A Brief Introduction to Cyber laws in India.

1. Made By: Nikhil Naren
Legal Intern
Hindustan Times Media
Limited
“Even since man began to modify their lives by using technology they
have found themselves in a series of technological traps”
-Roger Revelle

2. Introduction
 In India, Cyber-Laws are contained in
the Information and Technology Act,
2000 which came into force on October
17, 2000.
 It is an outcome of a resolution dated
30th January 1997 of the General
Assembly of the United Nations which
adopted the modern law on electronic
commerce.

3. Genesis of I.T Legislation in
India
 Mid 90’s saw an impetus in globalization and computerisation,
with more and more nations computerizing their governance,
and e-commerce seeing an enormous growth. Until then, most
of international trade and transactions were done through
documents being transmitted through post and by telex only.
Evidences and records, until then, were predominantly paper
evidences and paper records or other forms of hard-copies only.
With much of international trade being done through electronic
communication and with email gaining momentum, an urgent
and imminent need was felt for recognizing electronic records
i.e the data what is stored in a computer or an external storage
attached thereto. The United Nations Commission on
International Trade Law (UNCITRAL) adopted the Model Law
on e-commerce in 1996. The General Assembly of United
Nations passed a resolution in January 1997 inter alia,
recommending all States in the UN to give favourable
considerations to the said Model Law, which provides for
recognition to electronic records and according it the same
treatment like a paper communication and record.

4. Objectives of I.T Legislation in
India
 It is against this background the Government of India
enacted its Information Technology Act 2000 with the
objectives as follows, stated in the preface to the Act
itself.
 “to provide legal recognition for transactions carried out by
means of electronic data interchange and other means of
electronic communication, commonly referred to as
"electronic commerce", which involve the use of
alternatives to paper-based methods of communication
and storage of information, to facilitate electronic filing of
documents with the Government agencies and further to
amend the Indian Penal Code, the Indian Evidence Act,
1872, the Bankers' Books Evidence Act, 1891 and the
Reserve Bank of India Act, 1934 and for matters
connected therewith or incidental thereto.”

5. 2008 Amendment:
Being the first legislation in the nation on technology, computers and ecommerce
and e-communication, the Act was the subject of extensive debates, elaborate
reviews and detailed criticisms, with one arm of the industry criticizing some
sections of the Act to be draconian and other stating it is too diluted and lenient.
There were some conspicuous omissions too resulting in the investigators relying
more and more on the time-tested (one and half century-old) Indian Penal Code
even in technology based cases with the I.T. Act also being referred in the
process and the reliance more on IPC rather on the ITA.
Thus the need for an amendment – a detailed one – was felt for the I.T. Act
almost from the year 2003-04 itself. Major industry bodies were consulted and
advisory groups were formed to go into the perceived lacunae in the I.T. Act and
comparing it with similar legislations in other nations and to suggest
recommendations. Such recommendations were analysed and subsequently
taken up as a comprehensive Amendment Act and after considerable
administrative procedures, the consolidated amendment called the Information
Technology Amendment Act 2008 was placed in the Parliament and passed
without much debate, towards the end of 2008 (by which time the Mumbai
terrorist attack of 26 November 2008 had taken place). This Amendment Act got
the President assent on 5 Feb 2009 and was made effective from 27 October
2009.

6. Features of the
Amendment:
Some of the notable features of the ITAA are as follows:
• Focussing on data privacy
• Focussing on Information Security
• Defining cyber café
• Making digital signature technology neutral
• Defining reasonable security practices to be followed by corporate
• Redefining the role of intermediaries
• Recognising the role of Indian Computer Emergency Response Team
• Inclusion of some additional cyber crimes like child pornography and cyber
terrorism
• authorizing an Inspector to investigate cyber offences (as against the DSP
earlier)

7. Indian Cases:
The Twitter case: Mr.Ravi Srinivasan posted a tweet to his 16 followers saying
that Karti Chidambaram, (Polititian belonging from Congress party) and son of
Finance Minister P Chidambaram, had "amassed more wealth than Vadra". Karti
Chidambaram did not take the tweet in good wit and filed a police complaint
against it. Mr Srinivasan was arrested for the same. He was charged under
Section 66A of India's Information Technology Act, and demanded 15 days of
police custody. This allegation could have been tackled through India's libel
laws, but since that route takes time and money, the offended politician instead
used the police department to take care of the "problem" by using the "sweeping
power" of Section 66A of the IT Act of 2000. On the face of it, this safeguards
citizens against online harassment. In reality, the law is more often used by the
state as a weapon against dissent. In each such case, police action has been
swift and harsh.
There's nothing "reasonable" about arresting someone rather than following the
"constitutional/legal remedies" set up by India's libel law. This is simple thug
tactics being deployed by someone operating without fear of reprisal. Section
66A needs to be cleaned up if freedom of speech and privacy are going to be
protected, rather than just paid lip service at convenient intervals.

