thief who steals a card from the old library's car
the card was in place, the librarian could decode the library's filing syst
the book. If the card was gone, or unreadable, the book was still in the li
could no longer be found amidst the library's stacked shelves. In a co
Most' book can be found with very little effort. (See, James M. Ro
Defense of the delete Key).
58. E.g., in NetWare 5.1, Networking Software, SYS: DELETED. SA
files that have been deleted from deleted directories. Salvageable file
stored in the directory from which they were deleted. If a directory is
salvageable files from the deleted directory are moved to the deleted. sa
Deleted files can be salvaged if they have not yet been purged.
Though the Indian government is patting itself on the back fo

notified the IT Act, there is an absence of the mindset, which i
to be filled up.
The IT Act is not just about triggering e-governance. T
bureaucrats to move will require more and more computers-cu
miserable penetration of 3.6 PCs per 1,000 in India compar
per 1,000 in the US, according to a report by Arthur Anderso
require a change in attitude. But a legal standing for contr
even paying for vacations is the bedrock. It will provide confi
there is recourse to law if somebody rips you off.59 And, that
can be provided only when we have a proper law enforcem
equipped with the latest technology, skilled to incorporate
discovery issues. Moreover, the people involved should have
mental framework to change their way of thinking and appro
new cyber crimes penetrating, seemingly silently and unknow
rather quite devastatingly through the web.
Opinions from various segments of the society confirm that
enforcement agency is not yet ready to tackle the issues of cyb
and digital discovery. The police in India has no training what
the detection and prevention of cyber crimes.60 The Info
Technology Minister, Pramod Mahajan himself said that eve
of police stations needed trained people to tackle e-crime.61
first cyber case in the State of Uttar Pradesh, the investigation
of the rank of deputy superintendent of police - confessed th
never used the Internet and now, for the purpose of proper inv
of cyber crimes, he has to get on to the Net.62
However, this is not an uncommon situation. Victims i
stalking have been advised by the police to 'turn off their com
59. Sudeep Chakravarti, "Cyber Chatter: The Law in these Parts", Ind
October 30, 2000, available at 2000 WL 2152523
60. Editorial, "The Big Brahmins want to Police the Net", Times of
16, 2000, available at http://dalitstan.0rg/i0urnal/recthist/t0tal/i t bill.ht
61. Pramod Mahajan, IT Minister, "IT law gives police powers
cybercrimes", The Times of India, October 1 8, 2000. available at 2000 WL
62. Pervez Iqbal Siddiqui, "UP Police caught web-footed", Times
February 16, 2001, available at 2001 WL 13629585.
63. Case Example: Deborah has been stalked in a chat room for over s
during which time detailed personal information and a doctored por
photograph with her likeness has been posted on a website. The cyber
threatened to rape and kill her. And too often, untrained police offic
address the situation, as they should. Advocacy groups say that when vict
their situation to authorities, a frequent response is "turn off your comp
http://www.wired.eom/news/politics/0, 1 283, 35728, 00.html).
or change their phone number64 rather than trailing the gu

that it is not that the police do not want to assist but it is ju
not understand the gravity of the action. They tend to und
because an illegal act was performed digitally.
What the next step for booking the cyber criminals is to
language - the language of bits and bytes, of one's and
essential to incorporate necessary digital know-how in trai
law enforcement agencies. However, is training enough
thinks in the negative. To grab criminals, one needs to und
criminals by stepping into their shoes, understanding thei
This requires a complete change in the mental attitude and
of the crime done.
Towards this, Catherine Therese Clarke attempts to conceptualise
and harmonize the police culture and Internet culture.65 According to
Clarke, although policing of the Internet is inevitable, traditional police
attitudes and procedures may not be successful in this new forum.
Communication will likely be strained, given that traditional police
culture clashes with the Internet veterans' culture of unrestrained
freedom. Police officers tend to bond closely with other officers, an
often display an "us against them " mentality. Traditional police cultu
has been characterized as 4 a culture of officers who are bonded togeth
because the life of one depends on the other'.66 Clarke suggests
reversal of the traditional exclusionary approach. To be effective in a
arcane and technically advanced area, law enforcement agents will nee
help. Yet a vast canyon separates the hacker culture and the pol
culture, with the latter requiring the expertise of the former. This culture
64. A recent incident demonstrates how the lack of law enforcement traini
and expertise can frustrate cyber stalking victims: A woman complained to a l
police agency that a man had been posting information on the web claiming that
nine-year-old daughter was available for sex. The web posting included their ph
number. They received numerous calls. The problem was reported to the local poli
agency on numerous occasions, but the agency simply advised the couple to cha
their phone number. Subsequently, the couple contacted the FBI, which opened
investigation. It was discovered that the local police agency did not have a comput
expert, and the investigative officer had never been on the Internet. The local agen
lack of familiarity and resources may have resulted in a failure to understand
seriousness of the problem and the options available to law enforcement to respon
to such problems. (See, "1999 Report on Cyber Stalking: A New Challenge for L
Enforcement and Industry", available at http://www.cybercrime.gov/cyber
talking.htm).
65. Clarke, "From Criminal to Cyber-Prep: Toward an Inclusive Approach to
Policing the Evolving Criminal mens rea on the Internet", 75 Or L Rev 191.
66. Kevin Sack, "Racism of a Rogue Officer Casts Suspicion on Police
Nationwide", NY Times , Sept. 4, 1995, s 1, at 1 (quoting Huber Williams, President
of the Police Foundation, Washington, D.C.)
2002] INDIAN INFORMA TION TECHNOLOGY A CT. 2000 375
this approach needs a drastic change - a change from * bein

