LAW & INFORMATION TECHNOLOGY

Legislative Framework of IT Laws: IT Act, IPC & IEA

Akash Narayan
B.A. LL. B (Hons) (Self-Financed)
Roll No. 06
Semester IX
 ACKNOWLEDGEMENT
To start off at the very outset, I would like to express my gratitude towards Dr. Ghulam Yazdani
sir for giving me the opportunity to make this project.
I would like to thank my parents and my batchmates without who’s help I wouldn’t have been
able to complete this project in these tough times as the world is going through such a horrible
pandemic.
TABLE OF CONTENTS
1. Abstract
2. Introduction
3. Information Technology Laws (Cyber Laws)
4. Scope and Applicability of IT Act
5. Acts amended after enactment of IT Act
6. Cyber Crime & IPC
7. Digital Evidence – Cyber Law & IEA
8. Bibliography
ABSTRACT
Computer chips have become increasingly powerful while costing less. That’s because over the
last five decades the number of transistors—or the tiny electrical components that perform basic
operations on a single chip have been doubling regularly.This exponential doubling, known as
Moore’s Law, is the reason a modern smartphone affordably packs so much dizzying capability
into such a small package.
Thus, in the today’s era of rapid growth, Information technology is encompassing all walks of
life all over the world. These technological developments have made the transition from paper
to paperless transactions possible. We are now creating new standards of speed, efficiency, and
accuracy in communication, which has become key tools for boosting innovations, creativity
and increasing overall productivity
Computers are extensively used to store confidential data of political, social, economic or
personal nature bringing immense benefit to the society. The rapid development of Internet and
Computer technology globally has led to the growth of new forms of transnational crime
especially Internet related. These crimes have virtually no boundaries and may affect any
country across the globe.
Thus, there is a need for awareness and enactment of necessary legislation in all countries for
the prevention of computer related crime. Globally Internet and Computer based commerce and
communications cut across territorial boundaries, thereby creating a new realm of human
activity and undermining the feasibility and legitimacy of applying laws based on geographic
boundaries.
This new boundary, which is made up of the screens and passwords, separate the “Cyber world”
from the "real world" of atoms. Territorially based law-making and law-enforcing authorities
find this new environment deeply threatening.
So, in this paper we will look at how the Indian legal system is coming to par with these
technological advancements and filling in the gaps of exposure that they might have with the
new and old legislations coming to work together to make India a cyber safe and a future ready
country.
INTRODUCTION
Anyone who has access to a computer and a telephone network is free to get hooked to the
Internet. This uncontrollable growth of the Internet makes the need for regulation a prominent
necessity. Systems across the globe have many different rules governing the behavior of users.
These users in most of the countries are completely free to join/ leave any system whose rules
they find comfortable/ not comfortable to them. This extra flexibility may at times lead to
improper user conduct. Also, in the absence of any suitable legal framework, it may be difficult
for System Administrators to have a check on Frauds, Vandalism or Abuses, which may make
the life of many online users miserable.
This situation is alarming, as any element of distrust for Internet may lead to people avoiding
doing transactions with online sites thereby directly affecting eCommerce growth.
The (mis)use of Internet as an excellent medium of communication may in some situations lead
to direct damage to physical societies. Non-imposition of taxes on online transactions may have
its destructive effect on the physical businesses and also government revenues. Terrorists may
also make use of web to create conspiracies and make violence in the society.
Therefore, all of us whether we directly use Internet or not, will like to have some form of
regulation or external control for monitoring online transactions and the cyber world for
preventing any instability.
INFORMATION TECHNOLOGY LAWS (CYBER LAWS)
Computer or Cyber-crimes are considered as illegal, unethical or unauthorized behavior of
people relating to the automatic processing and transmission of data, use of Computer Systems
and Networks.
IT law does not consist a separate area of law rather it encloses aspects of contract, intellectual
property, privacy and data protection laws. Intellectual property is a key element of IT law. The
area of software license is controversial and still evolving in Europe and elsewhere.
According to Ministry of Electronic and Information Technology, Government of India:-
“Cyber Laws yields legal recognition to electronic documents and a structure to support e-
filing and e-commerce transactions and also provides a legal structure to reduce, check cyber
crimes.”

