As a saying in criminology goes – “a crime will happen where and only when
the opportunity avails itself.” Until recently, we were aware of only
traditional types of crimes like murder, rape, theft, extortion, robbery, dacoity etc. But now with the development and advancement
of science and
technology there came into existence machines like computers and facilities like
internet. The internet has opened up a whole new virtual heaven for the people
good and bad, clever and naive to enter and interact with lot of diverse
cultures and sub-cultures, geography and demographics being no bar. The very
same virtues of internet when gone in wrong hands or when exploited by people
with dirty minds and malicious intentions, make it a virtual hell. Stories of
copyright theft, hacking and cracking, virus attacks and plain hoaxes etc. have
mounted up in the last few years. As a result of the rapid adoption of the
internet globally, computer crimes are multiplying like mushrooms. The law
enforcement officials have been paralyzed by the inability of the legislators to
keep cyber crime legislation ahead of the fast moving technological curve and
due to insufficient technical training. At the same time, the legislators face
the need to balance the competing interests between individual rights such as
privacy and free speech, and the need to protect the integrity of the world’s
public and private networks.
‘Cyberspace’ is the progeny of convergence of computer network and
telecommunications facilitated by the digital technologies. Internet is
increasingly being used for communication, commerce, advertising, banking,
education, research and entertainment. The growing importance of Information
Technology can be visualized from the fact that in India for the first time a
Delhi based businessman has made a digital will of the secret information saved
in his e-mail account. Digital will is a foreign concept which is gaining
momentum in India also.The ‘cyber man than’ has bestowed many gifts to
humanity but they come with unexpected pitfalls. It has become a place to do all
sort of activities which are prohibited by law like - pornography, gambling,
trafficking in human organs and prohibited drugs, hacking, infringing copyright,
terrorism, violating individual privacy, money laundering, fraud, software
piracy and corporate espionage, to name a few. This new medium which has
suddenly confronted humanity does not distinguish between good and evil, between
national and international, between just and unjust, but it only provides a
platform for the activities which take place in human society. Law as the
regulator of human behaviour has made an entry into the cyberspace and is trying
to cope with its manifold challenges.A legal framework for the cyber world
was conceived in India in the form of E-Commerce Act, 1998. Afterwards, the
basic law for the cyberspace transactions in India has emerged in the form of
the Information Technology Act, 2000 which was amended in the year 2008. The IT
Act amends some of the provisions of our existing laws i.e. the Indian Penal
Code, 1860; the Indian Evidence Act, 1872; the Bankers Book Evidence Act, 1891
and the Reserve Bank of India Act, 1934.
# Cyber Space -The term ‘cyber space’ was first used by William Gibson in his
science fiction ‘Neuromancer’ in 1982. “Cyberspace’ is the electronic medium
ofcomputer networks, in which online communication takes place and where
individuals can interact, exchange ideas, share information, provide social
support, conduct business, direct actions, create artistic media, play games,
engage in political discussions etc.According to Chip Morningstar and F.
Randall Farmer, cyberspace is defined more by social interactions involved
rather than its technical implementation. Thus, cyberspace may be described as a
conceptual collegeum where world’s information resources come together without
being seen or sensed.
- Persons in cyberspace are called netizens i.e. anyone who is
associated with computers, information technology and the Internet.
# Computer -
The term ‘computer’ is derived from the word ‘compute’ which
means to calculate. A computer is an electronic machine devised for performing
calculations and controlling operations that can be expressed either in logical
or numerical terms.
# Information Technology (IT)
-The term ‘Information Technology’ refers to
scientific, technological and engineering disciplines as well as management
technologies used in information handling, communication, processing, their
applications and associated software, equipment and their interaction. Hence IT
comprises hardware, software, people and data.
# Cyber Crime -
The term ‘cyber’ denotes the cyberspace i.e. virtual space and
means the informational space modeled through computer, in which various objects
or symbol images of information exist. It is the place where the computer
programs work and data is processed. ‘Crime’ is a legal wrong that can be
followed by criminal proceedings which may result into punishments.As per
Lord Atkin “the criminal quality of an act cannot be discovered by reference to
any standard but one, is the act prohibited with penal consequences”
v Cyber Criminal -
Unlike traditional offenders, the cyber criminals are
hi-tech knowledgeable persons who invade rights of computer users by
unauthorized access to their computer system or computer networks. Besides the
techno-criminals, the other category of cyber criminals may be as follows:
1. Children and Adolescents between the age group of 8 to 18 years,
2. Professional Hackers/Crackers, and
3. Disgruntled Employees
Statutory Provisions In India
In the knowledge society of 21st century, computer, internet and ICT or
e-revolution has changed the life style of the people. Apart from positive side
of e-revolution there is seamy side also as computer; internet and ICT in the
hands of criminals has become weapon of offence. Accordingly a new branch of
jurisprudence emerged to tackle the problems of cyber crimes in cyber space i.e.
Cyber Law or Cyber Space Law or Information Technology Law or Internet
Law.For the first time, a Model Law on E-commerce was adopted in 1996 by
United Nations Commission on International Trade and Law (UNCITRAL). It was
further adopted by the General Assembly of the United Nations by passing a
resolution on 31st January, 1997. Further, India was also a signatory to this
Model Law and had to revise its national laws as per the said model law.
Therefore, India enacted the Information Technology Act, 2000 and it was
recently amended by the Information Technology (Amendment) Act, 2008.
Aims and objectives of Information Technology Act, 2000-
1. To suitably amend existing laws in India to facilitate e-commerce.
2. To provide legal recognition of electronic records and digital signatures.
3. To provide legal recognition to the transactions carried out by means of
Electronic Data Interchange (EDI) and other means of electronic communication.