from them ' to ' being a part of them and learning from t
them' If the law enforcement agencies refrain from thi
only will they not understand the consequences of the acti
the digital superhighway but, as pointed by Mike Godwin,
the Electronic Frontier Foundation, it will also 'vastly incr
that they'll misunderstand some conduct they see or hear a
What the author is aiming at is the urgency and rele
positive action to be taken by the law enforcement agen
The area is quite complicated. But with patience and proper
will be able to control cyber space crimes as well. What
positive, technically inclined, innovative and enthusiastic c
force to tackle 'them'.
V Cyber jurisdiction in cyber crime cases:

section 75 of the IT Act
One of the intriguing provisions of the Act seems to be section 75

which contemplates the application of the IT Act for offences or
contravention committed outside India. Whether such a provision can at
all be accepted prima facie has been a question of great debate and
anxiety. Section 75 of the IT Act reads as under:
75. Act to apply for offence or contravention committed outside
India- (1) Subject to the provisions of sub-section (2), the
provisions of this Act shall apply also to any offence or
contravention committed outside India by any person irrespective
of his nationality.
(2) For the purposes of sub-section (1), this Act shall apply to
an offence or contravention committed outside India by any
person if the act or conduct constituting the offence or
contravention involved a computer68, computer system69 or
67. Ted Anthony, "Cyberspace 'Sheriff Patrols Computer Frontier", LA Times ,

Apr. 10, 1994.
68. S.2 (i) - 'computer' means any electronic, magnetic, optical or other high-
speed data processing device or system which performs logical, arithmetic and
memory functions by manipulations of electronic, magnetic or optical impulses, and
includes all input, output, processing, storage, computer software or communication
facilities which are connected or related to the computer in a computer system or
computer network.
69. S.2 (j) - 'computer network' means the interconnection of one or more
computers through - (i) the use of satellite, microwave, terrestrial line or other
communication media; and (ii) terminals or a complex consisting of two or more
interconnected computers whether or not the interconnection is continuously
maintained.
computer network70 located in India.

The debate concerns the extra-territorial application of the
and whether such application can at all be permissible within t
defined law of criminal jurisdiction. Does not this section alm
the whole world within the jurisdiction of the Indian courts?
Indian courts probably exercise such a wide jurisdiction? Wher
find the limit?
To understand the concept behind this section, we need to understand
the 'consequence' or the 'terminatory' theory, which has achieved
considerable success in other leading jurisdictions around the world
apart from India itself. The principle is that where an act is done abroad
and the criminal effect is produced here, the crime is taken to be
committed here.71 This theory has been described as the 'terminatory
theory'.72 One can notice and quote various examples, be it English73
70. S.2 (1) - 'computer system' means a device or collection of devices, including
input or output support devices and excluding calculators which are not programmable
and capable of being used in conjunction with external files which contain computer
programes, electronic instructions, input data and output data that performs logic,
arithmetic, data storage and retrieval, communication control and other functions.
71. CLA 1977, S.l (4), reaffirming the rule in Stonehouse [1978] AC 55 in
Glanville Williams, Textbook of Criminal Law , (2nd ed) at 165.
72. E.g. a wound inflicted in Scotland is triable in England if a person standing
on the Scottish Bank of the Tweed fires at and wounds a person in England. This is
the 'terminatory theory' of the criminal act; the elements of the crime being split
between two countries, it is regarded as being committed where the prescribed result
takes place. Even if the attacker misses, he can be tried in England for the attemot.
73. A person, though himself abroad, may by the hands of an innocent agent
commit a crime in England, e.g., by posting in France a libellous letter or a forged
telegram, which the postman will deliver for him in London. If the Frenchman
comes to England, he may be tried there. (See, Kenny's, Outlines of Criminal Law ,
18th ed., 535 pr. 647 (1962 Cambridge University Press); Where a man in Paris by
false returns caused incorrect figures to be entered in the account books of his firm
in London, it was held that the offence of false accounting was committed by him in
London. (R. v. Oliphant , [1905]2 K.B. 67; R. v. Harden , [ 1 962] 1 All ER 286); D,
in Miami, falsely staged his death by drowning with the intention that his innocent
wife in England should claim life insurance monies. He was guilty of attempting to
enable his wife to obtain money by deception. The 'effect' was the communication
through the media to her and the insurance companies of the false statement that he
had died. ( Director of Public Prosecution v. Stonehouse , [1977] 2 All ER 909);
Coombes from the shore shot a man engaged in pushing off a boat aground on a
sandbank in the sea, 100 yards from the shore, it was held that Coombe's crime was
committed on the high sea, and that he was subject to the Admiralty jurisdiction.
(Leach, 388 in Sir James Fitzjames Stephen, A History of the Criminal Law of
England , Vol. II at 11).
or American74 , of this kind of extra-territorial jurisdiction bein