The basic approaches for creation of Cyber Laws, which will ensure the smooth governance of
Internet globally are as follows:
a) Formulation of new laws and amendment of existing laws by nations within their present
territorial boundaries thereby attempting to regulate all actions on the Internet that have any
impact on their own population.
b) Nations may enter into multi-lateral international agreements to establish new and uniform
rules specifically applicable to conduct on the Internet.
c) Creation of an entirely new international organisation, which can establish new rules and new
means of enforcing those rules.
d) Guidelines and rules may naturally emerge from individual decisions like domain name and
IP address registrations and by websites and users deciding about whom will they patronise
All of these approaches have their own merits and demerits and we shall not go into those
details here.
CYBER LAW LEGISLATION IN INDIA – IT ACT,2000
India does not have a dedicated cybersecurity law. The Information Technology Act 2000 (the IT Act) read
with the rules and regulations framed thereunder deal with cybersecurity and the cybercrimes associated
therewith.
The IT Act not only provides legal recognition and protection for transactions carried out through electronic
data interchange and other means of electronic communication, but it also contains provisions that are aimed at
safeguarding electronic data, information or records, and preventing unauthorized or unlawful use of a computer
system.
Some of the cybersecurity crimes that are specifically envisaged and punishable under the IT Act are hacking,
denial-of-service attacks, phishing, malware attacks, identity fraud and electronic theft.
In accordance with the Information Technology (The Indian Computer Emergency Response Team and Manner
of Performing Functions and Duties) Rules 2013 (the CERT Rules), the Computer Emergency Response Team
(CERT-In) has been established as the nodal agency responsible for the collection, analysis and dissemination
of information on cyber incidents and taking emergency measures to contain such incidents.
Other relevant rules framed under the IT Act in context of cybersecurity include:
• the Information Technology (Reasonable security practices and procedures and sensitive personal data
or information) Rules 2011 (the SPDI Rules), which prescribe reasonable security practices and
procedures to be implemented for collection and the processing of personal or sensitive personal data;
• the Information Technology (Information Security Practices and Procedures for Protected System) Rules
2018 (the Protected System Rules), which require specific information security measures to be
implemented by organisations that have protected systems, as defined under the IT Act. More
information on protected systems is provided in ‘Scope and jurisdiction’; and
• the Information Technology (Intermediaries Guidelines) Rules, 2011 (the Intermediaries Guidelines),
which require intermediaries to implement reasonable security practices and procedures for securing
their computer resources and information contained therein. The intermediaries are also required to
report cybersecurity incidents (including information relating to such incidents) to CERT-In.
Other laws that contain cybersecurity-related provisions include the Indian Penal Code 1860 (IPC), which
punishes offences, including those committed in cyberspace (such as defamation, cheating, criminal intimation
and obscenity), and the Companies (Management and Administration) Rules 2014 (the CAM Rules) framed
under the Companies Act 2013, which requires companies to ensure that electronic records and security systems
are secure from unauthorised access and tampering.
In addition to the above, there are sector-specific regulations issued by regulators such as the Reserve Bank of
India, the Insurance Regulatory and Development Authority of India Act 1999 (IRDA), the Department of
Telecommunication and the Securities Exchange Board of India, which mandate cybersecurity standards to be
maintained by their regulated entities, such as banks, insurance companies, telecoms service providers and
listed entities.
Under the IT Act, ‘cybersecurity’ means protecting information, equipment, devices, computers, computer
resources, communication devices and information stored therein from unauthorised access, use, disclosure,
disruption, modification or destruction. ‘Cybercrime’ on the other hand has been defined by the National Cyber
Crime Reporting Portal (a body set up by the government to facilitate reporting of cybercrime complaints) to
‘mean any unlawful act where a computer or communication device or computer network is used to commit or
facilitate the commission of crime’. The courts in India have also recognised cybercrime eg. the Gujarat High
Court in the case of Jaydeep Vrujlal Depani v State of Gujarat ordered, to mean ‘the offences that are
committed against individuals or groups of individuals with a criminal motive to intentionally
harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or
indirectly, using modern telecommunication networks such as Internet (networks including but not
limited to Chat rooms, emails, notice boards and groups) and mobile phones
(Bluetooth/SMS/MMS)’.
