Online Certificate Course

on
Cyber Law

PAPER 3: CYBER CRIMES

Prepared by
Jaya V S
Assistant Research Professor
Indian Law Institute
New Delhi

FOR

THE INDIAN LAW INSTITUTE

(Deemed University)
Bhagwandas Road
New Delhi - 110001

1
 Table of contents

I. Introduction 3

II. Cyber Crimes 3

- Historical Antecedents 5
- What makes cyber crime different from conventional crime? 5
- Why Cyber crime? 7
- Cyber Criminals and their Objectives 8
- Classification of Cyber Crimes 9

III. Cyber Law 19

- Jurisdictional Issues 20
- Issues Relating to Evidence 21
- Cyber Investigation 22
- Cyber Forensics 23

IV. Cyber Law in India 24

- Information Technology Act, 2000 and Cyber Crimes 24
- Other Legislations 30
- Analysis 32

V. Conclusion and Suggestions 32

VI. BIBLIOGRAPHY 36

2
 I. Introduction

Internet is generally an open source. As the concept of global village is

holding ground, and globalization, liberalization and privatization are finding way
in the minutest of the commercial activities in developed, developing and least
developed countries, the importance of Internet is growing manifold. With the
booming of new technologies, Internet has now emerged as a parallel form of life
and living. The new technologies have created a new space for the generation. This
space is called cyber space.1
Internet, which is open for exploration, unfortunately, has the potential to
lead to exploitation. It may be used for steeling and destroying valuable
information. The confidentiality, which is the most important aspect of various
commercial and financial transactions, may easily be breached on Internet.
Intellectual property rights in the digital world, especially in the field of
trademarks, copyright, designs and computer software can easily be infringed
without sufficient redressal available to the aggrieved party. Internet has also
facilitated the commission of traditional crimes such as defamation, slander,
forgery, criminal intimidation, breach of trust, obscenity etc. Besides, Internet has
given birth to many more new crimes. It is very difficult to overcome these
problems as first of all, there are no sufficient rules and regulations for Internet
transaction. The existing rules and regulation meant for physical transactions are
not sufficient enough for the transactions and dealings on cyber space. Secondly,
there are no sheriffs and cops on this channel to enforce rules and regulations, and
protect people from the crimes on this path. This lack of legal protection means
that the users must rely solely on technical measures to protect themselves from
those who would steal, or destroy their valuable information. This necessitated
enactment and implementation of cyber laws to regulate crimes in the cyber space.

1
It means computer network consisting of a worldwide network of computer networks that use the TCP/IP
network protocols to facilitate data transmission and exchange. The term ‘cyber space’ is first coined by the
science fiction writer, William Gibson in his short stories and novels (Neuromancer) to denote the separate
space created by Internet. See Josh A. Goldfoot, “Antitrust Implications of Internet Administration”, 84
Virginia Law Review 909 (1998).
3
 II. Cyber Crimes

Cyber crime is growing rapidly and so the definition for cyber crime is still
evolving. Cyber crime is generally used to describe criminal activity in which
computer or/and network is a tool, a target, or a place of criminal activity. Not
only criminal activity but this term also includes traditional crimes in which
computers or networks are instruments to commit them. Since cyber space has no
geographical boundaries, conflicts occur when the rights of Netizens are viewed in
the eyes of citizens of physical space.2
The concept of cyber crime is nowhere defined in any statue or Act passed
by the Indian Parliament till early nineties. Conventional crime and cyber crime
include conduct whether an act or omission which causes breach of law. In this
paper, the terms ‘computer crime’ and ‘cyber crime’ are used interchangeably.
Marc M Goodman says that a computer crime can be classified into three main
categories (i) as crimes where the computer is the target, (ii) crimes where
computer is the tool of the crime and (iii) crimes where the computer is incidental.
In the first category, a perpetrator intentionally attacks an innocent party’s
computer. In the second category, the computer is used to commit a traditional
crime in a high-tech way. The third one is where a computer is mere incidental, in
the sense the perpetrator might have committed the crime even if there was no
computer.3 Nandan Kamat says that sine the Internet is composed of computers;
crimes occurring on the internet are computer crimes. He also says that a computer
can be the subject of a crime by being stolen or damaged; it can be the site of crime
such as fraud or copyright infringement; or it can be the instrument of a crime such
as when it is used to access other machines or store information illegally. These are
all computer crimes in the sense that a computer is involved. 4 Suresh T
Viswanathan defines computer crime as (i) any illegal action in which a computer
is a tool or object of the crime; in other words, any crime, the means or purpose of
which is to influence the purpose of the computer (ii) any incident associated with

2
Usually the jurisdiction to try cyber crimes is vested with courts situated at the place of commission of
crime. See s.75 of Information Technology Act, 2000.
3
Marc M Goodman, “Why the Police don’t Care about Computer Crime?” 10 Harvard Journal of Law and
Technology 468(1997).
4
Nandan Kamat, Law Relating to Computers Internet and E-commerce, Universal Law Publishing Company
Pvt. Ltd, New Delhi(2000) p.22.
4
computer technology in which a perpetrator by intention made or could have
made a gain and (iii) computer abuse is considered as any illegal, unethical or
unauthorized behaviour relating to the automatic processing and transmission of
data.5 There is a difference opinion as to this division. Some argue that when a
crime is committed to or by a computer without using the Internet, it is just a
computer crime and not a cyber crime. According to them a cyber crime can be
understood as one, which is committed with the help of Internet, abusing the
special characteristics of Internet, anonymity, absence of geographical boundaries
and speed.6 Once committed, it would be difficult for the law enforcing and the
adjudicating agencies to deal with the situation and find out a remedy. In some
situations, there will be only cyber crime, in some other situations; it stands along
with a traditional crime.

Historical Antecedents

The first recorded cyber crime took place in France in 1820. Joseph-Marie
Jacquard, a textile manufacturer produced a loom. This device allowed the
repetition of a series of steps involved in the weaving of special fabrics. This
created a fear in his employees that their livelihoods were being threatened. They
committed acts of sabotage to discourage Jacquard from using the new technology.
This was the first cyber crime.
The concept of ‘cyberspace’ entered in to the theory of modern law, when
the American Supreme Court, compared the breach of law in cyber space to the
breach of law in real space.7 The court applied the laws of the real world into the
cyber space. After this judgment the jurists of the cyberspace were divided into
two groups. One group argues that the laws of real world can be extended to the
cyberspace. The other group says that the territory based traditional laws cannot
be applied to cyberspace.

5
Suresh T Viswanathan, The Indian Cyberlaw, Bharat Law House, New Delhi, (2000) p.13.
6
Vishnu Konoorayar, “Regulating Cyber space : The Emerging Problems and Challenges, Cochin
University Law Review, Vol. 27 (2003).
7
Reno v. American Civil Liberties Union, 521 US 844.
5
What makes cyber crime different from conventional crime?

Crime is a social and economic phenomenon and is as old as the human society.
Crime is a legal concept and has the sanction of the law. Crime or an offence is “a
legal wrong that can be followed by criminal proceedings which may result into
punishment.”8 The hallmark of criminality is that, it is breach of the criminal law.
Per Lord Atkin, “the criminal quality of an act cannot be discovered by reference to any
standard but one: is the act prohibited with penal consequences”.9 A crime may be said to
be any conduct accompanied by act or omission prohibited by law and
consequential breach of which is visited by penal consequences.
In this sense, the term ‘cyber crime’ is a misnomer. The concept of cyber
crime is not radically different from the concept of conventional crime. Both
include conduct whether act or omission, which cause breach of rules of law and
counterbalanced by the sanction of the state. However, there are certain differences
between the two. It would be relevant to points out these similarities and
differences between the two.
Cyber crime is the latest and perhaps the most complicated problem in the
cyber world. “Cyber crime may be said to be those species, of which, genus is the
conventional crime, and where either the computer is an object or subject of the
conduct constituting crime”10 “Any criminal activity that uses a computer either as an
instrumentality, target or a means for perpetuating further crimes comes within the ambit
of cyber crime.”11 The involvement of medium makes cyber crime distinct from
conventional crimes. Cyber space does not have geographical boundaries. Cyber
criminals refuse to be bounded by the conventional jurisdictional areas of nations,
originating an attack from almost any computer in the world, passing it across
multiple national boundaries, or designing attacks that appear to be originating
from foreign sources. Such techniques dramatically increase both the technical and
legal complexities of investigating and prosecuting cyber crimes. Unlike
conventional crimes against persons or property such as rape, burglary and
murder, cyber crimes are very skill intensive. Stock of hacking skills is thus a
8
Granville Williams, Criminal Law, The General Part, 2nd ed, Stevens and Sons Ltd 1961, pp 609-613.
9
Proprietary Articles Trade Association v. A.G. for Canada, 1931 AC 310.
10
Parthasarathy Pati, Cyber Crime, as available at http://www.naavi.org/pati/pati_cybercrimes_dec03.htm.
11
Pawan Duggal, Cyber Law- The Indian Perspectives, Saakhar Publications, New Delhi.

