This document provides an overview of cyber law in India, specifically the Information Technology Act of 2000. It discusses:
- The objectives and structure of the IT Act, including its 13 chapters and sections dealing with cyber crimes and penalties.
- Common types of cyber crimes like hacking, phishing, spamming, and those related to privacy, property, persons, and public decency.
- Sections of the Indian Penal Code that are applicable for cyber crimes.
- Case studies and amendments made to the IT Act through the years to address evolving cyber threats.
- The roles and initiatives of agencies like CERT-IN to strengthen cyber security and awareness in India.
1. Cyber Law in India
(Information Technology Act, 2000)
Includes Offences and Relevant Penal Sections [IT Act & IPC] in Cyber Crime
Rahul Kailas Bharati
Designation: Class I Gazetted Officer (MES, Group-A)
Head and Assistant Professor in Law
Department of Law
Government Institute of Forensic Science, Aurangabad
Department of Higher and Technical Education,
Government of Maharashtra
E-mail : rahulbharati.2009 @gmail. Com
rahul.bharati@gov.in
Mo : 9420801318
Government Institute
of Forensic Science,
Aurangabad
2. Information Technology Act,
2000
Enacted on 17th October 2000- India
is 12th nation in the world to adopt
cyber laws.
IT Act is based on Model law on e-
commerce adopted by UNCITRAL.
UNCITRAL = United Nation
commission on International Trade
Law
3. Structure of IT Act, 2000
Total 13 Chapters and 90 sections
Sections 91 to 94 deal with the
amendments to the four Acts namely
Indian Penal Code 1860, The Indian
Evidence Act 1872, The Bankers’
Books Evidence Act 1891 and the
Reserve Bank of India Act 1934.
Section 91 to 94 omitted by
IT(Amendment) Act, 2008.
4. Objectives of passing India’s
Cyber Law (IT Act, 2000)
To provide legal recognition for
transactions:-
• Carried out by means of electronic data
interchange, and other means of electronic
communication, commonly referred to as
"electronic commerce”.
• To facilitate electronic filing of documents
with Government agencies and E-Payments.
• To amend the Indian Penal Code, Indian
Evidence Act,1872, the Banker’s Books
Evidence Act 1891,Reserve Bank of India
Act ,1934
5. Arrangement of Chapters in IT
Act
Chapter I : Preliminary Sections
Chapter II : Digital Signature and
Electronic Signature Sec. 3& 3 A)
Chapter III : Electronic Governance
(Secs.4 to 10 A)
Chapter IV : Attribution,
Acknowledgment And dispatch of
electronic records (Secs.11 to 13)
6. Chapter V : Secure electronic records
and electronic signature (Secs. 14 to
16)
Chapter VI : Regulation of Certifying
authorities (Secs. 17 to 34)
Chapter VII : Electronic Signature
Certificates (Secs. 35 to 39)
Chapter VIII : Duties of Subscriber
(Secs. 35 to 39)
Chapter IX : Penalties and
Adjudication (Secs. 43 to 47)
7. Chapter X : The Appellate Tribunal
(Secs. 48 to 64)
Chapter XI : Offences (Secs. 65 to 78)
Chapter XII : Liability of Intermediaries
(Secs. 79) = Information Technology
(Intermediary Guidelines and Digital
Media Ethics Code) Rules, 2021
Chapter XIIA : Examiner of Electronic
Evidence
Chapter XIII : Miscellaneous (Secs. 80
to 90)
8. Cyber crime
The term Cyber Crime refers to an
illegal act performed using Computer
as a means or end to perform a
violated act
Also known as Computer crime
Any offence or illegal act committed
using the electronic device is known
as cybercrime.
9.
10. Reasons behind Cybercrime
Make quick money
Cause an individual to think what he/she
believes in
Steal a person’s identity
Deny the assess to previous regulatory
Lack of reports and standards
Utilize the technical framework, perform
illegal activities
Proceed wrong prosecution against
authorized enquiry
Make personal Identification highly
complex
Restrict media coverage
12. History of Cybercrime in India
India witnessed more cyber security
threats and incidents.