While the IT Act does not make any distinction between cybersecurity and data privacy, in our view, these
issues are distinct but also deeply interconnected as ensuring privacy of an individual's data requires adequate
cybersecurity processes to be implemented by organisations. Further, cybersecurity and information security
frameworks are developed by organisations at a broader level to build resilience against various forms of
cyberthreat, including cybercrimes that entail more extensive engagement with regulatory authorities depending
on the extent of harm caused, the nature of information handled by the body corporate, sector sensitivities, etc.

SCOPE AND APPLICABILITY OF IT ACT

The scope and applicability of ITA-2000 was increased by its amendment in 2008. The word 'communication
devices' inserted having an inclusive definition, taking into its coverage cell phones, personal digital assistance
or such other devices used to transmit any text, video etc like what was later being marketed as iPad or other
similar devices on Wi-fi and cellular models. Though ITA- 2000 defined 'digital signature', however said
definition was incapable to cater needs of hour and therefore the term 'Electronic signature' was introduced and
defined in the ITAA -2008 as a legally valid mode of executing signatures. This includes digital signatures as
one of the modes of signatures and is far broader in ambit covering biometrics and other new forms of creating
electronic signatures not confining the recognition to digital signature process alone.
The new amendment has replaced Section 43 with Section 66. The Word "hacking" used in Section 66 of earlier
Act has been removed and named as "data theft" in this section and has further been widened in the form of
Sections 66A to 66F. The section covers the offences such as the sending of offensive messages through
communication service, misleading the recipient of the origin of such messages, dishonestly receiving stolen
computers or other communication device, stealing electronic signature or identity such as using another
persons' password or electronic signature, cheating by personation through computer resource or a
communication device, publicly publishing the information about any person's location without prior
permission or consent, cyber terrorism, the acts of access to a commuter resource without authorization, such
acts which can lead to any injury to any person or result in damage or destruction of any property, while trying
to contaminate the computer through any virus like Trojan etc.
ACTS AMMENDED AFTER ENCATMENT OF IT ACT, 2000
The Indian Penal Code, 1860
The Indian Penal Code was amended by inserting the word 'electronic' thereby treating the electronic records
and documents on a par with physical records and documents. The Sections dealing with false entry in a record
or false document etc (e.g. 192, 204, 463, 464, 464, 468 to 470, 471, 474, 476 etc) have since been amended as
'electronic record and electronic document' thereby bringing within the ambit of IPC. Now, electronic record
and electronic documents has been treated just like physical records and documents during commission of acts
of forgery or falsification of physical records in a crime. After the above amendment, the investigating agencies
file the cases/ charge-sheet quoting the relevant sections from IPC under section 463,464, 468 and 469 read
with the ITA/ITAA under Sections 43 and 66 in like offences to ensure the evidence and/or punishment can be
covered and proved under either of these or under both legislation.
The Indian Evidence Act 1872
Prior to enactment of ITA, all evidences in a court were in the physical form only. After existence of ITA, the
electronic records and documents were recognized. The definition part of Indian Evidence Act was amended as
"all documents including electronic records" were substituted. Other words e.g. 'digital signature', 'electronic
form', 'secure electronic record' 'information' as used in the ITA, were also inserted to make them part of the
evidentiary importance under the Act. The important amendment was seen by recognition of admissibility of
electronic records as evidence as enshrined in Section 65B of the Act.
The Bankers' Books Evidence (BBE) Act 1891:
Before passing of ITA, a bank was supposed to produce the original ledger or other physical register or
document during evidence before a Court. After enactment of ITA, the definitions part of the BBE Act stood
amended as: "'bankers ' books' include ledgers, day-books, cashbooks, account-books and all other books used
in the ordinary business of a bank whether kept in the written form or as printouts of data stored in a floppy,
disc, tape or any other form of electro-magnetic data storage device". When the books consist of printouts of
data stored in a floppy, disc, tape etc, a printout of such entry ...certified in accordance with the provisions ....to
the effect that it is a printout of such entry or a copy of such printout by the principal accountant or branch
manager; and (b) a certificate by a person in-charge of computer system containing a brief description of the
computer system and the particulars of the safeguards adopted by the system to ensure that data is entered or
any other operation performed only by authorized persons; the safeguards adopted to prevent and detect
unauthorized change of data ...to retrieve data that is lost due to systemic failure or ....
.
ITA and ITAA is though landmark first step and became mile-stone in the technological growth of the nation;
however the existing law is not sufficed. Many issues in Cyber crime and many crimes are still left uncovered.