4. To provide legal recognition to business contacts and creation of rights and
obligations through electronic media.
5. To establish a regulatory body to supervise the certifying authorities
issuing digital signature certificates.
6. To create civil and criminal liabilities for contravention of the provisions
of the Act and to prevent misuse of the e-business transactions.
7. To facilitate e-governance and to encourage the use and acceptance of
electronic records and digital signatures in government offices and agencies.
This would also make the citizen-government interaction more hassle free.
8. To make consequential amendments in the Indian Penal Code, 1860 and the
Indian Evidence Act, 1872 to provide for necessary changes in the various
provisions which deal with offences relating to documents and paper based
9. To amend the Reserve Bank of India Act, 1934 so as to facilitate electronic
fund transfers between the financial institutions.
10. To amend the Banker’s Books Evidence Act, 1891 so as to give legal sanctity
for books of accounts maintained in the electronic form by the banks.
11. To make law in tune with Model Law on Electronic Commerce adopted by the
United Nations Commission on International Trade Law (UNCITRAL) adopted by the
General Assembly of the United Nations.
# Information Technology (Amendment) Act, 2008-Major Amendments are as
v Section 3A was inserted into the IT Act which allows for other means of
authenticating electronic records.
v The IT Act also made a number of amendments to the Indian Evidence Act so as
to enable production of electronic records as evidence in courtroom proceedings.
The most important of these amendments -
# Section 3 of the Indian Evidence Act, the term “evidence” now includes
# Section 47A has been inserted which provides: “Opinion as to digital
signature when relevant.- When the court has to form an opinion as to the
digital signature of any person, the opinion of the Certifying Authority which
has issued the digital signature Certificate is a relevant fact”.
# Sections 65A and 65B have been added which provide as follows:
“65A. Special provisions as to evidence relating to electronic record.”
“65B. Admissibility of electronic records.”
# Section 67A has been inserted which provides “Proof as to digital
signature.- Except in the case of a secure digital signature, if the digital
signature of any subscriber is alleged to have been affixed to an electronic
record the fact that such digital signature is the digital signature of the
subscriber must be proved.”
# Section 73A has been inserted which provides, “Proof as to
verification of digital signature.”
# Section 81A has been inserted which provides, “Presumption as to
Gazettes in electronic forms”
# Section 85A- Presumption as to electronic agreements.
# Section 85B- Presumption as to electronic records and digital
# Section 88A- Presumption as to electronic messages.
# Section 90A- Presumption as to electronic records five years old.
# Section 131 has been substituted with the new section 131 as provided
below: “Production of documents or electronic records which another person,
having possession, could refuse to produce.- No one shall be compelled to
produce documents in his possession or electronic records under his control,
which any other person would be entitled to refuse to produce if they were in
his possessions or control, unless such last-mentioned person consents to their
These changes in the Indian Evidence Act have been made to provide a legal
regime for the production of electronic records in legal proceedings in India
which provides for acceptance of electronic records as evidence, acceptance of
digital signatures, digital messages and agreements, etc.
# The Information Technology (Procedure and Safeguards for Monitoring and
Collecting Traffic Data or Information) Rules, 2009
The Information Technology (Procedure and Safeguards for Monitoring and
Collecting Traffic Data or Information) Rules, 2009 issued under section 69B of
the Information Technology Act stipulate that directions for the monitoring and
collection of traffic data or information can be issued by an order made by the
competent authority for any or all of the following purposes related to cyber
# forecasting of imminent cyber incidents;
# monitoring network application with traffic data or information on
# identification and determination of viruses or computer contaminant;
# tracking cyber security breaches or cyber security incidents;
# tracking computer resource breaching cyber security or spreading virus or computer contaminants;
# identifying or tracking any person who has breached, or is suspected
of having breached or likely to breach cyber security;
# undertaking forensic of the concerned computer resource as a part of
investigation or internal audit of information security practices in the
# accessing stored information for enforcement of any provisions of the
laws relating to cyber security for the time being in force;
# Any other matter relating to cyber security.
According to these Rules, any direction issued by the competent authority should
contain reasons for such direction and a copy of such direction should be
forwarded to the Review Committee within a period of seven working days.
Furthermore, these Rules state that the Review Committee shall meet at least
once in two months and record its finding on whether the issued directions are
in accordance with the provisions of sub-section (3) of section 69B of the IT
Act. If the Review Committee is of the opinion that the directions are not in
accordance with the provisions referred to above, it may set aside the
directions and issue an order for the destruction of the copies, including
corresponding electronic record of the monitored or collected traffic data or
Other Relevant Statutory Provisions
# The Indian Telegraph Act, 1885
The provision of the Indian Telegraph Act, 1885, (“Telegraph Act”) which is
relevant for the purpose of surveillance is Section 5 which empowers the Central
Government and State Governments of India to order the interception of messages.
In 2007, Rule 419A was added to the Indian Telegraph Rules, 1951 framed under
the Indian Telegraph Act which provided that orders on the interception of
communications should only be issued by the Secretary in the Ministry of Home
Affairs. However, it provided that in unavoidable circumstances an order could
also be issued by an officer, not below the rank of a Joint Secretary to the
Government of India, who has been authorised by the Union Home Secretary or the
State Home Secretary. Rule 419A also tried to incorporate certain safeguards to
curb the menace of unrestricted surveillance by the law enforcement authorities.