6
prerequisite to cyber/online crimes. Whereas minimal skill is needed for
opportunistic attacks, targeted attacks require more sophisticated skills.12

Why Cyber crime?

Cyber crime is promoted by the various factors like new technologies,

complexity and loss of evidence. The computers are easy to access by means of
these new complex technologies. The unauthorized access to a computer system is
made possible by installing technologies like key loggers that can steal the access
codes, voice recorders etc. that can bypass firewalls and get into the system.
Computers work on operating systems, which are composed of millions of
codes. Due to human errors, if some loophole occurs, the cyber criminals use that
to penetrate into the system. At the time of crime investigation, collection of
evidence plays an important role. Collection of data outside the territorial extent is
very difficult. This makes cyber criminals think that they are safe. The magical and
intriguing aspects of the Internet lie primarily in its anonymous nature. Only very
few people would actually go to a physical adult bookstore to view pornography
or even rent pornographic videos. But a larger percentage will visit and browse a
virtual adult porn site on the Internet without hesitation. This occurs primarily
because of the false security provided by a sense of anonymity.
Hart in his work, The Concept of Law has said “human beings are vulnerable
so rule of law is required to protect them”. Applying this to the cyberspace we may
say that computers are vulnerable so rule of law is required to protect and
safeguard them against cyber crime. The reasons for the vulnerability of computers
may be said to be:
(i) Capacity to store data in comparatively small space
The computer has unique characteristic of storing data in a very small space.
This affords to remove or derive information either through physical or
virtual medium much easily.
(ii) Easy to access

12
Nir Kshetri,” Pattern of Global Cyber War and Crime: A Conceptual Framework” The University of North
Carolina at Greensboro.

7
 The problem encountered in guarding a computer system from
unauthorised access is that there is every possibility of breach not due to
human error but due to the complex technology. By secretly implanted logic
bomb, key loggers that can steal access codes, advanced voice recorders;
retina imagers etc. that can fool biometric systems and bypass firewalls can
be utilized to get past many a security system.
(iii) Complex
The computers work on operating systems and these operating systems in
turn are composed of millions of codes. Human mind is fallible and it is not
possible that there might not be a lapse at any stage. The cyber criminals
take advantage of these lacunas and penetrate into the computer system.
(iv) Negligence
Negligence is very closely connected with human conduct. It is therefore
very probable that while protecting the computer system there might be any
negligence, which in turn provides a cyber criminal to gain access and
control over the computer system.
(v) Loss of evidence
Loss of evidence is a very common and obvious problem as all the data are
routinely destroyed. Further collection of data outside the territorial extent
also paralyses this system of crime investigation.

Cyber Criminals and their Objectives

Cyber criminals can be categorized based on the objective that they have in
their mind.
Children and teenagers in the group of 8 to 18 fall in one category. This
group is, by nature, anxious to know and explore things. Like the two sides of a
coin, Internet also has good and bad effects. The parents and the educational
institutions should create awareness in students about the good and bad effects of
Internet. By proper guidance this group can be eliminated from the list of cyber
criminals.

8
 The other group of cyber criminals is the hackers. Some of the hackers hack
to fulfill their political objectives. Some hack the site of their competent to get the
valuable and reliable information to get over them. There is another type of
hackers who hack the system to pay back their enemies. They hack the
information to create problems for their enemies.

Classification of Cyber Crimes

Crime is a social phenomenon. Crime is an act that is prohibited by law.

Cyber crime is the most latest and complicated problem in the cyber space. A
generalized definition of cyber crime is “unlawful acts wherein the computer is
either a tool or target or both.”
Cyber crimes can be classified on various basis such as on the basis of (a)
subject of crime, (b) against whom crime is committed and (c) on the basis of
temporal nature of criminal activities being carried out on computers and Internet.
The subject of cyber crime may be broadly classified under the following three
groups:
(i) Against individuals
It may be against individual persons or their property. Following are the
crimes, which can be committed against Individual persons: 13
a.Harassment via e-mails
b.Cyber-stalking
c.Dissemination of obscene material
d.Defamation
e.Unauthorized control/access over computer system
f.Indecent exposure;
g.Email spoofing
h.Cheating and Fraud.
Following are the crimes which can be committed against individual
property:
a.Computer vandalism
b.Transmitting virus

13
For details see supra chapter 2.
9
 c.Netrespass
d.Unauthorized control/access over computer system
e.Intellectual Property crimes
f.Internet time thefts.
(ii) Against organization
It may be against the Government, a firm, a company or a group of
individuals. Following are the crimes against an organization:
a.Unauthorized control/access over computer system
b.Possession of unauthorized information
c.Cyber terrorism against the government organization
d.Distribution of pirated software.
(iii) Against the society at large
Following are the crimes:
a.Pornography (largely child pornography)
b.Polluting the youth through indecent exposure
c.Trafficking
d.Financial crimes
e.Sale of illegal articles
f.Online gambling
g.Forgery.
The above lists are not exhaustive.
A Cyber crime includes traditional activities like theft, forgery and fraud
whenever a computer is involved. In addition to these, crimes like cyber stalking,
hacking, unauthorized access, denial-of-service attack, malicious crime (including
use of virus), E-mail bombing, Salami attacks, Data didling, Web jacking, Cyber
Pornography etc. are the other cyber crimes which are popular, which have
emerged due to increasing use of computers and Internet.
A. On the basis of commission of traditional crimes, cyber crimes can be
classified into following categories, viz.,
(i) Cyber Theft
In a cyber theft a person dishonestly moves something from a computer
which belongs to another person without his permission. For eg., by

1
 breaking into the computer of a bank situated in some part of the globe and
removing the money from one account and putting it in another account of
the same bank or another bank. Here there is no physical act, which
constitutes a theft.
(ii) Cyber trespass
The information stored in the Internet might be protected using passwords.
These passwords are the fences. Breaking a fence and entering into someone
else’s property is punishable.
(iii) Cyber Violence
If the impact of the cyber activity of a person or group of persons have
violent effects upon another person or a social group or a country then it can
be called as cyber violence. These types of activities may not have a direct
physical impact, but the victim feels the impact.
(iv) Cyber Obscenity14
This is the extension of the principles embodied in the sections 292 and 293
of the Indian Penal Code.15 Here the obscene materials are published in the
Internet. Governments all over the world are now trying to find methods to
regulate cyber crimes. These nations try to do it by either applying an
Internet specific law or by extending the application of existing criminal
laws.
(v) Cyber forgery and fraud
Fake mark sheets, revenue stamps etc. can be made by using high quality
scanners and printers. In October 1995, Economic offences Wing of Crime
Branch, Mumbai seized 22,000 counterfeit share certificates of eight reputed