by courts on the basis of the terminatory or the consequence
these cases reaffirm the principle of criminal law that a crim
by an act, which extends over more jurisdiction than on
tried in the jurisdiction in which it takes effect, whether or
committed in the jurisdiction in which it begins to be done.7
Somewhat in the same criterion is section 179 of the Code of
Criminal Procedure. The section contemplates cases in which the thing
done and its consequence happen in two different areas of jurisdiction
and provides that in such cases the offence constituted by the act and
the consequence may be inquired into or tried in either of the tw
areas.76 In an Indian case of this nature, 'A' at Karachi was maki
representations to the complainant at Bombay, through letters, telegram
and telephone talks, sometimes directly to 'B' and sometimes through
commission agent. 'B' parted with money in good faith of the
representations, which were false. It was held that the representation
were made to 'B' at Bombay notwithstanding that 4 A1 was making th
representations from Karachi. Hence, the entire offence took place at
Bombay and not merely one ingredient of it, (which was consequen
of the false representations), namely, the parting with the money by 'B
It was held by the Supreme Court of India that the offence will b
triable both at the place from where the false representations were ma
as well as where the parting of property took place.77
If the jurisdiction for cross-border killing or conspiracy or fals
representations is accepted, then with the Internet giving a much wid
and global scope of committing crimes (the consequences of which can
be almost anywhere in the world), providing for a global jurisdiction
tackle crime is in itself not a new phenomena but merely an extension
74. Simpson v. State , 92 Ga 41, 17 SE 984 (1893) - The victim was in a sma
boat near the Georgia side of the wide Savannath River. Simpson, the defendan
stood on the opposite South Carolina Bank and fired several shots at the vessel. T
bullets missed the boat but struck the water nearby. The Supreme Court of Georgi
held that jurisdiction attached with these circumstances and that Simpson coul
properly be prosecuted in Georgia even though the defendant was clearly in anoth
state at the time of shooting. The location of the victim and the place where t
bullets landed established the basis for the decision; U.S. v. Davis , 2 Sumner, 482
an American sailor in a ship in one of the Society Island's harbours fired a sho
which killed a man in (apparently) a foreign ship. The American court held that th
crime was committed on board the foreign ship, and that therefore the Americ
court had no jurisdiction to try it.
75. R. v. Kver , L.R. 2 Ex. 103.
76. See, e.g., 1968 Cr LJ 555 (All); AIR 1961 AP 266: 1961 (1) Cr LJ 804.
77. Mobarak AH Ahmed v. State of Bombay, AIR 1957 SC 857.
378 JOURNAL OF THE INDIAN LA W INSTITUTE [Vol . 44 : 3
the 'terminatory' or the 'effect' theory. The Net seems t

with dimensions across and beyond the territorial borders a
75 has been put in the IT Act to tackle such situations, whic
have been comprehended hitherto. To tackle cross-border ki
was made. Now to tackle cross-border crimes through w
been made. An example can be taken of that of Brazil wher
move78 to enact the E-Commerce Bill79 whereby article 1 3 p
the consumer law to be applicable to electronic comm
effectively, it has been argued,80 will bring anyone, be it th
the consumer, who is party to an electronic commercia
regardless of the place in which such party is located in
within the scope of the Brazilian Consumer Code81 .
Thus, the new concept of cyber jurisdiction is being cont
not just by India but many other states and has been effect
necessity due to the peculiarity of the Internet, which perm
of the crime from any part of the world with its cons
terminating effect in any other part of the world without a
Section 75 of the IT Act, in such situations, could do well in
Indian courts the required jurisdiction once , the accused
brought within physical boundaries of the country.
VI Conclusion
Giving birth to new technologies is the work of the inventors. Making