Approximately close to 27000 incidents
in the first half of 2017.
As per the report by Indian Computer
Emergency Response Team ( CERT –
In),the number of cyber security
incidents is :-
In 2014 – 44679,
In 2015 – 49455
In2016 – 50362
In 2017 - 53081
17. E-mail Spamming
• Email spamis also well-known as
junk email or Unsolicited Bulk Email
(UBE)
• Flooding the web with different
copies of similar messages is
known as spam.
18. Email Bombing
• Email Bombing occurs by
transmitting threatening emails
It is characterized by a user
transmitting the huge volumes of email
to a target address resulting in victim’s
email account or mail server crashing.
19. Phishing
• A taskof extracting confidential
information by impersonating as
a legitimate activity
• It tries to fool people into parting with
their money by email spoofing.
20. Vishing
• Vishing is also known as Voice
Phishing
• It engages calls to victims by using
fake identity for fooling them
• Considers the call to be from
a trustworthy organization
• One mustbe cautious about
unsolicited mobile calls with
uncertainty
• Never make available any private
21. Cyber Stalking and Cyber
Defamation
•Cyber Stalking - utilization of the
web or the other electronic use
device to stalk someone
Cyber Defamation occurs when
defamation is achieved with help
of the computers or the Internet.
22. Cyber Squatting, Cyber
Vandalism and Cyber
Extortion
• Cyber squatting – illegal registration
of domain name and usage
• Vandalism – involves deliberate
destruction or damage to public or
private property
• Cyber Extortion – involves an attack
or threat coupled with a demand for
money or some other response in
return for stopping or remediating the
attack
25. IT Act (chapter XI ) : Offences
Three parts:
Where computer
/server/communication device is
object/target.
(Secs.65,66,66F ,70)
Sec.65 . Tampering with computer
source documents.
Penalty : Imprisonment up to 3years or
fine up to two lakhs rupees or both.
Case : Syed Asifuddin v. State of A.P.,
26. Sec.66. Computer related offences
( Dishonest and fraudulent intension)
Includes destruction, damage, disruption,
denial, deletion, concealment, stealing
of information.
Examples : Cyber spying, Data theft,
Denial of Service Attacks (Dos),
Ramsomware, Virus attack.
Penalty : Imprisonment up to 3years or a
fine up to 5lakhs rupees or both.
27. Sec.66 F. Cyber Terrorism
Illegal Activities with the computer
resource with intent to threaten the
unity, integrity, security or sovereignty
of India
Penalty : Imprisonment for life.
Example : 26/11 attacks on Taj and
Trident Hotel.
28. Where crime is committed using a
computer / communication device
Three sub parts :
a) Offences affecting the human
body/person :
Sec.66 A. and Sec. 66 E (Added by
2008 Amendment Act)
29. Sec.66 A : Punishment for sending
offensive messages through
communication service
Messages which are grossly offensive
sent through emails, SMS, blogs,
tweets.
Examples : cyber stalking, morphing of
images, unsolicited e-mails.
Penalty : 3 year imprisonment and with
fine.
30. Challenge to the Constitutionality
of Sec. 66A
Shreya Singhal v. Union of India,
2015
Supreme Court of India Struck down
Sec 66A as violative of Art. 19(1)(a) of
the Constitution of India on 24th March
2015.
31. Sec. 66 E. Punishment for violation
of privacy
Intentionally capturing , publishing or
transmitting pictures of private parts of
person without consent.
Examples : Installation of spy
cams/hidden cameras inside wash
rooms, bedrooms, changing rooms,
hotel rooms.
Penalty : Imprisonment up to 3 years or
fine not exceeding 2 lakh rupees or
both.
32. b) Offences affecting property
Sec.66 B, 66 C, 66 D.
Sec.66B : Punishment for dishonestly
receiving stolen computer resource.
Sec.66C : Punishment for identity
theft (Fraudulently making use of
password)
Examples : phishing, data theft.
Sec. 66D : Punishment for cheating
by personation
33. Examples of Sec. 66D :
Creation of clone website to capture
personal information, Intentionally
creating a fake profile on matrimonial
social networking sites with intention
to cheat that person.