14
David S Wall, “ Policing and Regulation of Internet”, Criminal Law Review Special Edition 81(1998).
15
Section 292 speaks about Sale, etc., of obscene books, etc. _
“For the purposes of subsection (2), a book, pamphlet, paper, writing, drawing, painting,
representation, figure or any other object, shall be deemed to be obscene if it is lascivious or appeals to the
prurient interest or if its effect, or (where it comprises two or more distinct items) the effect of any one of its
items, is, if taken as a whole, such as to tend to deprave and corrupt person, who are likely, having regard to
all relevant circumstances, to read, see or hear the matter contained Sale, etc., of obscene objects to young
person” .
Section 293 says,” Whoever sells, lets to hire, distributes, exhibits or circulates to any person under
the age of twenty years any such obscene object as is referred to in the last preceding section, or offers or
attempts so to do, shall be punished 140[on first conviction with imprisonment of either description for a term
which may extend to three years, and with fine which may extend to two thousand rupees, and, in the event of
a second or subsequent conviction, with imprisonment of either description for a term which may extend to
seven years, and also with fine which may extend to five thousand rupees.”
1
 companies worth Rs. 34.47 crores. These certificates were prepared using
desktop publication systems. The most familiar crime on Internet is fraud16.
There are so many areas in which this crime may manifest itself. Auction
fraud is one such in which the seller posts and advertises about an item in
an auction site. The buyer agrees to buy the item and forwards the money.
But the seller fails to deliver the item to him owing to theft. ‘Phishing’ is
another scheme used to collect information from unsuspecting individuals
in order to commit identity theft or those crimes that are associated with
fake identity. eg. credit card fraud etc.
(vi) Intellectual Property Crimes
Intellectual property includes among other things trademarks, patents,
designs and copyright. Intellectual property crimes naturally mean violation
of laws regarding to these rights. They include online infringement of
trademarks, copyright, theft of source code etc.
B. On the basis of emergence of new crimes, cyber crimes can be classified
into following categories viz.,
(i) Cyber stalking
Cyber-stalking is done using Internet messaging service or any other
electronic means to stalk someone. Cyber-stalkers follow the victim’s online
activities. They gather information, initiate contacts and make threats by
following the victim’s online activities. Cyber-stalkers target victim’s by
using bulletin boards, chat rooms, Spam and online forums. They post
defamatory statements about their stalking targets on their web pages to
make the victim’s react to it and thereby initiating contacts. Once the victim
responds to this, the stalkers will trace the victim’s online activities. Cyber
stalking situations can extend to physical stalking and the victim may
experience abusive phone calls, threatening mails, obscene mails and
physical assault.
To track people some of the cyber stalkers use websites like
http://www.switchboard.com/, and http://www.whowhere.com/. Those

16
In this era of E-commerce, most of the offences coming under the head money laundering activities are
committed only through the medium of computers.
1
 people who do not want to be tracked of can request for removal of
themselves from such sites.
(ii) Cyber Pornography
This offence includes pornographic websites, pornographic magazines
produced using computers and the channel used to transmit and download
these materials. The first case of this type of offence is that a student of Air
Force Balbharati School, New Delhi, created a website and dedicated to the
school. The website contained text materials with explicit sexual details
about girls and teachers of the school. They were classified on the basis of
their sexual preferences. This when realized by one of the girls, her father
registered a case under the section 67 of the IT Act, 2000 with Delhi Police
Cyber Crime Cell. The police arrested the student and he was kept at
Timarpur (Delhi) juvenile home and the juvenile home granted him bail
after one week.
(iii) Unauthorized access
Access control refers to restring the entrance to a property, or a room of an
authorized person. Access control by mechanical means can be achieved by
using keys and card access system.17
Therefore, unauthorized access means any kind of access without
permission of the authorized owner or the person in charge of a computer,
computer system or computer network. So switching on a computer system
without the permission of the person in charge of a computer system would
also be an unauthorized access. Common techniques used for unauthorized
access are: Packet sniffing, tempest attack, password cracking and buffer
overflow.
•Packet Sniffing
This is a technology used by crackers and forensic experts. ‘Sniffing’
is done on the basis of data transmission. The data is transmitted in the form
of packets called data-grams on the network. These packets are of varying
sizes depending on the network bandwidth. Each packet has a header and

17
“Access” is defined in Section 2(1)(a) of the IT Act as “ gaining entry into, instructing or communicating
with the logical, arithmetical, or memory function resources of a computer, computer system or computer
network”.
1
the header contains information about the source, destination, protocol, size
of the packet, total number of packets and unique number of the packet.
Data carried is in an encrypted format. When the data is transmitted the
packets travel through a number of layers of the OSI model. The network
layer in the OSI model is responsible for preparing the packets for
transmission. The hackers attack at this level. Suppose if A and B are
engaged in transmission and C wants to intercept the transmission, C would
intercept the data packets and translate them back from cipher mode of data
to the actual data. For this C use the technology called “Packet Sniffing”. For
using this technology one should know the IP address of either parties
involved in the communication. Sniffers are then applied to the network
layer of the victim IP address. Sniffer is invisible for anyone on either side of
the network. It only screens the data packets, copies the encrypted data and
then translates the encrypted data into original form for the adversary.
Sniffer attaches itself to the network devices like the modem or the Network
Interface Card (NIC) that is used by the victim computer to send and receive
data. The most famous sniffers are ADMsniff-v08, AntiSniff-101,
anti_sniff_researchv1-1-2, Spynet etc.
•Tempest attack
It is the ability to monitor the electromagnetic emissions from the
computer for reconstructing the data. This allows remote monitoring of
network cables or remotely viewing monitors. TEMPEST is the abbreviation
of “Transient Electromagnetic Pulse Emanation Standard”. Any object
which is appropriately equipped placed near the target can pick up all the
keystrokes and messages displayed on the computer monitor. By properly
shielding computer equipment and network cabling, one can be overcome
TEMPEST attacks.
•Password cracking
A password is used by a user for authentication. The user must know
the password in order to gain access. It is a secret consisting of multiple
words. For every access, password information is checked. To crack a
password means to bypass a protection scheme or to decrypt a password.

1
 In UNIX operating system, the passwords were stored in a file. This
file is readable, but the passwords were encrypted in such a manner that a
person can test whether a password is valid or not? But decryption is
impossible. A program “crack” was used to test all the words in the
dictionary against the passwords in the file. This will find out all the users
whose passwords were chosen from the dictionary. Password crackers uses
this to guess passwords.
Another form of password cracking attack is ”brute force” attack.
This method is more time consuming than the other. In this method, all
possible combinations of letters, numbers and symbols are tried out one by
one till the password is found.
•Buffer overflow
This is the most common way of breaking into a computer. It is also
known as buffer overrun, input overflow or unchecked buffer overflow.
This method involves giving input excessive data into a computer. The
excess data overflows into the other areas of the computer memory. This
will allow the hacker to insert executable code along with the input,
enabling the hacker to break into the computer.
(iv) Hacking
One of the most popular cyber crime is hacking. The reality is that no
computer system in the world is secure from the threat of hacking. Any and
every system in the world can be hacked. Under Section 66 of IT Act
Hacking is defined as “Whoever with the intent to cause or knowing that he
is likely to cause wrongful loss or damage to the public or any person
destroys or deletes or alters any information residing in a computer
resource or diminishes its value or utility or affects it injuriously by any
means, commits hacking”.
“Hacker” is described as any amateur computer programmer18 who
discovered ways to make software run more efficiently. The term “hacker”
describes anyone who writes computer programmes, modifies computer
hardware, with computers or electronic devices for fun and often can be

18
http://en.wikipedia.org/wiki/Hacker_%28computer_security%29 visited on 17-07-07.
1
 considered as expert on the subject. Hackers will hack the problem until
they get the solution. The recent definition of a hacker is that the one who
maliciously breaks into computer networks with the intent to steal data or
tamper files. This is considered to be a crime. The some of the essential
ingredients of hacking are the intention to cause wrongful loss or damage to
any person, knowledge that wrongful loss or damage will be caused to any
person due to this act, the information residing in the computer resource
must be destroyed or deleted or altered or diminished in value or utility or
are affected injuriously.
(v) Denial of Service Attack
This is a type of cyber crime which is initiated by sending excessive
demands to a victim’s computer, exceeding the limit that the servers can
handle and thereby making the servers crash. Flooding a computer resource
with more request than it can handle, will cause the resource to crash
thereby denying authorized users the service offered by the resources. It is
very difficult to control such attacks. The major examples of denial-of-
service attacks are those which brought down websites like CNN, Yahoo
Amazon etc.
(vi) Virus and Worms Attacks
Viruses are programs that attach themselves to a computer or a file and then
circulate themselves to other files and to other computers on a network.
Viruses affect the data on the computer by deleting or altering it whereas
Worms do not need the host to attach themselves to. Worms make
functional copies of themselves and do this repeatedly till they acquire all
the available space on a computer’s memory. VBS_LOVELETTER also
known as Love Bug or the I LOVE YOU virus utilized the addresses in
Microsoft Outlook and e-mailed itself to those addresses. The e-mail which
was sent out had "ILOVEYOU" in its subject line. The attachment file was
named "LOVE-LETTER-FOR-YOU.TXT.vbs". People who opened the e-mail
attachment were conquered by the subject line and those who had some
knowledge of viruses, did not notice the tiny .vbs extension and believed
the file to be a text file. The message in the e-mail was "kindly check the