# Code of Criminal Procedure, 1973
In Cr P C, Section 91 of the Code of Criminal Procedure, 1973 regulates targeted
surveillance. Under section 91, law enforcement agencies in India can access
stored data. The Code also allows District Magistrates and Courts to issue
directions requiring document, parcel or “things” within the custody of any
postal or telegraph authority to be produced before it if needed for the purpose
of any investigation, inquiry, trial or other proceeding under the Code.
Apart from the above two statues, a number of statues provide for interception
of communications and how such intercepted communications may be used like- The
Unlawful Activities Prevention Act, 1967 allows for information collected
through interception of communications (under the IT Act or the Telegraph Act)
to be produced as evidence for an offence under the Act. However, the
intercepted communication is not admissible unless the accused is given a copy
of the order approving the interception, thus making illegal interceptions
inadmissible. Apart from this Act there are a number of state legislations such
as the Maharashtra Control of Organized Crimes Act, 1999, the Andhra Pradesh
Control of Organised Crime Act, 2001, etc.
Global Perspective To Curb Cyber Menace
Internet operations being of global nature, they do not recognize any
territorial boundaries. This enables the cyber criminals to operate beyond the
national geographic limits without being physically present at the scene of
crime. The problem of cyber crimes therefore, calls for greater international
support and cooperation. Though much has been done by the United Nations to
muster cooperation of member nations to tackle the problem of cyber criminality
as a common cause, the response from them has not really been very encouraging
excepting that there is general consciousness among the countries that where a
cyber crime involving a foreign country or countries is involved, trans-border
assistance and cooperation between the concerned countries is the only viable
alternative to prevent and control such crimes.
1. International de droit Ponel Conference in Germany (1992)- The Association
Internationale Droit Ponel (ADIP) held the collegiums on ‘Computer Crime and
Other Crimes against Information Technology’ in Wartzburg (Germany). Its report
stated that only 5% computer crimes were being reported to police.
2. Twenty-Second G-7 Summit on Cyber Crime (1996)- The member nations at the
G-7Summit on Anti-terrorism held in Leon (France) in July, 1996 resolved to
accelerate mutual consultations and cooperation through appropriate bilateral
and multi-lateral meetings on encryption that allows, when necessary, lawful
government access to data and communications in order to prevent or investigate
acts of cyber terrorism while protecting the privacy of legitimate
communications.The focus of deliberation was on protection of security of
information systems, privacy of personal data and protection of intellectual
rights of the people.
3. G-8 High-Tech Crime Working Group (1998)- As a part of the
international cooperation programme for combating cyber crime, a G8Hi- Tech
Crime Sub-Group was formed in March, 1998, to provide trans-border access to
stored data and assistance in hi-tech crime investigations which involve illegal
alteration or distribution of electronic evidence. A G-8 Sub-Group Conference
was held in Paris (France) in 1998 in which representatives of industries and
consumer groups discussed problems regarding security of the internet affecting
industrial and consumer establishments and provide for a safe and secure
environment for e-commerce.
4. European Convention on Cyber Crime, Budapest (November 2001)- It was held in
Budapest on November 23, 2001. This Convention was held for considering the
changes brought about by the digitalization, convergence and continuing
globalization of computer networks and the risks these computer networks and
electronic information were creating in the form of modes and methods for the
perpetration of cyber crimes.
5. International Conference on E-Security, Cyber Crime and Law (2004) –It was
held in Chandigarh (India) on 19-20 February, 2004. The main issues for
deliberation in the Conference included- Network security for corporate
governance and industrial intrusions, Data and transmission standards and
encryption methods needed to be improvised, electronic fund transfer and
security of data banking, issues related to computer forensics, preservation of
computer evidence, Cyber law, data protection and need for appropriate
legislation for the purpose was highlighted by the delegates. The issues like
policing the cyberspace, role of judiciary in digital age, network security and
law and public participation in prevention of cyber crimes were also extensively
discussed in the conference.
6. ASEAN Regional Forum (2004) -The Association of South East Asian Nations
(ASEAN) held a high level ministerial meeting on trans-national crimes in
Bangkok (China) on January 8, 2004 recognizing the need for an effective legal
cooperation to combat the growing menace of cyber crime in the south east region
of Asia. The statement issued by the ASEAN Regional Forum on July 2006
reiterated its resolve to give a thorough fight against the growing menace of
cyber space crime by extending common cooperation in legal and other areas of
mutual concern. The theme of the discussion was various issues and challenges
involved in the investigation of cyber crimes and measures to be taken to curb
this ever growing evil.
7. Asia Pacific Economic Cooperation (APEC) (2004) -The Conference organized by
the members of the Asia Pacific Economic Cooperation (APEC) resolved to work out
a comprehensive legal framework for the prevention and control of cyber crime
and for strengthening of cyber security in accordance with the set principles of
the international law. In its ministerial meeting held in Santiago (Chile) in
November, 2004 it was mutually agreed to strengthen economic cooperation to
fight against cyber crime.
8. Eleventh Congress on Prevention of Crime and Treatment of offenders (2005)
-In the Eleventh Congress on Prevention of Crime and Treatment of offenders
held in Bangkok on 18-25 April, 2005. It was realized that the existing national
laws were inadequate to check the constantly rising graph of cyber crimes at the
international level. Therefore, there was need for bilateral, regional and
international cooperation in crime prevention and strengthening of the criminal
justice system by the participating nations.