Penalty for above three sections :
Imprisonment up to 3 years and fine up
to one lakh rupees.
34. c) Offences affecting Decency
and Morals
Sec.67, 67A , 67 B.
Sec.67. punishment for publishing or
transmitting obscene material in
electronic form.
Penalty :
First conviction : 3 year imprisonment
with fine up to 5 lakh rupees .
Second Conviction : 5year
imprisonment and fine up to 10 lakh
rupees
35. Sec. 67 and Bazee Case.
Sec. 67 A : Punishment for publishing /
transmitting of material sexually explicit
act in electronic form.
Penalty :
First conviction : 5 years and fine may
extend to 10 lakh rupees.
Second conviction: 7years and fine may
extend to 10 lakh rupees.
36. Sec. 67 B. Punishment for publishing
or transmitting material depicting
children in sexually explicit act in
electronic form. (Child Pornography)
Penalty :
First Conviction : 5 years imprisonment
with fine up to 10 lakh rupees.
Second conviction : 7 years
imprisonment and fine up to 10 lakh
Rupees.
37. Section 69 A –Blocking of
Chinese Apps
Government’s Ministry of Electronics and
Information Technology banned 59 Chinese
apps, including TikTok, WeChat, and UC
Browser, it did so through the powers of
one law.
These apps were banned under Section
69A of the Information Technology Act,
2000 because “they are engaged in
activities which are prejudicial to
sovereignty and integrity of India, defence
of India, security of state and public order.”
38. As India-China tensions keep rising across the
Line of Actual Control (LAC), it is important to
understand the powers of such a law.
Section 69A of the Information Technology Act,
2000, was introduced by an amendment to the
Act in 2008. It gives the Central government the
power to block public access to any information
online — whether on websites or mobile apps.
The detailed procedures to do so are listed under
the Information Technology (Procedure and
Safeguards for Blocking Access of Information by
Public) Rules, 2009. Apart from this, a court may
also issue directions for blocking information
online. The Department of Telecommunications,
too, can issue blocking orders to internet service
providers, to enforce licensing conditions.
39. Common Cyber-crime scenarios and
Applicability of Legal Sections
Harassment via fake public profile on
social networking site
A fake profile of a person is created on a
social networking site with the correct
address, residential information or
contact details but he/she is labeled as
‘prostitute’ or a person of ‘loose
character’. This leads to harassment of
the victim.
Provisions Applicable:- Sections 67 of
IT Act and Section 509 of the Indian
40. Email Account Hacking
If victim’s email account is hacked and
obscene emails are sent to people in
victim’s address book.
Provisions Applicable:- Sections 43,
66, 66C, 67, 67A and 67B of IT Act.
Credit Card Fraud
Unsuspecting victims would use
infected computers to make online
transactions.
Provisions Applicable:- Sections 43,
66, 66C, 66D of IT Act and section 420
41. Web Defacement
The homepage of a website is
replaced with a pornographic or
defamatory page. Government sites
generally face the wrath of hackers on
symbolic days.
Provisions Applicable:- Sections 43
and 66 of IT Act and Sections 66F, 67
and 70 of IT Act also apply in some
cases.
42. Introducing Viruses, Worms,
Backdoors, Rootkits, Trojans, Bugs
All of the above are some sort of
malicious programs which are used to
destroy or gain access to some
electronic information.
Provisions Applicable:- Sections 43,
66, 66A of IT Act and Section 426 of
Indian Penal Code.
43. Cyber Pornography
Among the largest businesses on
Internet. Pornography may not be illegal
in many countries, but child pornography
is.
Provisions Applicable:- Sections 67, 67A
and 67B of the IT Act.
Phishing and Email Scams
Phishing involves fraudulently acquiring
sensitive information through
masquerading a site as a trusted entity.
(E.g. Passwords, credit card information)
Provisions Applicable:- Section 66, 66D
of IT Act and Section 420 of IPC
44. Theft of Confidential Information
Many business organizations store
their confidential information in
computer systems. This information is
targeted by rivals, criminals and
disgruntled employees.