1
 attached LOVELETTER coming from me". VBS_LOVELETTER first selects
certain files and then inserts its own code instead of the original data
contained in the file. This way it creates ever-increasing versions of itself.
(vii) Email Spoofing
An email is said to be spoofed if that appears to originate from one source
but actually has been sent from another source. It can cause many damage
to a person’s reputation and can also put them in troubles.
(viii) Logic Bombs
Logic bombs are event dependent programs. They are used to do something
only when a particular event occurs. Some of the viruses also may be
termed as logic bombs because they work only on a particular date.19
(ix) Salami Attacks
This type of attacks are mainly seen in the financial area. This attack makes
so small alterations so that it would go completely unnoticed. E.g. the
Ziegler case wherein a logic bomb was introduced in the bank’s system,
which deducted 10 cents from every account and deposited it in a particular
account. In this case, the man first created a logic bomb into the bank’s
system. Logic bombs are programmes that will get activated only at the
occurrence of an event. Logic bomb was programmed to take ten cents from
all the accounts in the bank and put them into the account of the person
with name Ziegler. The amount withdrawn from each of the accounts in the
bank was so small that neither of the account holders nor the bank officials
noticed the fault. This was brought to the notice of the bank when a person
by name Zygler opened his account in that bank and so large amount of
money transferred to his account every Saturday. Bank authorities revealed
the entire scheme.
(x) Data Diddling
This type of attack involves altering raw data just before a computer
processes it and then changing it back after the processing is completed.

19
Also called slag code, programming code added to the software of an application or operating system that
lies dormant until a predetermined period of time (i.e., a period of latency) or event occurs, triggering the
code into action. Logic bombs typically are malicious in intent, acting in the same ways as a virus or Trojan
horse once activated. In fact, viruses that are set to be released at a certain time are considered logic bombs.
They can perform such actions as reformatting a hard drive and/or deleting, altering or corrupting data.
1
 Electricity Boards in India have been victims to data diddling programs
inserted when private parties were computerizing their systems.
(xi) Email Bombing
Email bombing involves sending a large number of e-mails to the victim
resulting in the victim’s email account (in case of an individual) or mail
servers (in case of a company or an email service provider) crashing. Eg: is
the case of a foreigner who had been residing in Simla for thirty years and
wanted to avail a scheme introduced by the Simla Housing Board to buy
land at lower rates. He made an application, but it was rejected on the
ground that the scheme was available only for citizens of India. This made
him angry enough to sent thousands of mails to the Simla Housing Board
and repeatedly kept sending e-mails till their server crashed.
(xii) Trojan Attacks
This term has its origin in the word ‘Trojan horse’. In software field, this
means an unauthorized programme, which passively gains control over
another’s system by representing itself as an authorised programme. The
most common form of installing a Trojan is through e-mail. E.g. a Trojan
was installed in the computer of a film director in the U.S. while chatting.
The cyber criminal, through the web cam installed in the computer,
obtained her nude photographs and started harassing the lady director.
(xiii) Web Jacking
This term is derived from hi jacking. This occurs when someone forcefully
takes the control of a website. In these types of offences the hacker gains
access and control over the other website by bypassing the password. The
hacker may even change the information on the site. The actual owner of the
site does not have any control over the information on the site.
A case of web jacking is the ‘gold fish’ case. In this case the site was
hacked and the information pertaining to gold fish was changed. Further a
ransom of US $ 1 million was demanded as ransom. Thus, web jacking is a
process whereby control over the site of another is made backed by some
consideration for it.

1
(ixv) Cyber Terrorism
Both cyber crime and cyber terrorism are criminal acts. But cyber crime is
different from cyber terrorism in many aspects. Cyber crime is a domestic
issue, which may sometimes have some international consequences whereas
cyber terrorism is certainly of a global concern. It includes both domestic as
well as international consequences. The terrorist attacks on the Internet are
by hate e-mails, denial-of-service attacks, attacks on sensitive computer
networks etc. The recent example are of Osama Bin Laden, the LTTE, attack
on America’s army development system during Iraq war etc.
Cyber terrorism can be defined to be “the premeditated use of
disruptive activities, or the threat thereof, in cyber space, with the intention
to further social ideological, religious, political or similar objectives, or to
intimidate any person in furtherance of such objectives”.
Another definition may be attempted to cover every act of cyber
terrorism. A terrorist means a person who indulges in wanton killing of
persons or in violence or in disruption of services or means of
communications essential to the community or in damaging property with
the view to –
•putting the public or any section of the public in fear; or
•affecting adversely the harmony between different religious, racial,
lingual or regional groups or castes or communities; or
•coercing or overawing the government established by law; or
•endangering the sovereignty and integrity of the nation
and a cyber terrorist is the person who uses the computer system as a
means or ends to achieve the above objectives. Every act done in
pursuance thereof is an act of cyber terrorism.
(xv) Computer Vandalism
This involves destroying or damaging the property of another. Computer
vandalism include any kind of physical harm done to the computer of any
person. These acts may take the form of the theft of a computer, some part
of a computer or a peripheral attached to the computer or by physically
damaging a computer or its peripherals.

1
 III. Cyber Law

Cyber law encompasses a wide variety of legal issues related to the use of
communication technology. It addresses issues of cyber space and covers the rights
and responsibilities of Netizens20 who are the citizens of Cyber Space. Cyber law
includes legal issues that affect persons and institutions who control the entry to
cyber space, provide access to cyber space, create hardware and software which
enable people to access cyber space or to use their own devices to enter cyber
space.
Absence of physical boundaries in cyberspace may lead to a situation where
the basis of morality and culture will be shaken in society. The morals of a society
could vary from the morals of another society. The Internet being a global
communication media can encroach upon the morality of a society.21 With the
advent of Internet people can view and download obscene materials irrespective of
their age. Even if the true address of the host website is known, an Indian court
cannot punish the offenders who are in a foreign country. The publication of
obscene material may not be an offence in the country where the server of the host
website is situated. The fact that the criterion for punishment differs from countries
to countries adds to this problem. For eg., in USA, the obscenity test is based on the
contemporary community standards of the nation. There is no barrier to publish
any material, which matches their contemporary community standards.22
There are currently two main statutes, which govern online criminal liability
– the classic Indian Penal Code, 1860 and the Information Technology (IT) Act,
2000.23 The main objective of this Act is to regulate and control affairs of cyber
world in an effective manner. IT Act deals with various crimes in chapter IX and
XI. In the coming part of this work, let us explore the various provisions of IT Act
that is capable of dealing with the various types of cyber crimes.