 CYBER CRIME & IPC
Parallel Provisions in the IPC and IT Act
Many of the cyber-crimes penalised by the IPC and the IT Act have the same ingredients and even
nomenclature. Here are a few examples:
Hacking and Data Theft: Sections 43 and 66 of the IT Act penalise a number of activities ranging from
hacking into a computer network, data theft, introducing and spreading viruses through computer networks,
damaging computers or computer networks or computer programmes, disrupting any computer or computer
system or computer network, denying an authorised person access to a computer or computer network,
damaging or destroying information residing in a computer etc. The maximum punishment for the above
offences is imprisonment of up to three years or a fine or Rupees five lac or both.Section 378 of the IPC relating
to "theft" of movable property will apply to the theft of any data, online or otherwise, since section 22 of the
IPC states that the words "movable property" are intended to include corporeal property of every description,
except land and things attached to the earth or permanently fastened to anything which is attached to the earth.
The maximum punishment for theft under section 378 of the IPC is imprisonment of up to 3 (three) years or a
fine or both.It may be argued that the word "corporeal" which means 'physical' or 'material' would exclude
digital properties from the ambit of the aforesaid section 378 of the IPC. The counter argument would be that
the drafters intended to cover properties of every description, except land and things attached to the earth or
permanently fastened to anything which is attached to the earth.Section 424 of the IPC states that "whoever
dishonestly or fraudulently conceals or removes any property of himself or any other person, or dishonestly or
fraudulently assists in the concealment or removal thereof, or dishonestly releases any demand or claim to
which he is entitled, shall be punished with imprisonment of either description1 for a term which may extend to
2 (two) years, or with fine, or with both." This aforementioned section will also apply to data theft. The
maximum punishment under section 424 is imprisonment of up to 2 (two) years or a fine or both.Section 425 of
the IPC deals with mischief and states that "whoever with intent to cause, or knowing that he is likely to cause,
wrongful loss or damage to the public or to any person, causes the destruction of any property, or any such
change in any property or in the situation thereof as destroys or diminishes its value or utility, or affects it
injuriously, commits mischief". Needless to say, damaging computer systems and even denying access to a
computer system will fall within the aforesaid section 425 of the IPC. The maximum punishment for mischief
as per section 426 of the IPC is imprisonment of up to 3 (three) months or a fine or both.
Receipt of stolen property: Section 66B of the IT Act prescribes punishment for dishonestly receiving any
stolen computer resource or communication device. This section requires that the person receiving the stolen
property ought to have done so dishonestly or should have reason to believe that it was stolen property. The
punishment for this offence under Section 66B of the IT Act is imprisonment of up to 3 (three) years or a fine of
up to Rs. 1,00,000 (Rupees one lac) or both.Section 411 of the IPC too prescribes punishment for dishonestly
receiving stolen property and is worded in a manner that is almost identical to section 66B of the IT Act. The
punishment under section 411 of the IPC is imprisonment of either description for a term of up to 3 (three)
years, or with fine, or with both. Please note that the only difference in the prescribed punishments is that under
the IPC, there is no maximum cap on the fine.