use óf those technologies for more advanced and drastic crimes is the
craftwork of the criminals. Controlling such crimes is the result of the
interplay of the legislature, executive and judiciary. It is a circle. The
society grinds in between this circle with different emotions and reactions.
Sometimes, with awe as a new invention springs up, then with distrust
when the invention is used for anti-social activities and then with hope
as the big brother nails down the criminals with the shackles of law.
That is how the telegraph was looked at. This is how the Internet is
being looked at. This is how the future technologies will be looked at.
However, the timeframe between each activity is enormous. In between
these time frames, the wrongdoer is able to gain the maximum. However,
as the wheels of justice become operational with proper oiling of the
78. São Paulo section of the Brazilian Bar Association (OAB-SP) has prepared
a draft bill project, which was submitted to the Brazilian Congress in order to
regulate e-commerce, electronic signatures and electronic documents
79. Draft Bill No. 1589.
80. Froehnor, Juliano, The Potentiality of the Online Dispute Resolution System
for Cyber conflicts: A Personal Analvsis . Julv 2000 at 16-18
81. Law no. 8.078/1990.
2002] INDIAN INFORMATION TECHNOLOGY ACT. 2000 379
law and evidence, such unsociable activities are forced to re

on a cautious note, they never tend to cease.
Expecting the cyber crimes to come to an end is figh
reality, against the inevitable. What the author has attempt
preview of how the IT Act might be played around and be i
the light of new and varied cyber crimes springing up in
to nail down the cyber offender has been passed and enfor
needs proper execution and implementation. Cases have alr
coming up. There are many to criticize the IT Act right n
to meaningfully interpret it in the light of Indian co
circumstances and by understanding the technology itself
tailor-made IT jurisprudence in India. Today, India is gearin
of the IT super-powers and an efficacious legal support
requires to become one. In view of the author the time ha
that support.

Cyber World

Uploaded by

Copyright:

Available Formats

Cyber World

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber World

Uploaded by

Copyright:

Available Formats

INDIAN INFORMATION TECHNOLOGY ACT, 2000 CRIMINAL PROSECUTION MADE EASY

FOR CYBER PSYCHOS

INDIAN INFORMATION TECHNOLOGY ACT, 2000

THE AIM of this paper is to focus on provisions relating to crimin

The information technology explosion in the country has been

* LL.M. (Harvard), Advocate, Supreme Court of India and High Court o

rate in the next four years. The Asia-Pacific region will ge

I Introduction to the IT Act

The Act was passed to facilitate e-commerce. It gives legal

(a) accesses or secures access to such computer, computer

(h) charges the services availed of by a person to the account of

(b) by any means to usurp the normal operation of the computer,

in a computer, computer system or computer network;

II Virtual commotion in prosecuting cyber criminals

India is one of the few countries7 to bring about a cyber legislation

Ill Cyber crimes - introduction

Information technology offences have been taken to encompass any

7. Australia, Austria, Belgium, Canada, China, Denmark, Finland, France,

computer system.8 Cyber crimes have been on a rise at

8. Council of Europe: Recommendation No. R (95) 13 concerning problems of

emphasized by Judge Preska as he aptly noted, "Judges a

Cyber crimes - theft

Cyber theft refers to unauthorized acquiring of any information

one is able to access the computer system, the act of copying,

attempting to prove Internet hours as a moveable prop

(b) Can ISPs be held responsible in case of theft of passw

24. If any person, intending - (a) to prevent or obstruct the transmission or

Case situation : X, a computer user, unauthorizedly gains acc

Firstly, section 43(a) of the IT Act makes a person liable if he,

the unauthorized user, here, X. Also, the value of the informa

Cyber crimes - hacking: section 6627 of the IT Act

Section 66 has been drafted in wide terms and covers a pr

There is a contract between the Internet service provider (hereinafter

In the IT industry, the CEOs of companies which are in the web-

31. Prabhakar Sinha & N. Vidyasagar, "Hacking under Section 66 creates

One fails to understand this interpretation. Section 66 st

35. National Association of Software and Sefrvice Companies, the

Case situation # 2 - MTX virus case:

The question is whether the accused can at all be rounded up for

under the common law of torts? Alternatively, would it be acc

Cyber crimes - spamming

You get up one morning, check your e-mail and

choose to receive it. Most spam is commercial advertising.43

(A) The Internet service providers: They have a critical int

43. Scott Hazen Mueller, "What is Spam ?", at http://spam.

prefer an alternative service provider and lesser number of spa

there won't be any denial of e-mail service. However, the user

messages across the wires, for the purpose of commercial a

IV Digital discovery and law enforcement agencie

In criminal prosecutions, discovery procedure and une

53. See, http://cyber.law.harvard.edu/digitaldiscovery/CLE.html.

litigation areas as well, how much important and devastating

55. Mike Dockery, "Digital Discovery and Recovery, A New Kind of

Though the Indian government is patting itself on the back fo

or change their phone number64 rather than trailing the gu

this approach needs a drastic change - a change from * bein

V Cyber jurisdiction in cyber crime cases:

One of the intriguing provisions of the Act seems to be section 75