20
A word coined by Michael Hauben to describe an internet user who possesses a sense of civic responsibility
for his/her virtual community as a citizen would feel responsible for a physical community.
21
For eg., publication of obscene materials on the Internet. The Indian Law makes the sale of obscene
materials punishable under section 292 of Indian Penal Code, 1860.
22
Donald T. Stephen, “Obscenity Online: A Transnational Approach to Computer transfers of Potentially
Obscene Materials, 82 Cornell Law Review 905, 916(1997).
23
IT Act 2000 was passed by the Indian Parliament and enforced on May 17, 2000.
2
Jurisdictional Issues

Computer and cyber crimes inevitably often have a transnational aspect to

them, which can give rise to complex jurisdictional issues involving persons,
things and acts being present or carried out in a number of different countries. This
can be as true for individual acts of criminality as it is for the multinational
criminal organisation. Even where the perpetrator and the victim are located in the
same jurisdiction, relevant evidence may reside on a server located in another
jurisdiction. Hence, in most of the internet based activities, traditional legal
concepts and principles are sometimes challenged by the nature of the
environment. As a consequence, legislators, law enforcement agencies and the
judiciary have had to address issues of cyber crime jurisdiction at a number of
levels.24
Since Internet is everywhere, the commission of a crime can take place
anywhere on the Internet, due to which the internet user finds him subjected to the
jurisdiction of many countries for a single act. Occasionally this may lead to a
situation where a person is subject of an extradition request from many countries.
Ordinarily the jurisdiction of a court is related to the place where the offence is
committed.25 This is based on the English common law position that all crimes are
local and should be tried only by the local courts within whose jurisdiction the act
was committed.26 When there is uncertainty as to the local area within which the
crime was committed, the courts, within whose jurisdiction even a part of the
offence was committed, is given the jurisdiction to try the matter. This would
result in a situation where prosecutors of many jurisdictions have a choice of
forum as to the trial of offenders.

Issues Relating to Evidence

It is more than three years since law was passed in India to recognize
electronic documents as admissible evidence in a Court of law. The necessary
amendments were made to the Indian Evidence Act 1872 by the Information
Technology Act 2000. In the case of electronic documents produced as "Primary
24
“Computer crimes and Digital Investigation”, Ian Walden, Oxford University Press, New York, (2007)
25
Section 177 of the Code of Criminal Procedure, 1973.
26
Ibid.
2
Evidence", the document itself must be produced to the Court. However, such
electronic document obviously has to be carried on a media and can be read only
with the assistance of an appropriate Computer with appropriate operating
software and application software. In many cases even in non-electronic
documents, a document may be in a language other than the language of the Court
in which case it needs to be translated and submitted for the understanding of the
Court by an Expert..27 Normally the person making submission of the document
also submits the translation from one of the "Experts". If the counter party does not
accept the "Expert's opinion", the court may have to listen to another "Expert" and
his interpretation and come to its own conclusion of what is the correct
interpretation of a document. In the case of the Electronic documents, under the
same analogy, "Presentation" of document is the responsibility of the prosecution
or the person making use of the document in support of his contention before the
Court. Based on his "Reading" of the documents, he submits his case. This may
however be disputed by the counter party. In such a case, it becomes necessary for
the Court to "Get the document Read by an expert" to its satisfaction. It is necessary
to have some clarity on the legal aspects of such documents presented to the Court
because most of the court battles are expected to revolve around "Proper Reading "
of the documents and "Possible manipulation of the documents”. In making
presentation of an "Electronic Document", the presenter may submit a readable
form of the document in the form of a "Print Out". Question arises in such a case
whether the print out is a "Primary Evidence" or a "Secondary Evidence."28

Cyber Investigation

Cyber Crime Investigation is the collecting, analyzing and investigation of

digital evidence and cyber trails. This digital evidence and cyber trail may be
found in computer hard disks, cell phones, CDs, DVDs, floppies, USB data storage
devices, SIM cards, iPods, digital cameras, laptop computers, computer networks,
the Internet etc. Digital evidence and cyber trails can be hidden in pictures and

27
“Cyber laws in India- ITA 2000 and Beyond, Naavi (2003).
28
According to Indian Evidence Act, section 65 refers to "Cases in which secondary evidence relating to
documents may be given". However, the modifications made to this section by ITA-2000 have added Sections
65 A and Section 65 B.
2
sound files (steganography), encrypted files, password protected files, deleted
files, formatted hard disks, deleted emails, deleted SMS, chat transcripts and even
in the RAM.29

Cyber Forensics
Most of the computer users believe that their actions committed over the
Internet will be hidden from others. But the trace evidence of computer usage is
abundant. Individual computers contain the details of electronic communications
even after the data has been deleted. Forensic examination can easily retrieve the
record of past usage from these details. In addition, Internet service providers and
network administrators can also document, store, and maintain the record of
computer usage, and such records can be used in a criminal investigation.
Cyber forensics is the discovery, analysis and reconstruction of evidences by a
process of extracting information and data from a computer storage media. This
data is collected, preserved and is used for presenting it in a manner acceptable in
a court of law. Cyber Forensics also includes finding encrypted and decrypted
password protected information, tracing the source of e-mail, recovering deleted
data, computers that created them etc. The main objectives of cyber forensics
include rapid discovery of evidence, estimate of potential impact of the malicious
activity on the victim, and assessment of the objective of the crime and identity.
Intrusion analysis includes examination of many sources of data evidence e.g.,
firewall logs, network management information etc. Cyber forensics adds
inspection of transient elements such as contents of the following: memory,
registers, basic input/output system, input/output buffers, serial receive buffers.
The evaluation of data related to both pre and post cyber attack periods are done.
The Cyber Forensics works by collecting the digital evidence at the time of
cyber crime investigation and stores them for the purpose of examination. Original
digital evidence and duplicate digital evidence is created. Original includes
physical items and associated electronic data at the time of seizure. Duplicate
digital data evidence is accurate digital form of all electronic records contained on

29
Digital evidence and cyber trails can relate to online banking frauds, online share trading fraud, source code
theft, credit card fraud, tax evasion, virus attacks, cyber sabotage, phishing attacks, email hijacking, denial of
service, hacking, divorce cases, murder cases, organized crime, terrorist operations, defamation, pornography,
extortion, smuggling etc
2
the original physical item. Original computer is not altered by any of the
examination process and should be held with great caution.
Retaining the original evidence in its initial form, the investigator makes the
mirror image copy of all data on the computer storage and then examines the data
stored on any storage media associated with a computer. This ensures that the
tampering of the original evidence does not occur. This mirror image is known as a
bit-stream image. As the mirror image is made, it also creates mirror image of the
slack created in various files and unallocated storage space. This will help the
investigator to reveal the data or information stored there.

IV. CYBER LAW IN INDIA

The flourishing synergy arising between organized crimes and the Internet
has increased the insecurity of the digital world. In the following segment, my
attempt would be to evaluate the existing laws in India to prevent cyber crimes.

There are two main statutes that govern the online criminal liabilities are the
Indian Penal Code, 1860 and the Information Technology (IT) Act, 2000. The IT
Act, was passed and enforced on 17th May 2000. Its objective was to legalize e-
commerce and it further amends the Indian Penal code 1860, Indian Evidence Act
1872, the Banker’s Book Evidence Act 1891, and the Reserve Bank of India Act
1934. The aim behind this is to make these Acts compatible with the Act of 2000 so
that, they may control the affairs of the cyber world in an effective manner.

Information Technology Act, 2000 and Cyber Crimes

S.1(2) of IT Act30 provides that the Act extends to the whole of India,
including Jammu & Kashmir. To extend the provision of Act to Jammu & Kashmir,
Art.253 of Constitution is used. The Act does not take citizenship into account. The
Act provides an extraterritorial jurisdiction. The S.1(2) when read with S.75,31 the
Act can be applied to any offence or contravention committed outside India by any
person irrespective of his/her nationality, if his/her conduct constituting the
offence or contravention involves a computer, computer system or computer
30
S.1(2) of IT Act, 2000.
31
S.75 of IT Act, 2000.
2
network located in India. The limitation of this provision occurs due to the lack of
international co-operations. This Act is to protect even the owner of a single
computer, computer system or computer network located in India which has been
violated/damaged by any person inside or outside the country.
Chapter IX of the IT Act, 2000 highlights both the penalty provisions and the
process of adjudication for damage to computer, computer system, or computer
network. It deals with the cyber crimes like unauthorized access to computer,
computer system or computer network. The various provisions under this Act is
studied with reference to the terms like computer, computer system, access,
computer networks which are defined under the subsections of the S. 2(1) of IT
Act, 2000.
Chapter XI of the IT Act, 2000 deals with the offences. The main distinction
between a contravention and an offence is that, a contravention is generic and is
just the violation of rule. It may or may not be punishable with a liability to pay a
penalty whereas an offence is specific and by doing an offence one can be made
punishable with fine and imprisonment or with either of them.
IT Act deals with various cyber crimes and the provision of penalties in
chapters IX and XI. Chapter IX deals with the penalties and adjudication and
chapter XI deals with the offences. The important sections in IT Act which deals
with the various cyber crimes are S. 43, S.65, S.66, S.67.
The various sections that deal with the cyber crimes are discussed in brief in this chapter.
S.43. Penalty for damage to the computer, computer system etc. This section
deals with unauthorized access, unauthorized downloading, virus attacks or any
contaminants introduced in the system, denial-of-service access, damages caused.
This section provides for a fine up to Rs. 1 Crore as remedy.
To prove that a system has undergone unauthorized access, one should
prove that the access was unauthorized, the computer performed a function as a
consequence of unauthorized access, the person concerned knew that the access
was unauthorized.
Unauthorised downloading refers to unauthorized retrieving of a file from a
remote computer, computer system, or the computer network. Unauthorised
copying is downloading a file or data and saving it on another part of computer’s