Identity theft and cheating by personation: Section 66C of the IT Act prescribes punishment for identity theft
and provides that anyone who fraudulently or dishonestly makes use of the electronic signature, password or
any other unique identification feature of any other person shall be punished with imprisonment of either
description for a term which may extend to 3 (three) years and shall also be liable to fine which may extend to
Rs. 1,00,000.Section 66D of the IT Act prescribes punishment for 'cheating by personation by using computer
resource' and provides that any person who by means of any communication device or computer resource cheats
by personation, shall be punished with imprisonment of either description for a term which may extend to 3
(three) years and shall also be liable to fine which may extend to Rs. 1,00,000 .Section 419 of the IPC also
prescribes punishment for 'cheating by personation' and provides that any person who cheats by personation
shall be punished with imprisonment of either description for a term which may extend to 3 (three) years or
with a fine or with both. A person is said to be guilty of 'cheating by personation' if such person cheats by
pretending to be some other person, or by knowingly substituting one person for another, or representing that he
or any other person is a person other than he or such other person really is.The provisions of sections 463, 465
and 468 of the IPC dealing with forgery and "forgery for the purpose of cheating", may also be applicable in a
case of identity theft. Section 468 of the IPC prescribes punishment for forgery for the purpose of cheating and
provides a punishment of imprisonment of either description for a term which may extend to 7 years and also a
fine. Forgery has been defined in section 463 of the IPC to mean the making of a false document or part thereof
with the intent to cause damage or injury, to the public or to any person, or to support any claim or title, or to
cause any person to part with property, or to enter into any express or implied contract, or with intent to commit
fraud or that fraud may be committed.In this context, reference may also be made to section 420 of the IPC that
provides that any person who cheats and thereby dishonestly induces the person deceived to deliver any
property to any person, or to make, alter or destroy the whole or any part of a valuable security, or anything
which is signed or sealed, and which is capable of being converted into a valuable security shall be punished
with imprisonment of either description for a term which may extend to 7 (seven) years, and shall also be liable
to fine.The only difference between the punishments prescribed under sections 66C and 66D of the IT Act and
section 419 of the IPC is that there is no maximum cap on the fine prescribed under the IPC. However, the
punishment under section 468 is much higher in that the imprisonment mat extend to 7 (seven) years. Further,
whilst the IT Act contemplates both the imposition of a fine and imprisonment, the IPC uses the word 'or'
indicating that the offence could be punished with imprisonment or by imposing a fine. Most importantly, the
fundamental distinction between the IPC and the IT Act in relation to the offence of identity theft is that the
latter requires the offence to be committed with the help of a computer resource.
Obscenity: Sections 67, 67A and 67B of the IT Act prescribe punishment for publishing or transmitting, in
electronic form: (i) obscene material; (ii) material containing sexually explicit act, etc.; and (iii) material
depicting children in sexually explicit act, etc. respectively. The punishment prescribed for an offence under
section 67 of the IT Act is, on the first conviction, imprisonment of either description for a term which may
extend to 3 (three) years, to be accompanied by a fine which may extend to Rs. 5,00,000 (Rupees five lac), and
in the event of a second or subsequent conviction, imprisonment of either description for a term which may
extend to 5 (five) years, to be accompanied by a fine which may extend to Rs. 10,00,000 (Rupees ten lac). The
punishment prescribed for offences under sections 67A and 67B of the IT Act is on first conviction,
imprisonment of either description for a term which may extend to 5 (five) years, to be accompanied by a fine
which may extend to Rs. 10,00,000 (Rupees ten lac) and in the event of second or subsequent conviction,
imprisonment of either description for a term which may extend to 7 (seven) years and also with fine which
may extend to Rs. 10,00,000 The provisions of sections 292 and 294 of the IPC would also be applicable for
offences of the nature described under sections 67, 67A and 67B of the IT Act. Section 292 of the IPC provides
that any person who, inter alia, sells, distributes, publicly exhibits or in any manner puts into circulation or has
in his possession any obscene book, pamphlet, paper, drawing, painting, representation or figure or any other
obscene object whatsoever shall be punishable on a first conviction with imprisonment of either description for
a term which may extend to 2 (two) years, and with fine which may extend to Rs. 2,000 (Rupees two thousand)
and, in the event of a second or subsequent conviction, with imprisonment of either description for a term which
may extend to 5 (five) years, to be accompanied by a fine which may extend to Rs. 5,000 (Rupees five
thousand).Section 294 of the IPC provides that any person who, to the annoyance of others, does any obscene
act in any public place, or sings, recites or utters any obscene song, ballad or words, in or near any public place,
shall be punished with imprisonment of either description for a term which may extend to 3 (three) months, or
with fine, or with both.

Cyber-crimes not provided for in the IPC

The following cyber-crimes penalised by the IT Act do not have an equivalent in the IPC.
Section 43(h) of the IT Act: Section 43(h) read with section 66 of the IT Act penalises an individual who
charges the services availed of by a person to the account of another person by tampering with or manipulating
any computer, computer system, or computer network. A person who tampers with the computer system of an
electricity supplier and causes his neighbour to pay for his electricity consumption would fall under the
aforesaid section 43(h) of the IT Act for which there is no equivalent provision in the IPC.
Section 65 of the IT Act: Section 65 of the IT Act prescribes punishment for tampering with computer source
documents and provides that any person who knowingly or intentionally conceals, destroys or alters or
intentionally or knowingly causes another to conceal, destroy, or alter any computer source code (i.e. a listing of
programmes, computer commands, design and layout and programme analysis of computer resource in any
form) used for a computer, computer programme, computer system or computer network, when the computer
source code is required to be kept or maintained by law for the time being in force, shall be punishable with
imprisonment for up to 3 (three) years or with a fine which may extend to Rs. 3,00,000 (Rupees lac) or with
both.