Provisions Applicable:- Sections 43,
66, 66B of IT Act and Section 426 of
Indian Penal Code.
45. Cyber Security measures taken
by Indian Govt.
National Cyber Policy in 2013
Enactment of IT Act, 2000
Setting up of CERT-In and National
Critical Information Infrastructure
Protection Centre (NCIIPC)
Setting up National Cyber Coordination
Centre
Implementing ''Information Security
Education and Awareness (ISEA)’ project
to train professionals / government
officials and create mass information
security awareness among citizens
46. Sr. No. Nature of Complaint Applicable
Section and
punishment
under IT Act
Applicable
Sections under
other Laws
1 Mobile phone lost/stolen Section 379 IPC up to
3
years imprisonment or
fine or both
2 Receiving stolen
computer/mobile phone
/data (data or computer or
mobile phone owned by
you is found in the hands
of someone else
Section 66 B of IT Act
2000 – Up to 3
years imprisonment or
Rupees one lakh fine
or both
Section 411 IPC – up
to 3 years
imprisonment or fine
or both
3 Data owned by you or your
company in any form is
stolen
Section 66 of IT Act
2000 - Up to 3 years
imprisonment or fine
up to Rupees five lakh
or both
Section 379 IPC up to
3
years imprisonment or
fine or both
4 A password is stolen and
used by someone else for
fraudulent purpose
Section 66C of IT Act
2000 - Up to 3 years
imprisonment or
Rupees one lakh fine
Section 66 D of IT Act
2000 - Up to 3 years
imprisonment or
Rupees One Lakh fine
Section 419 IPC –
upto 3 years
imprisonment or fine
Section 420 IPC -
upto 7 years
imprisonment or fine
47. 5 An e-mail is read by someone else
by
fraudulently making use of
password
Section 66 of IT Act
2000 - Up to 3 years
imprisonment or
fine up to Rupees
five lakh or both
Section 66C of IT
Act 2000 - Up to 3
years imprisonment
or Rupees one
lakh fine
6 A bio metric thumb
impression is misused
Section 66C of IT Act
2000 - Up to 3 years
imprisonment or
Rupees one lakh fine
7 An electronic signature of
digital signature is misused
Section 66C of IT Act
2000 - Up to 3 years
imprisonment or
Rupees one lakh fine
8 A Phishing e-mail is sent out in your
name, asking for login credentials
Section 66 D of IT Act
2000 - Up to 3 years
imprisonment or
Rupees one lakh fine
Section 419 IPC –
upto 3 years
imprisonment or fine
9 Capturing, publishing or transmitting
the image of a private area without any
person’s consent or knowledge
Section 66 E of IT Act
2000 - Up to 3 years
imprisonment or fine
not exceeding
Rupees two lakh or
Section 292 IPC- upto
2
years imprisonment
and
fine Rupees 2000 and
48. 10 Tampering with computer source
document
Section 65 of IT Act
2000 - Up to 3 years
imprisonment or fine
upto rupees two lakh
or both
Section 66 of IT Act
2000 - Up to 3 years
imprisonment or fine
up to
Rupees five lakh or
both
11 Data Modification Section 66 of IT Act
2000 - Up to 3 years
imprisonment or fine
up to Rupees five lakh
or both
12 Publishing or transmitting obscene
material in electronic form
Section 67 of IT Act
2000 – first conviction
up to 3 years and 5
lakhs Second and
subsequent conviction
–upto 5 years and upto
10 lakhs
Section 292 IPC- upto
2 years imprisonment
and fine Rupees 2000
and upto 5 years and
rupees 5000 for
second and
subsequent
conviction
13 Publishing or transmitting of material
containing sexually explicit act, etc. in
electronic form
Section 67 of IT Act
2000 – first conviction
up to 3 years and 5
lakhs Second and
subsequent conviction
– upto 5 years and
Section 292 IPC- upto
2 years imprisonment
andfine Rupees 2000
and upto 5 years and
rupees 5000 for
second and
49. 14 Publishing or transmitting of
material depicting children in
sexually explicit act, etc. in
electronic form
Section 67 B of IT
Act 2000 – first
conviction upto 5
years and upto 10
Lakhs Second and
subsequent
conviction –
upto 7years and
upto 10 lakhs
Section 292 IPC-
upto 2 years
imprisonment and
fine Rupees 2000
and upto 5 years
and rupees 5000
for second and
subsequent
conviction
15 Misusing a Wi-Fi connection - if done