9. Seventh International Conference on Cyber Crime (2007)- The Seventh
International Conference on Cyber Crime was held in Vigyan Bhawan, Delhi (India)
on September 12, 2007. The Conference emphasized the need for generating cyber
security awareness and evolving effective preventive measures to combat cyber
criminality. The focus in the conference was on computer generated terrorist
activities and organized crimes through internet which the criminals have found
to be a lucrative means to generate huge proceeds of time. It was generally
agreed that online child pornography, trafficking in contrabands and e-commerce
frauds are showing a rising trend and the acts of vandalism and cheating were
increasingly frustrating the e-governance efforts. Therefore, the need of the
time demands quick response to the Interpol references and bilateral requests,
liberal sharing of forensic technology and more cross-country training exchange
programmes besides, timely alert to tackle the cyber crime menace
10. International Conference on Terrorism and Organized Crimes (2008)- An
International Conference on Terrorism and Organized Crimes was held in Anaheim
(USA) on August 25, 2008. It deliberated on problems of international and
domestic terrorism, misuse of weapons of mass destruction, organized crime,
human smuggling and trafficking, identity theft, online drug trafficking
international monetary laundering, e-commerce, cyber frauds and computer
forensics. The focus of the conference was on the extensive use of forensics in
cyber crime investigations and involvement of computer experts in the process of
11. UN Congress on Crime Prevention (April 2010) -It enabled the participating
nations to have an opportunity to re-enforce the earlier global responses to the
threat of cyber crime. The member countries resolved to launch a crusade against
cyber criminals particularly, the cross-border terrorists and the perpetrators
of cyber fraud operating internationally.
International Agencies For Regulating E-Commerce
There are certain international agencies which function to regulate trade and
e-commerce at the global level and provide a forum for resolution of disputes
and problems by mutual negotiations.
The main among them are as follows:
1. World Trade Organization (WTO)– The representatives of 56 countries met
again in Havana in 1947 to formulate guidelines to improve and regulate
international trade. Consequently, a General Agreement on Tariff and Trade
(GATT) was signed by the contracting countries in December, 1947. The 8th round
of GATT held in Uruguay in 1986, led to the proposal for creation of the World
Trade Organization (WTO) which was supposed to deal with the following issues:
trade related IPRs, trade related investment measures, trade related services,
agricultural subsidy and trade related dispute settlement mechanism. Thus, the
GATT continued to operate nearly 5 decades. Finally, the draft prepared by
Author Dunkel, the Secretary General of the Board of Trade was approved and
finally signed on April 15, 1994 by 125 countries at a meeting held in Morocco
and it was resoled the World Trade Organization be established from January 1,
1995 to function as a trade policy reviewing body and a trade relation dispute
2. WIPO Internet Copyright Treaty, 1996 -The origin of World Intellectual
Property Organization (WIPO) can be traced back to 1883 when Paris Convention
for protection of industrial property was held and a treaty was signed for the
protection of intellectual creations known as patents. Thereafter, copyright
entered the international arena with Burne Convention (1971) on protection of
copyright. In 1974, WIPO became a specialized agency of UNO with mandate to
administer intellectual property matters.In 1996, the WIPO made 2 treaties
commonly known as internet treaties for countering the challenges posed by
internet crimes. These treaties are silent on the subject of liberty of Internet
Service Providers (ISPs), as the issue of liability has been left to the
national legislations for determination. The WIPO Copyright Treaty which was
adopted in Geneva on December 20, 1996, and came into force with effect from
March 6, 2002, mentions about the right of communication but does not contain a
provision on the right of reproduction. It only declares that digital copies
will be considered as reproduction for the purpose of copyright law.
3. Internet Cooperation for Assigned Names and Numbers (ICANN)- The domain name
disputes are being settled by online arbitration under the Uniform Domain Name
Dispute Resolution Policy adopted by the ICANN which is headquartered in
California. It was created on September 18, 1998 in order to handle a number of
tasks such as managing the assignment of domain names and IP addresses. The
disputes pertaining to domain name are settled by the Alternative Dispute
Resolution Service Providers. It exercises jurisdiction over the entire internet
and thus mitigates the hardships of citizens and respects sovereignty of the
existing legal systems of different nations.
Cyber Crime Co-Ordination Cells
1.National Cyber Co-ordination Centre (NCCC)
2.State Cyber Crime Co-ordination Cells, and
3.District Cyber Crime Cells
# National Cyber Coordination Centre (NCCC)
National Cyber Coordination Centre (NCCC), the government’s cyber security
project which scans and records meta data on the Internet. The NCCC received an
in-principal approval from the Cabinet in May 2013. It screens all forms of
meta-data, ensure better coordination between various intelligence agencies and
streamline intelligence gathering. The project is implemented by Indian Computer
Emergency Response Team (CERT-In).
The NCCC can “actively” tie up with other cyber intelligence agencies to collect
and share data to conduct surveillance, although, via lawful means. The NCCC is
limited to online and cyber intelligence and collects data through tie ups with
other intelligence units.
The government’s meta data scanner is likely to have access to:
1.TheNational Intelligence Grid (NATGRID) which keeps all sorts of
citizen data in a single database that can be accessed by officers from RAW,
CBI, IB etc. NATGRID and NCCC were proposed under the same ministry initially
and it’s likely that there is some amount of cross-data sharing. NATGRID has
access to hold 21 categories of citizen database like bank account details,
telephone records, passport data and vehicle registration details. NATGRID has
access to this data in real-time and through tie up with various ministries and
departments called provider agencies and 11 other intelligence and investigative
2.TheNew Media Wing (NMW) and the Electronic Media Monitoring Centre (EMMC)—wings
that are involved in media surveillance—housed under the Ministry of Information
and Broadcasting (MIB) are also involved in media surveillance and shares data
with other intelligence units.