2
hard disk or on any removable disk. The offenders are liable to pay damages by a
compensation not exceeding Rs.1 crore to the victim.
Under S.43(c) of the IT Act, 2000, any person who introduces or causes
viruses or other contaminants into the system shall be liable to pay damages by
way of compensation not exceeding Rs.1crore.
Any person who causes denial of service to any authorized person, S.43(f)
and who damages or causes to damage data, files or any hardware-software
configuration by means of altering, deleting, adding, modifying or rearranging the
files through virtual or physical medium,S.43(d) shall be liable to pay damages by
way of compensation not exceeding Rs.1 crore. S.43(h) is incorporated with the
idea to prevent theft, misappropriation, misrepresentation, fraud or forgery of
access code, used ID, password etc. by a person to the account of another person
by manipulating any computer, computer system, or computer network.
S.44. Penalty for failure to furnish information, return etc.
In this section, based on the clauses (a), (b) and (c), the person could be a
subscriber, Certifying Authority, auditor, or any person in charge of the computer
resources. Under S. 44(a) The authority is the controller or the certifying authority
and the applicability is on the subscribers, Auditors, computer resource in-charge
etc. with the penalty amount not exceeding Rs.1,50,000.00 for each failure. In
Clause (b) the authority is controller, any Government agency/Statutory
Authority. The applicability of this clause is on the subscribers, Auditors,
Certifying Authority, Computer resources in-charge etc. with a penalty not
exceeding Rs.5000.00 for each day which the fault continues. In clause(c), the
authority is the same as that of clause (b), but it can be applied on the certifying
authority, computer resource in-charge etc. with a penalty not exceeding
Rs.10,000.00 for each day the fault continues.
S.45. Residuary penalty.
This section is effective against all the contraventions that are specifically
given any penalties under ss. 43 and 44. The contravention committed by the
person should be first observed and then classified based on the provisions of ss.
43, 44 or 45. Penalty amount under the residuary penalty will not exceed twenty-
five thousand rupees.

2
S.46. Power to adjudicate
This section shows that the adjudicating officer under the Act is a quasi-
judicial authority. He/She should hold an enquiry before arriving at a decision.
Section 46(1) indicates that the quasi-judicial authority of an adjudicating officer is
to determine the contraventions and imposition of penalties under ss.43, 44 and 45
of the Act. Under 46(5), the powers of the adjudicating officer is mentioned. The
adjudicating officer has the same powers of a civil court under the Code of Civil
Procedure, 1908.

S.47. Factors to be taken into account by an adjudicating officer

This section gives the factors for adjudging the quantum of compensation.
The amount of compensation must not exceed Rs. 1 crore. The adjudicating officer
has to measure the degree of contravention in terms of monetary value and he/she
should arrive at a reasonable amount of compensation.
Cyber crime includes both cyber contraventions and cyber offences. The
difference between the both lies in the degree and extend of criminal activity.
Unauthorised access to a computer, computer system, and computer network can
be considered as a cyber contravention. It is covered by S.43(a) to (h) in the IT Act,
2000. Cyber contraventions may result in civil prosecution and the judicial
proceedings are done before the adjudicating officer. Offender liable to pay
damages by way of compensation of an amount not exceeding Rs.1crore to the
victim.
Cyber offences are related with the serious issues. Sections 65 to 74 of the IT
Act, 2000 deal with the various cyber offences. Cyber offences may result in
criminal prosecution and the offender may be punishable with imprisonment or
fine or with both. These offences are classified as cognizable/non-cognizable and
bailable/non-bailable.
S.65 Tampering with computer source documents
This offence is classified to be a cognizable offence, triable by first class
Magistrate. This is a non-bailable offence. Computer source documents consists of
the listing of programmes, source code, design etc. The source code represents the
intellect of a programmer. It Act protects the source code in this section. It protects

2
the computer documents beyond the range of Copyright laws. The punishment of
the offence under this section is imprisonment up to three years, or with fine up to
Rs.2 lakhs or with both.
S.66 - Hacking
Hacking with computer system is a cognizable act which is non-bailable and
is triable by a first class Magistrate.32 This section is to protect the information
residing in a computer resource and to protect the integrity and security of
computer resources from attacks by unauthorized persons seeking to enter such
resource. The punishment of the offence under this section is imprisonment up to
three years, or with fine up to Rs.2 lakhs or with both. The presence of a criminal
intention will differentiate S.66 from S.43 of It Act, 2000.
S.67 Publishing of information which is obscene in electronic form
This section deals with cognizable and non-bailable offence. It addresses the
issues related to publication or transmission of obscene information in electronic
form. It covers websites, graphic files such as GIF and JPEG images, text messages,
digital photographs etc. The punishment of the offence under section 67 is
imprisonment up to five years and with fine up to Rs.1lakh for the first conviction
and imprisonment up to ten years and fine up to Rs.2 lakhs for the second
conviction.
S.71- Penalty for misrepresentation
It is classified to be a non-cognizable, bailable offence that is triable by any
Magistrate. It deals with the misrepresentation or the suppression of material facts
to the Controller of Certifying Authority to obtain digital signature or to become a
Certifying Authority. The penalty is imprisonment up to two years or a fine up to
Rs.1 lakh or with both.
S.72- Penalty for breach of confidentiality and privacy
This offence is a non-cognizable and bailable offence which is triable by any
Magistrate. The idea behind this section is that the person who has secured access
to any such information shall not take unfair advantage of it by disclosing it to the
third party without obtaining the consent from the other party. The punishment of

32
Hacking is a pre-planned process by identifying the target, studying the security features and then
developing tools to gain an unauthorized access to alter, destroy or damage the computerized data.
2
the offence under section 72 is imprisonment up to two years, or with fine up to
Rs.1 lakh or with both.
S.73 - Penalty for publishing Digital Signature Certificate false in certain particulars.
This offence is classified as a non-cognizable, bailable offence which is
triable by any Magistrate. The punishment for the offence under this section is
imprisonment up to two years, or with fine up to Rs.1 lakh or with both.
S.74 Publication for fraudulent purpose
This section deals with the storage and transmission of ‘modified digital
signature certificate with the intent to commit fraud. This offence is classified as a
non-cognizable and bailable offence which is triable by any Magistrate. Digital
Signature Certificate is a digital identity of a subscriber in the digital medium. By
ss.73 and 74, any attempt to use it for fraudulent purpose is made as an offence. It
provides for imprisonment up to two years or with a fine up to 1 lakh or with both.
S.75 Act to apply for offence or contravention committed outside India
This section is not concerned about the territoriality and the nationality of
the cyber criminals. It provides an extended long arm to the IT Act. The limitation
of this Act is because of the non co-operation of the other countries. This section
deals with any person irrespective of nationality, an offence or contravention
committed outside India against a computer, computer system or computer
network located in India.
S.76 Confiscation
The confiscation can be done on the order of an adjudicating officer.
Confiscation means to seize property with authority. This section highlights that
all the devices which helped in the contravention are liable to be confiscated.
S.77 Penalties or confiscation not to interfere with other punishments
This section is to deal with people who, apart from facing the penalty or
confiscation under the Act, the person may still found liable under other law . This
section indicates that the penalties or confiscation will not interfere with any other
punishments to which the offender is liable.
S.78- Power to investigate offences
This section clearly says that only a police officer above the rank of Deputy
Superintendent of Police has the power to investigate both cognizable and non-

2
cognizable offences under the Act. A police officer, for investigating a non
cognizable offence has to obtain the order from Magistrate having the power to try
such case. For a cognizable offence, any officer in charge of the police station may
proceed with the investigation without the order of a Magistrate.
S.79- Network service providers not to be liable in certain cases
As long as the NSP provider can prove that the offence/contravention has
occurred without his knowledge and that he had taken due diligence to prevent
the commission of such offence/contravention, the network service providers are
not liable.