against State
Section 66 of IT Act
2000 - Up to 3 years
imprisonment or fine
up to Rupees five
lakh or both Section
66F of IT ACT 2000 –
life
imprisonment
16 Planting a computer virus- if done
against the State
Section 66 of IT Act
2000 - Up to 3
years imprisonment
or fine up to Rupees
five lakh or both
Section 66F of IT ACT
2000 – life
imprisonment
17 Conducting a denial of service attack
against a government computer
Section 66 of IT ACT
2000 - Up to 3 years
imprisonment or fine
up to Rupees five
lakh or both Section
50. 18 Conducting a denial of service
attack against a government
computer
Section 66 of IT ACT
2000 - Up to 3
years imprisonment
or fine up to Rupees
five lakh or both
Section 66F of IT
ACT 2000 – life
imprisonment
19 Stealing data from a government
computer that has significance from
national security perspective
Section 66 of IT ACT
2000 - Up to 3 years
imprisonment or fine
up to Rupees five lakh
or both Section 66F of
IT ACT 2000 – life
imprisonment
20 Bogus websites cyber frauds Section 66 D of IT
ACT 2000 - Up to 3
years imprisonment or
Rupees one lakh fine
Section 419 IPC –
upto 3 years
imprisonment or fine
Section 420 IPC - upto
7 years imprisonment
or fine
21 E-mail spoofing Section 66C of IT ACT
2000 - Up to 3 years
imprisonment or
Rupees one lakh fine
Section 465 IPC –
upto 2 years or fine or
both
Section 468 IPC –
upto 7 years
imprisonment and
fine
51. RBI Guidelines during
Fraudulent Transactions
SMS on Customer Liability in Unauthorized Electronic
Banking Transactions: Notify your bank immediately.
For more details, give a missed call on 14440.
If someone has fraudulently withdrawn money from your
bank account, inform your bank immediately. When you
notify the bank, remember to take acknowledgement from
your bank. The bank has to resolve your complaint within
90 days from the date of receipt.
If the transaction has happened because of your
negligence, that is, because of your sharing your
password, PIN, OTP , etc., you will have to bear the loss
till you report it to your bank. If the fraudulent transactions
continue even after you have informed the bank, your
bank will have to reimburse those amounts. If you delay
the reporting, your loss will increase and it will be decided
based on the RBI guidelines and the policy approved by
52. Zero Liability of a Customer:
Where the unauthorized transaction occurs in the
following events:
Contributory fraud/ negligence/ deficiency on the
part of the bank (irrespective of whether or not the
transaction is reported by the customer).
Third party breach where the deficiency lies neither
with the bank nor with the customer but lies
elsewhere in the system, and the customer notifies
the bank within three working days of receiving
the communication from the bank regarding the
unauthorized transaction.
53. Limited Liability of a Customer:
In cases where the loss is due to negligence by a
customer, such as where he has shared the payment
credentials, the customer will bear the entire loss
until he reports the unauthorized transaction to the
bank. Any loss occurring after the reporting of the
unauthorized transaction shall be borne by the bank.
In cases where the responsibility for the unauthorized
electronic banking transaction lies neither with the
bank nor with the customer, but lies elsewhere in the
system and when there is a delay (of four to seven
working days after receiving the communication
from the bank) on the part of the customer in
notifying the bank of such a transaction, the per
transaction liability of the customer shall be limited to
the transaction value or the amount specified by
bank.
54. Table
Summary of Customer’s Liability
Time taken to report the
fraudulent transaction from
the date of receiving the
communication
Customer’s liability (₹)
Within 3 working days Zero liability
Within 4 to 7 working days
The transaction value or the amount mentioned
in Table 1 whichever is lower
Beyond 7 working days As per bank’s Board approved policy