3.The Ministry of Home Affairs (MHA) which is focused on national security
matters also shares and gathers information with the intelligence departments
similar to NCCC and is also likely to be an information provider. The National
Crime Records Bureau (NCRB), Intelligence Bureau (IB), the National
Investigation Agency (NIA), the Central Bureau of Investigation (CBI) and the
Narcotics Control Bureau (NCB) also come under the MHA. Data from these
intelligence units are also likely to be picked by the NCCC.
# State Cyber Crime Co-ordination Cells & District Cyber Crime Cells
The home ministry has directed the states to set up state cyber crime
coordination cells and district cyber crime cells, cyber forensics and mobile
forensics labs, as a part of an eight-point set of guidelines created to address
cyber crimes. States have also been asked to access data and facilitate online
filing of complaints through Crime and Criminal Tracking Network and Systems (CCTNS).
The state cyber crime coordination cells and district cyber crime cells will
report to the district SP but have access to the State Cyber Crime Controller
for guidance, as per the report. Several states have one or more cyber crime
investigation cellsoperating under respective Criminal Investigation
Departments (CID). Several organizations have compiled lists for public
information (CSR, Naavi, Secure India, etc). The CBI too has a Cyber Crimes
The National Critical Information Infrastructure Protection Centre (NCIIPC),
created under Sec 70Aof the Information Technology Act (2000) is responsible
for protecting “those computer resource, the incapacitation or destruction of
which, shall have debilitating impact on national security, economy, public
health or safety”. NCIIPC recognizes the following critical sectors: Power &
Energy, Banking, Financial Services & Insurance, Telecom, Transport, Government
and Strategic & Public Enterprises.
The basis of these recommendations
The suggestions are said to be based on the recommendations made by the expert
committee headed by former Lok Sabha Secretary General T K Viswanathan. That
report recommended the following Amendments to the Code of Criminal Procedure
It has been noted that law enforcement agencies face several challenges during
investigation and prosecution of harmful online conduct due to the dearth of
technically trained police personnel, lack of access to expert advice,
procedural hurdles in conducting cross jurisdictional investigations, absence of
comprehensive data on the crimes reported and the lack of a quick and
streamlined procedure for takedown of malicious online content. In an attempt to
address some of these issues, the Committee proposes the insertion of two
new provisions namely, sections 25B and 25C in the Code of Criminal Procedure
1973 thereby creating the post of a State Cyber Crime Coordinator and
establishing a District Cyber Crime Cell, respectively. The details pertaining
to the State Cyber Crime Coordinator vis-à-vis his qualifications, appointment
and functions along with the role, composition and conditions of service of the
members of the District Cyber Crime Cell respectively, have been mentioned in
these sections. The goal of these provisions is to create a cadre of trained
cyber experts, both from within the police force and experts in the fields of
information technology, digital forensics, cyber law, etc. to ensure the
effective investigation and management of cyber offences.
State Cyber Crime Coordinators
“25B (1) The State Government shall appoint an officer not below, or equivalent
to, the rank of an Inspector General of Police, who shall be the Cyber Crime
Coordinator of the State.
(2) The functions of the State Cyber Crime Coordinator shall be to:
oversee the functioning of the District Cyber Crime Cells in the State;
recommend to the State Government the procedures and best practices to be
adopted by the police officers under Section 78 of the Information Technology
Act, 2000 and the District Cyber Crime Cells while investigating any offence
under the Information Technology Act 2000or involving computer and electronic
media under the Indian Penal Code, 1860 or any other law; oversee the training
of police officers and experts in the District Cyber Crime Cells in the State;
coordinate with the State Cyber Crime Coordinators of other States in case of offences under this Act that fall under the jurisdiction
of two or more States;
and carry out such other functions as may be specified by the State Government.”
District Cyber Crime Cells
“25C (1) The State Government shall establish a District Cyber Crime Cell in
every district to assist in the investigation of offences –
under the Information Technology Act, 2000; and involving computer and
electronic media under the Indian Penal Code, 1860 or any other law.
(2) The District Cyber Crime Cell shall consist of an officer not below, or
equivalent to, the rank of Deputy Superintendent of Police, who shall be the
head of the District Cyber Crime Cell;
such number of Sub-Inspectors as the State Government may deem fit; and at least
three experts in information technology, mobile telephony, digital forensics,
cyber law or such other experts with such qualifications to be appointed by the
State Government inaccordance with the rules made under subsection (4).
(3) The head of the District Cyber Crime Cell shall report to the State Cyber
Crime Coordinator of the State through his supervisory officers.
(4) The State Government shall prescribe by rules –
the manner of appointment and the terms and conditions of service or empanelment
of the members of the District Cyber Crime Cells under sub section (2);
qualifications of experts under clause (c) of sub section (2).”
Departments working under Indian government for surveillance
Recently, many departments and agencies have been established, under government
of India, in order to do surveillance in cyberspace, these are as follows-
National Intelligence Grid
National Intelligence Grid aims at linking information saved on servers and
networks of different departments and ministries of government so it can be
accessible by any department and intelligence agency.National Intelligence
Grid does not aim at storing any type of information in its own and will only
provide a platform where communication between computers and networks of
different departments can be taken place.
Crime and Criminal Tracking Network System (CCTNS)
Crime and Criminal Tracking Network System aims at collecting, storing,
analyzing, transferring, sharing of data between various police stations and
with State Headquarters and police organizations. By using CCTNS, any police
station will get complete available information on any criminal or any suspect
stored on the servers of other police stations or departments.
