Almost a decade ago, nobody knew what cybercrimes were. But today, this term has become a huge part of our daily parlance. We have come a long way in terms of development and standard of living with development in technology and internet connectivity. Though, we are not the only ones who can boast of basking in the advantageous glory of improved technology. The world has also seen a rise in a new kind of category of crime referred to as cybercrime.
What Is Cyber Crime?
Cybercrime is not just one country’s problem. It is an issue that affects people worldwide. This type of crime knows no borders[i] which makes it even more dangerous and harmful. A person in India can be very easily targeted by someone in the USA and all it takes is a computer system and a good internet connection.
Cybercrime takes within its ambit a lot of different kinds of crimes that involve the use of the internet and a computer system. Hacking, identity theft, phishing, scamming, ransomware, theft, online fraud are only some of the crimes that take place in cyberspace.
Due to the rapid development of technology, it is not possible to lay down a rigid definition of cybercrime. As the internet progresses, so does the criminal making it impossible for governments and other organizations to come up with a proper definition. In simple words, however, cybercrime can be said to be a crime that takes place in cyberspace, involves the use of the internet, computer system or computer technology[ii]. It is a crime that uses a computer system or targets one using the internet.
The Internet has not only given rise to a new category of crimes but has also enabled and evolved the traditional forms of crime such as theft, fraud, illegal gambling by giving them an online dimension[iii]. Certain offences have merely shifted their base from physical plane to the non-physical and borderless cyberspace. But they stay very much the same criminal acts. Therefore, it can be said that the new entrant cybercrime is the species whereas a conventional crime is its genus.
Law Governing Cyber Crime
The United Nations Commission on International Trade Law adopted the Model Law on Electronic Commerce in 1996. India was a signatory and had to revise existing laws as per the Model Law. Along with its obligations as a signatory, the Indian government also felt the need for laws facilitating e-commerce and e-governance[iv]. Consequently, the Information Technology Act, 2000 was enacted.
Certain penalties and offences were defined under the IT Act while amendments were also made in the existing statutes including the Indian Penal Code and the Indian Evidence Act among others to cover offences known categorically as Cybercrimes.
Judicial Decisions in India
In 2015, the Hon’ble Supreme Court of India gave one of its landmark judgments in Shreya Singhal v Union of India[v]. In this case, the constitutional validity of sections 66A and 69A of the IT Act was challenged. The apex Court held section 66A to be unconstitutional as it took within its ambit all kinds of information. This section was held to be unconstitutionally vague and outside the purview of reasonable restrictions as defined under Article 19(2) of the Constitution. It was held to be violative of the fundamental right to freedom of speech.
The apex court has time and again expressed its concern over the rising menace of cybercrimes and has also given a clear meaning to the words of the existing legislation.
- Tampering with Computer source code
In Syed Asifuddin v the State of Andhra Pradesh[vi], the Andhra Pradesh High Court held that by definition as well as by the definitions provided in the IT Act, a cell phone is a computer. Every service provider has to maintain its own System Identification Code and also give a specific number to each instrument to avail the services provided. Therefore, when the Electronic Serial Number (ESN) is altered, the provisions of section 65 of the IT Act are attracted. On the other hand, in Diebold Systems Pvt Ltd v The Commissioner of Commercial Taxes[vii], the court held that ATMs are not computers but electronic devices connected to a computer system that performs the tasks as required by the person using the said ATM.
In Sanjay Kumar v State of Haryana[viii], the accused was found guilty of dishonestly forging the bank records to cause wrongful loss to the bank and wrongful gain to himself under sections 420, 467, 468, and 471 of the IPC. On the other hand, the accused had tampered with the computer source code and altered the information that resided in the computer resource thereby committing offences sections 65 and 66 of the IT Act.
In State of Andhra Pradesh v Prabhakar Sampath[ix], the accused was found guilty under section 43(a) read with section 66 of the IT Act for hacking the company servers of the complainant company. The guilt was proved beyond a reasonable doubt by the prosecution. The court held that since the research reports are generated after a painstaking study by highly qualified people by spending a lot of time and expense, the accused does not deserve a lenient view.
- Identity Theft and Cheating by Personation
NASSCOM v Ajay Sood[x] was a case of phishing where the defendant masqueraded as the plaintiff in order to obtain personal data from various addresses. The Court recognized phishing as a form of internet fraud and also as a security threat. The Court also observed that there were no legislations in India on phishing. An act amounting to phishing under the Indian law would be a misrepresentation made in the course of trade leading to confusion as to the source and origin of the email. It would also be an act of passing off.