The various provisions of the IT Act, 2000 enables to fight against the
various cyber crimes. There are some other legislation, along with IT Act to enforce
that the cyber space is free from crime. These statutory provisions will control and
regulate the various activities in cyber space. Now let us discuss the other
legislations trying to curb cyber crime.

Other Legislations
The Indian parliament considered it necessary to give effect to the
resolution by which the General Assembly adopted Model Law on Electronic
Commerce adopted by the United Nations Commission on Trade Law. As a
consequence of which the Information Technology Act, 2000 was passed and
enforced on 17th May 2000.33 The preamble of this Act states its objective to legalise
e-commerce and further amend the Indian Penal Code 1860, the Indian Evidence
Act 1872, the Banker’s Book Evidence Act1891 and the Reserve Bank of India Act
1934. The basic purpose to incorporate the changes in these Acts is to make them
compatible with the Act of 2000 so that they may regulate and control the affairs of
the cyber world in an effective manner.
Apart from the Information Technology Act, 2000 and the Indian Penal
Code 1860, dealing with offences in the nature of cyber crimes, there are a few
other norms also. They are;
1. The Indecent Representation of Women (Prohibition) Act, 1986.34

33
For more details see supra chapter 3.
3
The definition clause explains the nature of offence in the following manner;35
(a)"advertisement" includes any notice, circular, label, wrapper or other document
and also includes any visible representation made by means of any light, sound,
smoke or gas;
(b)"distribution" includes distribution by way of samples whether free or
otherwise;
(c)"indecent representation of women" means the depiction in any manner of the
figure of a woman; her form or body or any part thereof in such way as to have the
effect of being indecent, or derogatory to, or denigrating women, or is likely to
deprave, corrupt or injure the public morality or morals;
(d)"label" means any written, marked, stamped, printed or graphic matter, affixed
to, or appearing upon, any package;
(e)"package" includes a box, a carton, tin or other container;
Section 3 of the Act Prohibits advertisements containing indecent representation of
Women.36
At the international level also, the need to bring about a law against such
illegal act was strongly felt which culminated in the adoption of Protocol on Sale of
Children, Child Prostitution & Child Pornography by the United Nations.37
Protocol on Sale of Children, Child Prostitution & Child Pornography: It says,
“Considering that, in order further to achieve the purposes of the
Convention on the Rights of the Child38 and the implementation of its provisions,
especially articles 1, 11, 21, 32, 33, 34, 35 and 36, it would be appropriate to extend
the measures that States Parties should undertake in order to guarantee the
protection of the child from the sale of children, child prostitution and child
pornography,
Considering also that the Convention on the Rights of the Child recognizes
the right of the child to be protected from economic exploitation and from
34
An Act to prohibit indecent representation of women through advertisements or in publications, writings,
paintings, figures or in any other manner and for matters connected therewith or incidental thereto.
35
Section 2 ibid.
36
No person shall publish, or cause to be published, or arrange or take part in the publication or exhibition of,
any advertisement which contains indecent representation of women in any form.
37
Adopted in May 2000.
38
Adopted and opened for signature, ratification and accession by General Assembly resolution 44/25
of 20 November 1989.

3
performing any work that is likely to be hazardous or to interfere with the child's
education, or to be harmful to the child's health or physical, mental, spiritual,
moral or social development,
Gravely concerned at the significant and increasing international traffic in
children for the purpose of the sale of children, child prostitution and child
pornography,
Deeply concerned at the widespread and continuing practice of sex tourism,
to which children are especially vulnerable, as it directly promotes the sale of
children, child prostitution and child pornography”, the United Nations has
adopted the said protocol.

Analysis
Even among these countries, crimes are not treated uniformly. In some,
unauthorized access is a crime only if harmful intent is present; in others, data theft
is a crime only if the data relates specifically to an individual’s religion or health,
or if the intent is to defraud. Laws tend to be biased in favor of protecting public
sector computers, but do not provide reciprocal protection to private sector
computers. So a mutual co-operation is what is expected out of the member
countries.
Discrepancies exist even within countries. Industry-wide efforts are
underway to address prevention, response, and cooperation. Around the world,
various industries have been establishing information sharing and analysis centers
(ISACs) to share real-time information related to threats, vulnerabilities, attacks,
and countermeasures. A recent Global Information Security Summit sponsored by
the World Information Technology and Services Alliance39 brought together
industry, governments, and multilateral organizations across economic sectors to
share information and build partnerships. Post-summit working groups are now
developing cooperative approaches to addressing the most critical information
security problems.

39
www.witsa.org
3
 V. CONCLUSION AND SUGGESTIONS

Perhaps the most remarkable thing about the twenty-first century is that we
have almost at the dawn of the Information Age. Until recently, we as a nation
have paid them little heed. India and the rest of the world continue to charge
headlong into the information revolution. Information technology is making
profound inroads into the very fabric of our society and our economy as a nation
in the global community. In a very real sense, the "Information Superhighway" has
become the economic lifeblood of our nation.
While leading the world into the Information Age, at the same time we have
become uniquely dependent on information technology -- computers and the
global network that connect them together. This dependency has become a clear
and compelling threat to our economic well-being, our public safety, and our
national security.40
The world's networks, referred to by many as "cyberspace," know no
physical boundaries. Our increasing connectivity to and through cyberspace
increases our exposure to traditional adversaries and a growing body of new ones.
Terrorists, radical groups, narcotics traffickers, and organized crime will join
adversarial nation-states in making use of a burgeoning array of sophisticated
information attack tools. Information attacks can supplement or replace traditional
military attacks, greatly complicating and expanding the vulnerabilities we must
anticipate and counter. The resources at risk include not only information stored
on or traversing cyberspace, but all of the components of our national
infrastructure that depend upon information technology and the timely availability
of accurate data. These include the telecommunications infrastructure itself; our
banking and financial systems; the electrical power system; other energy systems,
such as oil and gas pipelines; our transportation networks; water distribution
systems; medical and health care systems; emergency services, such as police, fire,
and rescue; and government operations at all levels. All are necessary for economic
success and national security.

40
http://usinfo.state.gov/journals/itps/1198/ijpe/pj48min.htm visited on 26-02-2007.
3
 Cyber crimes are amongst the most underreported forms of criminality.
Experts say less than 10% of cyber crimes are reported to authorities 41 In the
conventional world, research has indicated that time taken to report a crime is one
of the most important factors in determining the probability of arrest. 42 Timely
reporting of cyber attacks to authorities is thus likely to strengthen the rules of law
and help combat cyber threats in the long run. some companies have set a
dangerous precedent of negotiating with web terrorists by paying ransoms.
Estimates suggest that gambling sites alone have paid millions of dollars to cyber
extortionists annually. Ransom money sends positive cognitive messages and will
fuel further cyber attacks by making criminals more sophisticated and organized.
As criminals’ skill, organization and intelligence co-vary positively with the odds
of getting away with crimes, paying ransom contributes to the vicious circle of
cyber crimes.43
It also has several policy implications. Firstly, there is no pure technological
fix for security related problems involving technologies.44 Cooperation and
collaboration among national governments, computer crime authorities and
businesses are critical to combat cyber attacks. If national governments work with
one another as well as with business communities to modify institutions by
defining appropriate policies for the security of the digital world, it will result in
lower transaction costs. Some signs of success have materialized, but nations have
very far to go before they can achieve even a moderate level of success.45
Secondly, enacting laws that require organizations to deploy appropriate
defence mechanisms and making reporting of cyber crimes mandatory can help
combat such crimes. U.S. government, for instance, requires commercial banks to
secure their networks.46 Despite the existence of similar regulations for decades, the
Patriot Act reflected a change in the U.S. banking landscape. Since the mid- 2004,