Central Monitoring System
Central Monitoring System aims at monitoring every byte of communication i.e.
text messages, phone calls, online activities, social media conversations and
contents etc. CMS was prepared by the Telecom Enforcement, Resource Monitoring
(TERM) and by the Center for Development of Telematics (CDoT) and managed by
Intelligence Bureau.Today government is doing surveillance on Facebook and
Twitter walls by using Central Monitoring System.
Unique Identification Authority of India (UID Scheme)
Unique Identification Authority of India (UID scheme)aims at providing a
special unique identity to every citizen of India in which figure print and
basic information of a person. scheme comes under AADHAAR Scheme of government
Indian Computer Emergency Response Team (CERT-In)
CERT, functional since January 2004, is a nodal agency of government in response
of any computer security incident. CERT has been created under the provisions of
Information Technology Amendment Act, 2008 and since then working as government
agency. CERT is not exactly surveillance agency of government but it is
response team of government in order deal with any cyber security incident all
National Counter Terrorism Center (NCTC)
After the attacks on Mumbai in 2008 aka 26/11 attacks on Mumbai, there was a
need of agency to fight against terrorism as there was a failure on the part of
intelligence agencies in India. So the proposal of NCTC was made. NCTC will
derive its powers from Unlawful Activities Prevention Act, 1967 and it will be
part of Intelligence Bureau headed by the director.
Cyber Policing In India
# Crime and Criminal Tracking Network and Systems (CCTNS)
Approved by the Cabinet Committee on Economic Affairs in 2009, with an
allocation of INR 2 billion, the CCTNS is a project under the National
e-Governance Plan. It aims at creating a nationwide networking infrastructure
for an IT-enabled criminal tracking and crime detection system. The integration
of about 15,000 police stations, district and state police headquarters and
automated services was originally scheduled to be completed by 2012. However,
this still remains incomplete. Apart from the slow pace of implementation and
budgetary problems, on-the-ground hurdles to fully operationalizing CCTNS
include unreliable Internet connectivity and under-trained personnel at police
stations. Other issues include unavailability of facilities for cyber forensic
analysis in most locations, and lack of awareness regarding online citizens’
services such as verification of tenants and employees and clearance for
processions and events.
# Online Complaints
The Central Government, in response to queries by the Supreme Court regarding
measures taken to tackle cybercrime, recently announced that they would be
setting up a ‘Centre Citizen Portal’. This portal will allow citizens to file
complaints online with respect to cybercrimes, including cyber stalking, online
financial fraud and others, suffered or observed by them. The governmental
response also details the proposed process, stating that any such complaint on
the portal will trigger an alert at the relevant police station and allow the
police department to track and update its status, while the complainant too
would be able to view updates and escalate the complaint to higher officials.
# Cyber Police Stations
Cyber police stations generally include trained personnel as well as the
appropriate equipment to analyse and track digital crimes. Maharashtra, where
cyber crime has risen over 140% in recent times, and which had the dismal
distinction of only recording a single conviction related to cybercrime last
year, is converting its existing cybercrime labs into cyber police stations.
This will mean there is a cyber police station in each district of the state.
The initiative in Maharashtra is useful especially because of the rise in online
transactions in Tier II and Tier III cities and the rising cybercrime related
thereto. However, despite the rise in cybercrime, complaints remain of low
reportage and low success rates in solving crime. Police officers point to
problems processing evidence, with complex procedures being required to retrieve
data on servers stored abroad.
# Predictive Policing
Predictive policing involves the usage of data mining, statistical modelling and
machine learning on datasets relating to crimes to make predictions about likely
locations for police intervention. Examples of predictive policing include
hot-spot mapping to identify temporal and spatial hotspots of criminal activity
and regression models based on correlations between earlier, relatively minor,
crimes and later, violent offences. In 2013, the Jharkhand Police, in
collaboration with the National Informatics Centre, began developing data mining
software for scanning online records to study crime trends. The Jharkhand Police
has also been exploring business analytics skills and resources at IIM-Ranchi,
in order to tackle crime in Jharkhand.
The Delhi Police has tapped into the expertise at the Indian Space Research
Organisationin order to develop a predictive policing tool called CMAPS– Crime
Mapping, Analytics and Predictive System. The system identifies crime hotspots
by combining Delhi Police’s Dial 100 helpline calls data with ISRO’s satellite
imagery and visualizing it as cluster maps. Using CMAPS, Delhi Police has
slashed its analysis time from the 15 days it took with its erstwhile mechanical
crime mapping to the three minutes it takes for the system to refresh its
The Hyderabad City Police is in the process of building a database, called
the ‘Integrated People Information Hub’ which, according to the City Police
Commissioner, would offer the police a “360-degree view” of citizens, including
names, aliases, family details, addresses and information on various documents
including passports, Aadhaar cards and driving licenses. The data is combed from
a wide-ranging variety of sources, including information on arrested persons,
offenders’ list, FIRs, phone and electricity connections, tax returns, RTA
registrations and e-challans. It is further indexed with unique identifiers, and
is used to establish the true identity of a person, and present results to
relevant authorities within minutes.
Cyber Laws In Other Countries
# United States of America
United States has very strict policy on
surveillance. In United States of America, the President has the power to grant
electronic surveillance on any foreign power or any person who is agent of
foreign powers. The President has the authority to grant such surveillance,
without court orders, through Attorney General to acquire foreign intelligence
information for a period up to 1 year (USC § 1802). Attorney General shall
report to the House of Permanent Select Committee on Intelligence and Senate
Select Committee. Electronic Surveillance may also be granted by the court
order. The Chief Justice will appoint seven judges from seven different circuit
courts and this panel of seven judges will entertain such application of
electronic surveillance and grant, modify or deny such application except in a casewhere such application has already been denied previously, the panel shall
not entertain such application (USC § 1803). Any federal officer shall file such
application for electronic surveillance.