In the Nigerian email scam case[xi], the Court found that the accused persons cheated others by dishonestly inducing them to win a lottery or get a job by sending e-mail/SMS on the internet and on mobile. They dishonestly cheated by personation by means of e-mails and mobile and thereby committed an offence under section 66D of the IT Act.
- Obscenity and Pornography
In Aveek Sarkar v State of West Bengal[xii], the Hon’ble Supreme Court once again tackled the question of what is obscene. The Court applied the Community Standard Test and held that the photograph in question must be viewed in the background in which it was shown and the message it has to convey to the public at large.
In Maqbool Fida Hussain v Raj Kumar Pandey[xiii], the court established that the test of obscenity under both the Information Technology Act and the Indian Penal Code is the same. The Court held that the nude depiction of Mother India might offend or disgust some people but that is not enough ground to prosecute someone. The Court further held that apart from applying the tests, the judge must also place himself in the shoes of the painter to decipher his theme and thought process.
The Court also firmly established that the criminal justice system should not be used as a mere tool in the hands of unscrupulous people for causing violations of rights of people, especially in the artistic field. It is the obligatory duty of the courts to protect individual rights and freedoms.
On the other hand in the State of Tamil Nadu v Suhas Katti[xiv], the accused had posted obscene messages in obscene Yahoo groups after creating a user id in the name of the complainant. He did so with the intention of harming her reputation just because she had refused to marry him. The charges were proved beyond reasonable doubt and the accused was found guilty of offences under sections 469, 509 of IPC and under section 67 of the IT Act.
Similarly, in The State v Yogesh Pandurang Prabhu, the accused sent several vulgar emails to the complainant after she had refused the former’s proposal for marriage. The court held that the accused had intentionally and knowingly intervened in the privacy of the complainant and hence the provisions of Section 66E of the IT Act were attracted. Since the material was posted only to be viewed by the complainant and not any other person, provisions of section 67 and 67A of the IT Act are not applicable here.
In Avinash Bajaj v State of Delhi[xv], the Delhi High Court granted bail to the CEO of the website named bazee.com on which an obscene video was uploaded for sale. The Court held that the actual clip could not be viewed on bazee.com and that the accused had no role in the sale.
- Violation of Intellectual Property in Cyberspace
In Syed Asifuddin, the Court had also held that by the definitions provided under the Copyright Act, a computer programme is protected under the said Act and altering of such a computer programme by another person would amount to copyright infringement.
In My Space Inc. v Super Cassettes Industries Ltd[xvi], the Court held that sections 79 and 81 of the IT Act and section 51(a)(ii) of the Copyright Act have to be read harmoniously. It was also held that proviso to section 81 does not preclude the affirmative defence of safe harbour for an intermediary in case of copyright actions. Actual knowledge is essential in the case of intermediaries and not general awareness. Additionally, the conditions specified under section 79 of the IT Act must be fulfilled to impose liability on an intermediary.
A petition was filed against Songs.pk and other similar websites that promote piracy in the Calcutta High Court. The Court banned songs.pk and the other websites in India by DNS name blocking, IP address blocking via routers and DPI based URL blocking[xvii].
In World Wrestling Entertainment, Inc. v M/s Reshma Collection[xviii], the territorial jurisdiction of the Delhi High Court was challenged. The Court applied the principles of the Contract Act to the transaction taking place over the internet. It was held that when through a software or browser a transaction is confirmed and payment is made to the appellant through its website by a customer in Delhi, the plaintiff is accepting the said offer by the said customer in Delhi. The acceptance is instantaneously communicated through the internet to such customers. Therefore, part of the cause of action would arise in Delhi.
In Maqbool Fida Hussain v Raj Kumar Pandey[xix], the question of jurisdiction arose as to which court would be considered competent to try the case where the impugned painting is accessible across the globe. The Court observed that the existing provisions talked of local jurisdiction but none talked about jurisdiction in consonance with the advent of technological developments.
The Courts in our country—from district courts to the apex Court—have come face to face with multiple cybercrime cases some of which even shocked the whole nation. It is true that due to technological advances, the ambit of cybercrime keeps on expanding. The Courts have time and again recognized and accepted such expansion.
Ongoing through the various judicial decisions in India in cases comprising of cybercrimes it can be observed that the hands of the courts are tied. It is, no doubt, the responsibility as well as an obligatory duty of the courts to ensure that the individual rights of people are not violated. However, it is also true that the Court cannot take upon the role of the legislature. It can only give decisions based on the existing laws and their applicability to the facts and circumstances of each case.
In NASSCOM v Ajay Sood[xx] the court recognized the cybercrime of phishing but also found the absence of the appropriate law. Similarly, when in the case of Maqbool Fida Hussain the question of jurisdiction arose, the Court could only show its hope that the legislature will deal with the lacunae. But on the other hand, the Court answered the question of jurisdiction in the World Wrestling Entertainment case[xxi] based on the provisions of the Indian Contract Act.