8. Minister Mamata Banerjee’s Case: The West Bengal government led by Chief
Minister Mamata Banerjee used Section 66A against a teacher who had emailed
to friends a cartoon that was mildly critical of her. Loosely worded laws, ostensibly
designed to "protect" citizens, usually devolve into tools of censorship. For some
strange reason, those with the most power are the ones who feel the most
"threatened" by open criticism and dissent. It's little wonder that legislators are
more than willing to push through open-ended "cyber laws" that can be bent to fit
any situation. The end result is this fact, which is perhaps least surprising of all.
Mumbai’s Facebook Case: An apparently innocent post on Facebook
questioning Mumbai shutdown after the death of Shiv Sena supremo Bal
Thackeray had landed two females in woe. The Palghar police in neighbouring
Thane on Sunday arrested Shaheen Dhada and her friend Renu charging them
with hurting religious sentiments, apparently under pressure from Shiv Sainiks.
The police action had conjured widespread outrage. The girls were also charged
under the IT Act. Shaheen had reportedly written on her Facebook wall that
"People like Thackeray are born and die daily, and one should not observe a
'bandh' for that". Renu was arrested for liking the post. The two were sentenced to
14-day judicial custody. However, they were granted bail soon after they furnished
personal bonds.

9. Terming the police action against the girls as absurd, Press Council of India chief
Markandey Katju asked Maharashtra chief minister Prithviraj Chavan to look into the
issue. When asked whether the charge of hurting religious sentiments against the
girls was appropriate, Shinde said: "Though the offence did not hurt the religious
sentiments in the proper sense of the word, it hurt the sentiments of a particular
group."
Telecom and IT minister Kapil Sibal said he was deeply saddened by the arrest of
the two girls over the Facebook post questioning Mumbai's shutdown over Shiv
Sena patriarch Bal Thackeray's funeral and said the IT Act should not be used to
throttle dissent.”

10. Other Acts Amended by ITA:
The Indian Penal Code, 1860: Normally referred to as the IPC, this is a very
powerful legislation and probably the most widely used in criminal
jurisprudence, serving as the main criminal code of India. Enacted originally in
1860 and amended many time since, it covers almost all substantive aspects
of criminal law and is supplemented by other criminal provisions. In
independent India, many special laws have been enacted with criminal and
penal provisions which are often referred to and relied upon, as an additional
legal provision in cases which refer to the relevant provisions of IPC as well.
ITA 2000 has amended the sections dealing with records and documents in
the IPC by inserting the word ‘electronic’ thereby treating the electronic records
and documents on a par with physical records and documents. The Sections
dealing with false entry in a record or false document etc (eg 192, 204, 463,
464, 464, 468 to 470, 471, 474, 476 etc) have since been amended as
electronic record and electronic document thereby bringing within the ambit of
IPC, all crimes to an electronic record and electronic documents just like
physical acts of forgery or falsification of physical records.
In practice, however, the investigating agencies file the cases quoting the
relevant sections from IPC in addition to those corresponding in ITA like
offences under IPC 463,464, 468 and 469 read with the ITA/ITAA Sections 43
and 66, to ensure the evidence or punishment stated at least in either of the
legislations can be brought about easily.

11. The Indian Evidence Act 1872: This is another legislation amended by the ITA.
Prior to the passing of ITA, all evidences in a court were in the physical form only.
With the ITA giving recognition to all electronic records and documents, it was but
natural that the evidentiary legislation in the nation be amended in tune with it. In
the definitions part of the Act itself, the “all documents including electronic records”
were substituted. Words like ‘digital signature’, ‘electronic form’, ‘secure electronic
record’ ‘information’ as used in the ITA, were all inserted to make them part of the
evidentiary mechanism in legislations.
Admissibility of electronic records as evidence as enshrined in Section 65B of the
Act assumes significance. This is an elaborate section and a landmark piece
of legislation in the area of evidences produced from a computer or electronic
device. Any information contained in an electronic record which is printed on a
paper, stored, recorded or copied in optical or magnetic media produced by a
computer shall be treated like a document, without further proof or production of
the original, if the conditions like these are satisfied: (a) the computer output
containing the information was produced by the computer during the period over
which the computer was used regularly .... by lawful persons.. (b)the information
...derived was regularly fed into the computer in the ordinary course of the said
activities; (c) throughout the material part of the said period, the computer was
operating properly ......and ......a certificate signed by a person .....responsible.....
etc.