# United Kingdom
In United Kingdom, Regulation of Investigatory Powers Act,
2000 governs the provisions for surveillance and investigation by governmental
bodies. Regulation of Investigatory Powers Act gives guidelines to public
authorities such as Police or governmental departments who want to obtain any
private information. Under Regulation of Investigatory Powers Act guidelines,
the surveillance and investigation can be done in case of terrorism, crime,
public safety or emergency services. Surveillance includes full electronic
surveillance such as intercepting communication on cell phones or emails or
letters, GPS locations of target and access to electronic data encrypted or
Internet censorship in China is extreme due to a wide variety of laws
and administrative regulations. More than sixty Internet regulations have been
created by the government of China, which have been implemented by provincial
branches of state-owned ISPs, companies, and organizations. The apparatus of
China's Internet control is considered more extensive and more advanced than in
any other country in the world. The governmental authorities not only block
website content but also monitor the Internet access of individuals; such
measures have attracted the derisive nickname "The Great Firewall of
China. "Amnesty International notes that China "has the largest recorded number
of imprisoned journalists and cyber-dissidents in the world" and
Paris-based Reporters without Borders stated in 2010 and 2012 that "China is the
world's biggest prison for netizens. The size of the Chinese Internet police
force was reported by the state government to be 2 million in 2013. Since
May 2015,Chinese Wikipedia has been blocked in China. This was done after
Wikipedia started to use HTTPS encryption which made selective censorship
impossible or more difficult.
Drawbacks of The Information Technology Act, 2000
Information technology has played very important role in the lives of people.
Despite the various advantages, the Information Technology Act, 2000 has the
I. Jurisdiction- Cyber jurisdiction refers to a real world
government’s power and a normally existing court’s authority over internet users
and their activities in the cyber world. However, the IT Act does not cover the
important issue of jurisdiction which is very important legal aspect in deciding
the place of filing the case.
II. E-mail authenticity or its evidentiary value- IT Act does not
touch e-mail authenticity or its evidentiary value in the hands of receiver.
III. Domain name infringement- The concept of e-commerce is mainly
based upon domain name. However, this Act is silent about the domain names
infringement, cyber squatting, typosquatting, spamming and security of
information at various levels.
IV. Cross-border tax- In the era of globalization, international
trade and taxation policies are very important. However, this Act does not talk
about the cross-border taxation policy at the international level when the
international contract is signed online.
V. Failure to surrender licence is a non-cognizable offence-
According to section 33 of the IT Act, 2000 when licence of the certifying
authority is suspended or revoked then he must immediately surrender his licence
to controller. However, where such certifying authority fails to surrender
licence then he shall be guilty of an offence and shall be punished with
imprisonment which may extend up to 6 months or a fine which may extend to Rs.
10,000 or both. Further, u/s 77B, which is incorporated by the IT (Amendment)
Act, 2008 any offence punishable with imprisonment of 3 years or above shall be
cognizable. Therefore, failure to surrender licence u/s 33 is a non-cognizable
offence. However, licence is backbone of digital/electronic signature
certificates because only licenced CA can issue digital/electronic signature
certificates, therefore, where a CA whose licence has been revoked or suspended
if fails to surrender his licence then it should be a cognizable offence.
VI. The term cyber crime and cyber offence as such is not defined
under IT Act, 2000.
VII. Important documents such as power of attorney etc. are not
VIII. Statutory bodies may not accept electronic documents- On one
hand, the main aim and objective of the IT Act, 2000 was to facilitate egovernance, however on the other hand, section 9 provides that no one can
insist any government office to interact in electronic form.
The suggestions are as follows:
# Net Security be tightened up
# Self-regulation by Computer and Net Users
# Use of Encryption Technology
# Intrusion Management
# Cancellation of Fake E-mail identity registration
# Liberalization of Law relating to Search and Seizure
# Use of Voice-recognizer, Filter Software and Caller ID for Protection
against Unauthorized Access
# Development of Cyber Forensics and Biometric Techniques
# Need to establish a Computer Crime Research and Development Centre.
# Need for a Universal Legal Regulatory Mechanism
# Global Code of Digital Law for resolving Intellectual Property Rights
# Need for Universalization of Cyber Law
# Interpol and Emergency Response Computer Security Team
# Combating the Menace of Cyber Terrorism
# Need for Cyber Crime Reporter or Cyber Law Journal
# The Information Technology (Amendment) Act, 2008 – A Step in the right
# Digital Time Stamping System (DTS)
# Extradition Treaty: Need of the Hour
# Establishment of Special Cyber Courts to try Cyber Crimes
# Diffusion of Internet Technology in India
# Technical Means for Blocking of Errant Websites
# Planting of Baits in Cyberspace for Worms and Viruses
# Regulation of Social Networking Sites
# Need for Increased Awareness among Victims of Cyber Crimes
# Need for Imparting Training to officials to Investigate Cyber Crimes
Indian’s growing legislative framework and surveillance policies are not
adequate to deal with future threats and there is an urgent need to amend
existing legal framework as well as to introduce strong and effective policies
in order to protect IT industry as well as to protect privacy of individuals in
the country. As referred above, UK, US and China have very effective policies
and the workings of agencies as well as the laws relating to surveillance and
privacy of its citizens. Similarly, in India, legislature should pass such acts
and rules in relation to working of agencies, powers and authorities under whom
surveillance will be done, protection and destruction of such data collected
during surveillance and how far the privacy of individual is secured.