41
Masaaki Kotabe, “Global Security Risks and International Competitiveness” Journal of International
Management, Vol. 11, Issue 4 (2005).
42
Larry j Siegel, Criminology, Thomson Wadsworth, (9th Edition) (2005).
43
M.J. Zuckerman, "Criminals Hot on Money Trail to Cyberspace," USA Today, March 22, 2000. Available
at http://www.ncpa.org/pi/crime/crime8.html.
44
Supra n. 12.
45
For instance, although Russia has signed agreements to help the U.S. in investigating some crimes,
computer crimes are not among them (Lemos 2001). In 2001, the U.S. Department of Justice requested the
assistance of Russian authorities but received no response (Lemos 2001).
46
The USA Patriot Act, 2001 and the Gramm Leach Bliley (GLB) Act, 1999 require new security measures
including customer identification and privacy protection.
3
South Korea’s National Cyber Security Center has mandated that all Internet-
related hacking incidents must be reported (Ho 2004). Many countries, however,
do not have such laws.
Thirdly, many countries are changing the regulative landscape towards
severity of punishment. For instance, the U.S. Patriot Act, 2001 has brought cyber
attacks into the definition of terrorism with penalties of up to 20 years in prison.
The probability of arrest in cyber crimes is, however, very low since conventional
law enforcement authorities lack skills required in dealing with such crimes. The
severity of punishment is important, but what is still more critical in enhancing
cyber safety is the certainty of punishment.47 The probability of arrest is likely to
increase with more investments in the development of law enforcement
capabilities.
Fourth, many small and poor countries lack resources to investigate cyber
crimes. Big and rich nations’ assistance to these countries, especially those with
high rates of origin of cyber crimes, is urgently needed to combat global cyber
threats originating from these countries. Managers and governmental officials thus
can singly or cooperatively eliminate or at least minimize institutional forces that
promote deviant cyber behaviour. In addition to enacting new laws to minimize
cyber threats (change in regulative institutions), they can devise strategy to change
social norms (change in normative institutions) that influence hackers’ behavior.
Industry-wide efforts are underway to address prevention, response, and
cooperation. Around the world, various industries have been establishing
information sharing and analysis centers (ISACs) to share real-time information
related to threats, vulnerabilities, attacks, and countermeasures. A recent Global
Information Security Summit sponsored by the World Information Technology
and Services Alliance (www.witsa.org) brought together industry, governments,
and multilateral organizations across economic sectors to share information and
build partnerships. Post-summit working groups are now developing cooperative
approaches addressing the most critical information security problems.
However may be the legislative background of a country, without active
participation and co-operation among the member nations of the globe, the menace

47
Supra n. 12.
3
of cyber threats cannot be curbed to the fullest extent. The very nature of cyber
crimes itself brings with it the transboundary effects destroying the legislative
wisdom. In India, since we don’t have a super legislation covering all forms of
cyber crimes, becoming party to the respective international conventions and
treaties is desirable so that we can implement those provisions by enacting
relevant municipal laws in that regard.48

VI. BIBLIOGRAPHY

1.A Cracker breaks in Pokhran , PC Quest, September, 1999.

2.A Tapestry of Privacy : A Meta Discussion, MIS Quaterly , Mar ch 1996, Pg 5-12.
3.Age of Cyber Crime, Handbook of Cyber Law, Macmillan India Ltd, 2000, Pg 126-
145.
4.Anderson, Ronald, Deborah Johnson, Donald Gotterbarn and Judith Perrolle
(February 1993) "Using the New ACM Code of Ethics in Decision Making,"
Communications of the ACM, Vol. 36, 98-107.
5.Beware! Sexual Abuse Gets Virtual , Suhit Kelkar, Times News Network , Monday,
Aug. 30, 2004.
6.Bid to block anti-India Website Affects Users, The Hindu, Sandeep Dixit, New
Delhi. Sept 23, 2004.
7.Brey, Philip (2001) "Disclosive Computer Ethics." In R. A. Spinello and H. T. Tavani,
ed., Readings in CyberEthics, Jones and Bartlett.
8.Bynum, Terrell Ward (1993) "Computer Ethics in the Computer Science Curriculum."
In Bynum, Terrell Ward, Walter Maner and John L. Fodor, ed. (1993) Teaching
Computer Ethics, Research Center on Computing & Society.
9.Computer Crime and Abuses Report (India) 2002-02, Asian School of Cyber Laws,
March 1, 2003.
10.Computer Security , Crime and Ethic, Computer Today , P. 1298-1309.
11.Computer Security Journal, Volume xx, Number 3, 2004., Pg 33-50.

48
Article 253 of the Constitution of India. It reads, “Notwithstanding anything in the foregoing provisions of
this chapter, Parliament has power to make any law for the whole or any part of the territory of India for
implementing any treaty, agreement or convention with any other country or countries or any decision made
at any international conference, association or other body”.
3
12.Cyber Crime and Punishment—A Report prepared by Mccomell International,
December 2004.
13.Cyber stalking: A New challenge for Law Enforcement and Industry—A Report from
the Attorney General to the US Vice President, Al Gore, August 1999.
14.It is Time to Act, Handbook of Cyber Law, Macmillan India Ltd., 2000, Pg 147.
15.Law Relating to Computers, Internet and E-commerce, Nandan Kamath, New Delhi,
Universal Law Publishing Co. Ltd, 2000.
16.Maner, Walter (1996) "Unique Ethical Problems in Information Technology," In
Bynum and Rogerson. (1996) 137-52.
17.Microsoft falls pray to Hackers”, Computer Today, November 16-30, 2000
18.Morse code to computer mode , SAIBAL SEN , Times News Network , Friday,
May,21,2004.
19.Nissenbaum, Helen (1995) Should I Copy My Neighbor's Software? In D. Johnson
and H. Nissenbaum, ed., Computers, Ethics, and Social Responsibility, Prentice Hall.
20.Nissenbaum, Helen (1999) The Meaning of Anonymity in an Information Age,
The Information Society, Vol. 15, 141-144.
21. Online Lotteries Bring Bumper Worries, Times of India, Friday, December 3,
2004.
22.Police Story: Few Stats, Fewer Cops , Times News Network , Friday,Jan,16,2004.
23.Rogerson, Simon (Spring 1996) "The Ethics of Computing: The First and Second
Generations," The UK Business Ethics Network News.
24.Rogerson, Simon and Terrell Ward Bynum (June 9, 1995) "Cyberspace: The
Ethical Frontier," Times Higher Education Supplement, The London Times.
25.Royal Bank Consumer Information Brochure: “ Straight Talk about Safeguarding
Against Financial Fraud’ .
26.Scam Artists Await Unwary Travellers, Toronto Star , December 2, 1995, p f19.
27.Software Patents Tangle the Web, Technology Review, CFO, Fall, 2000
28.Software Piracy: Big Biz, PC Magazine, December -11, 2001.
29.Spafford, Eugene (1992) "Are Computer Hacker Break-Ins Ethical?" Journal of
Systems and Software, January 1992, Vol. 17, 41-47.
30.SSN’s For sale Online, Privacy Journal, June 1996, p. 4.
31.Straight Answers, Times News Network , Sunday,July,14,2004.

3
32.The day of the Cyber Pirates, Handbook of Cyber Law, Macmillan India Ltd., 2000,
p. 98-124.
33. The Economics Times, September 11, 2004, p. 1.
34.The Ethics of Information Technology, Information Technology, December 2003, p.
18.
35.The Law Relating to Computer and interne”, Rahul Matthan, New Delhi, 2000
36.The League for Programming Freedom (1992) "Against Software Patents." In
Bynum, Terrell Ward, Walter Maner and John L. Fodor, ed. (1992) Software
Ownership and Intellectual Property Rights, Research Center on Computing &
Society.
37.Web Software Raises Privacy Issue, The Asian Wall Street Journal, 2000, May 2, p.
10.