In the case of Avinash Bajaj V State of Delhi[xxii], Mr Bajaj was made as an accused mainly because at that time the provisions of section 79 of the IT Act did not exist.
Ritu Kohli case[xxiii] was the first cyberstalking case to be registered in India but there are no separate provisions for it under the IT Act despite the act having happened in cyberspace. Even though it is an offence of a serious nature, it has not been given due attention by the legislature. In the absence of which, the Courts can try the matter only within the ambit of sections 354D and 509 of the IPC.
The Air Force Bal Bharti School case[xxiv] was the first where a 16-year-old boy was arrested for violation of section 67 of the IT Act. The Courts have since then clarified in many cases that the test of obscenity is the same in the IT Act as well as IPC. Similarly, other offences specified in the IPC such as theft, fraud, and cheating among others, when done through an online medium will have the same ingredients in the IPC as well as the IT Act.
Judicial decisions in cybercrime cases have come a long way since the enactment of the Information Technology Act, 2000. In Syed Asifuddin[xxv], the Court recognized cell phones as computer systems as defined under the IT Act thereby protecting the copyright of the cell phone makers on the source code used in the making of their cell phones. This decision was not only in consonance with the provisions of the Act but also with the rapidly changing technology.
Shreya Singhal case[xxvi] was seen as a victory by many and rightly so. The Hon’ble Supreme Court of India found section 66A of the IT Act to be unconstitutional. It made a stop to the unnecessary harassment of people on the basis of their opinions/comments published online.
The Court has thus been fulfilling its duty as an interpreter and upholder of the law. As for the implementation of its decision, the Court is not responsible for the same and depends on the executive as well as the legislature.
Cybercrimes are a rapidly increasing issue that knows no borders and can potentially affect almost everyone in the world. With every technological advance, a new crop of cybercrime can be seen to be sprouting. In times when a new form of crime has developed along with the shifting of the conventional crimes into cyberspace, it is the responsibility of the government as well as the Courts to ensure that the criminal justice system is up to date to fight such crimes. The Courts are bound by the word of law and cannot go beyond their role as defined by the Constitution of India.
[i] Cyber crime, Interpol, https://www.interpol.int/Crimes/Cybercrime [ii] Cyber crime, dictionary.com, https://www.dictionary.com/browse/cybercrime [iii] Supra 1 [iv] Statement of Objects and Reasons, The Information Technology Act, 2000 [v] Shreya Singhal v Union of India SC decided on 24/03/2015 [vi] Syed Asifuddin v State of Andhra Pradesh, 2006 (1) ALD (Cri) 96 [vii] Diebold Systems Pvt Ltd v Commissioner of Commercial Taxes (2006) 144 STC 59 (KAR) [viii] Sanjay Kumar v State of Haryana P&H CRR NO. 66 of 2013 [ix] State of Andhra Pradesh v Prabhakar Sampath Add CMM Hyderabad CC 489 of 2010 [x] NASSCOM v Ajay Sood 119(2005) DLT 596 [xi] State of Maharashtra v Opara Chilezein Joseph & Others JM Panvel, Regl. Crl. Case No. 724/2012 [xii] Aveek Sarkar v State of West Bengal (SC) CRL Appl. NO. 902 of 2004 [xiii] Maqbool Fida Hussain v Raj Kumar Pandey Delhi High Court Revision Petition No. 114/2007 [xiv] State of Tamil Nadu v Suhas Katti, CMM Egnore decided on Nov 5 2004, [xv] Avinash Bajaj v State of Delhi 116 (2005)DLT 427 [xvi] My Space Inc. v Super Cassettes Industries Ltd., Delhi (DB), FAO (OS) 540/2011 [xvii] Now songs.pk banned in India, Netrival, https://www.netrival.com/songs-pk-banned-india/ [xviii] World Wrestling Entertainment Inc. v M/s Reshma Collection FAO (OS) 506/2013 in CM Nos 17627/2013 Del (DB) [xix] Supra 13. [xx] Supra 10 [xxi] Supra 18 [xxii]Supra 15 [xxiii] https://acadpubl.eu/hub/2018-119-17/2/123.pdf [xxiv] https://www.dqweek.com/net-pornography-incident-at-bal-bharti-school-raises-several-issues/ [xxv] Supra 6 [xxvi] Supra 5
Shalu has incredible writing and reading skills and you will never miss a flow in her writings. Her favourite leisure activity is photography. She is also a poetess and a very humble person. In other words, she is as bright as a new penny. For any clarifications, feedback, and advice, you can reach us at firstname.lastname@example.org