# Adomi Eshaenana E., “The Journal of Community Informatics”, http://cijournalnt/index.php/ciej/article/view/322/319,2007
# Akinola Azeez Paul and Chong Zhanghas, thesis “Evaluate Security
on the Internet Cafe” , http://www.divaportal.org/smash/get/diva2:608536/FULLTEXT01.pdf
# Department of Information Technology, http://deity.gov.in/content/nationalcyber
# Furuholt Bjorn, Kristiansen Stein, “The Journal of Community
Informatics”, www.ci-journal.net/index.php/ciej/article/download/314/352 -
# National Institute of Standards and Technology - http://www.nist.gov/cyberframework/upload/cybersecurity-021214-final.pdf.
February 12, 2014.
# Justice Yatindra Singh, Cyber Laws, Universal Law Publishing Co. Pvt.
# Nandan Kamath, Law relating to Computers, Internet and E-commerce: A
Guide to Cyber Laws and the Information Technology Act, 2000, Universal Law
Publishing Co., 2009
# Dr. M. Dasgupta, Cyber Crime in India: A Comparative Study, Eastern
Law House Publication, 2009.
# S.K. Verma and Raman Mittal, Legal Dimensions of Cyber Space, Indian
Law Institute Publication, 2004.
# Rodney D. Ryder, Guide to Cyber Laws (Information Technology Act,
2000, E-commerce, Data Protection and the Internet), Wadhwa Publication, 2001.
# R.K. Chaubey, An Introduction to Cyber Crime and Cyber Law, Kamal Law
House Publication, 2009.
# Vakul Sharma, Information Technology: Law and Practice, Universal Law
Publication Co., 2010.
# Agarwal, S.C., “Training on Cyber Law, Cyber Crime and Investigation
by Police: Need of Awareness and Requirements”, CBI Bulletin, 2001 Feb.; p.
# Ahmad, Farooq, “Interplay of Internet Domain Names and Trademark Law”,
Indian Bar Review, 2001 Apr.Sep.; p. 233-92.
# Behra, Abhimanyu, “Cyber Crime and Law in India”, Indian Journal of
Criminology and Criminalistics, 2010; p. 16-30.
# Fatima, Talat, “Liability of Online Intermediaries: Emerging Trends”,
Journal of Indian Law Institute, 2007 Apr.-Jun.; pp. 155-78.
# Paranjape, Vishwanath, “Cyber Crime: A Global Concern”, Indian Police
Journal, 2007 Jul.-Sep.; pp. 20-27.
# Ramesh, “Pornography and Obscenity on the Web: Need a Strict Law”,
Supreme Court Journal, 2009; pp. 20-25.
# Albert, J. Marcellai and Roberts S. Greenfield, Cyber Forensics- A
Field Manual for Collecting, Examining and Processing Evidence of Computer
Crimes, Aurebuch Publications, London, 2002.
# Brian, Loader and Douglas, Thomas, Cyber-Crime Law Enforcement,
Security and Surveillance in the Information Age, Routledge Publication, London,
“Ab E-mail Accounts Ki Bhi Hui Wasiyat”, Navbharat Times, April 5, 2010, p.
“Byte Replaces Bullets On Cyberspace”, Hindustan Times, September 18, 2006,
Justice T. Ch. Surya Rao, “Cyber Laws – Challenges for the 21st Century”,
Andhra Law Times, 2004, p. 24
Justice T. Ch. Surya Rao, “Cyber Laws – Challenges for the 21st Century”,
Andhra Law Times, 2004, p. 20.
Asian School of Cyber Laws, Fundamentals of Cyber Law, 2005, p. 93.
Pearson, Introduction to Information Technology, 2006, p. 189.
Granville Williams, Britain’s Media: How They Are Related, 1996
Proprietary Articles Trade Association v. A.G. for Canada, (1932)
 Justice A.S. Anand, “Cyber Law Needed to Meet IT Challenge”, The Tribune,
January 21, 2201, p. 7
Pawan Duggal, Cyber Law – An Overview”, available at http://www.cyberlawindia.com.
 66th U.N. General Assembly Annual Conference of the Interpol held in New
Delhi in October, 1997.
The group of G-7 countries consisted of Canada, France, Germany, Italy,
Japan, UK and USA.
R.K. Suri & T.N. Chhabra, Cyber Crime, (2003), p. 279.
G-8 countries are USA, UK, Canada, France, Germany, Italy, Japan and
Harshwardhan, “Investigation of Computer Crime: Issues and Challenges”,
Criminal Law Journal, January 2008, p. 18
A.S. Chawla, “Cyber Crime – Investigation and Prevention”, The Indian
Police Journal, March, 2003, p. 116
“Global anti-crime Centre mooted at Interpol Conference”, The Tribune,
September 13, 2007, p. 1
Shri Pranam Kumar Rout, “Cyber Law is the Need of the Time”, Cuttack Law
Times, 2000, p. 108
Nicholas v. Universal Pictures Corp., 450 US 584 (1978)
The WIPO Copyright Treaty, 1996; Article 1 (4)
R.K. Choubey, An Introduction to Cyber Crime and Cyber Law, (2008), p.
PTLB, National Intelligence Grid (NATGRID) project of India, October 4,
B. S. Dalal, Indian Center for Communication Security Research and
Monitoring (CCSRM), May 17, 2011http://ictps.blogspot.in/2011/05/indian-centre-for-communication.html
Maria Xynou, India’s Big Brother: Central Monitoring System, April 8,