12. To put it in simple terms, evidences (information) taken from computers or
electronic storage devices and produced as print-outs or in electronic media are
valid if they are taken from system handled properly with no scope for
manipulation of data and ensuring integrity of data produced directly with or
without human intervention etc and accompanied by a certificate signed by a
responsible person declaring as to the correctness of the records taken from a
system a computer with all the precautions as laid down in the Section.
However, this Section is often being misunderstood by one part of the industry to
mean that computer print-outs can be taken as evidences and are valid as proper
records, even if they are not signed. We find many computer generated letters
emanating from big corporate with proper space below for signature under the
words “Your faithfully” or “truly” and the signature space left blank, with a Post
Script remark at the bottom “This is a computer generated letter and hence does
not require signature”.
The Act does not anywhere say that ‘computer print-outs need not be
signed and can be taken as record’.

13. The Bankers’ Books Evidence(BBE) Act 1891: Just like in the Indian Evidence
Act, the provisions in Bankers Books Evidence Act make the printout from a
computer system or a floppy or disc or a tape as a valid document and evidence,
provided, such print-out is accompanied by a certificate stating that it is a true
extract from the official records of the bank and that such entries or records are
from a computerised system with proper integrity of data, wherein data cannot be
manipulated or accessed in an unauthorised manner or is not lost or tamperable
due to system failure or such other reasons.
Here again, let us reiterate that the law does not state that any computerised
print-out even if not signed, constitutes a valid record. But still even many banks
of repute (both public sector and private sector) often send out printed letters to
customers with the space for signature at the bottom left blank after the line
“Yours faithfully” etc and with a remark as Post Script reading: “This is a computer
generated letter and hence does not require signature”. Such interpretation is
grossly misleading and sends a message to public that computer generated
reports or letters need not be signed, which is never mentioned anywhere in nor
is the import of the ITA or the BBE.

14. Reserve Bank of India Act, 1934: Section 58 of the
Act sub-section (2), after clause (p), a clause relating to the regulation of funds
transfer through electronic means between banks (ie transactions like RTGS
and NEFT and other funds transfers) was inserted, to facilitate such electronic
funds transfer and ensure legal admissibility of documents and records therein.

15. Shortcomings:
While there are many legislations in not only many Western countries but
also some smaller nations in the East, India has only one legislation -- the
ITA and ITAA. Hence it is quite natural that many issues on cyber crimes and
many crimes per se are left uncovered. Many cyber crimes like cyber
squatting with an evil attention to extort money. Spam mails, ISP’s liability in
copyright infringement, data privacy issues have not been given adequate
coverage. Besides, most of the Indian corporate including some Public
Sector undertakings use Operating Systems that are from the West
especially the US and many software utilities and hardware items and
sometimes firmware are from abroad.
In such cases, the actual reach and import of IT Act Sections dealing with a
utility software or a system software or an Operating System upgrade or
update used for downloading the software utility, is to be specifically
addressed, as otherwise a peculiar situation may come, when the user may
not know whether the upgrade or the patch is getting downloaded or any
spyware getting installed. The Act does not address the government’s policy
on keeping the backup of corporates including the PSUs and PSBs in our
county or abroad and if kept abroad, the subjective legal jurisprudence on
such software backups.

16. We find, as has been said earlier in the chapter, that most of the cyber crimes in
the nation are still brought under the relevant sections of IPC read with the
comparative sections of ITA or the ITAA which gives a comfort factor to the
investigating agencies that even if the ITA part of the case is lost, the accused
cannot escape from the IPC part.
To quote the noted cyber law expert in the nation and Supreme Court advocate
Shri Pavan Duggal,
“While the lawmakers have to be complemented for their admirable work
removing various deficiencies in the Indian Cyber law and making it
technologically neutral, yet it appears that there has been a major mismatch
between the expectation of the nation and the resultant effect of the amended
legislation. The most bizarre and startling aspect of the new amendments is that
these amendments seek to make the Indian cyber law a cyber crime friendly
legislation; - a legislation that goes extremely soft on cyber criminals, with a soft
heart; a legislation that chooses to encourage cyber criminals by lessening the
quantum of punishment accorded to them under the existing law; ….. a
legislation which makes a majority of cybercrimes stipulated under the IT Act as
bailable offences; a legislation that is likely to pave way for India to become the
potential cyber crime capital of the world……”