To a certain extent, section 409 of the IPC overlaps with section 65 of the IT Act. Section 409 of the IPC
provides that any person who is in any manner entrusted with property, or with any dominion over property in
his capacity as a public servant or in the way of his business as a banker, merchant, factor, broker, attorney or
agent, commits criminal breach of trust in respect of that property, shall be punished with imprisonment for life
or with imprisonment of either description for a term which may extend to 10 (ten) years, and shall also be
liable to a fine. However, section 65 of the IT Act does not require that the person who tampers with or
damages or destroys computer source documents should have been entrusted with such source code. Under
section 409 of the IPC, criminal breach of trust should have been committed by someone to whom the property
was entrusted.
Violation of privacy: Section 66E of the IT Act prescribes punishment for violation of privacy and provides that
any person who intentionally or knowingly captures, publishes or transmits the image of a private area of any
person without his or her consent, under circumstances violating the privacy of that person, shall be punished
with imprisonment which may extend to 3 (three) years or with fine not exceeding Rs. 2,00,000 (Rupees two
lac) or with both.
There is no provision in the IPC that mirrors Section 66E of the IT Act, though sections 292 and 509 of the IPC
do cover this offence partially.
Section 292 of the IPC has been discussed above. Section 509 of the IPC provides that if any person intending
to insult the modesty of any woman, utters any word, makes any sound or gesture, or exhibits any object,
intending that such word or sound shall be heard, or that such gesture or object shall be seen, by such woman, or
intrudes upon the privacy of such woman, such person shall be punished with simple imprisonment for a term
which may extend to 1 (one) year, or with fine, or with both. Unlike section 66E of the IT Act which applies to
victims of both genders, section 509 of the IPC applies only if the victim is a woman.
Section 67C of the IT Act: Section 67C of the IT Act requires an 'intermediary' to preserve and retain such
information as may be specified for such duration and in such manner and format as the Central Government
may prescribe. The section further provides that any intermediary who intentionally or knowingly contravenes
this requirement shall be punished with imprisonment for a term which may extend to 3 (three) years and also
be liable to a fine. An 'intermediary' with respect to any particular electronic record, has been defined in the IT
Act to mean any person who on behalf of another person receives, stores or transmits that record or provides
any service with respect to that record and includes telecom service providers, network service providers,
internet service providers, web-hosting service providers, search engines, online payment sites, online-auction
sites, online-market places and cyber cafes. There is no corresponding provision in the IPC.
Cyber terrorism: Section 66F of the IT Act prescribes punishment for cyber terrorism. Whoever, with intent to
threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the
people, denies or causes the denial of access to any person authorized to access a computer resource, or attempts
to penetrate or access a computer resource without authorisation or exceeding authorised access, or introduces
or causes the introduction of any computer contaminant, and by means of such conduct causes or is likely to
cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely
to cause damage or disruption of supplies or services essential to the life of the community or adversely affect
critical information infrastructure, is guilty of 'cyber terrorism'.
Conflict between the IPC and the IT Act: Case Law
In the case of Sharat Babu Digumarti v. Government of NCT of Delhi, the conflict between provisions of the
IPC and the IT Act came to the fore. In this case, on November 27, 2004, an obscene video had been listed for
sale on baazee.com ("Bazee"). The listing was intentionally made under the category 'Books and Magazines'
and sub-category 'ebooks' in order to avoid its detection by the filters installed by Baazee. A few copies were
sold before the listing was deactivated. Later Delhi police's crime branch charge-sheeted Avinash Bajaj, Bazee's
managing director and Sharat Digumarti, Bazee's manager. The company Bazee was not arraigned as an
accused and this helped Avinash Bajaj get off the hook since it was held that, vicarious liability could not be
fastened on Avinash Bajaj under either section 292 of the IPC or section 67 of the IT Act when Avinash's
employer Bazee itself was not an accused. Later changes under section 67 of the IT Act and section 294 of IPC
against Sharat Digumarti were also dropped, but the charges under section 292 of the IPC were retained. The
Supreme Court then considered if, after the charges under section 67 of the IT Act was dropped, a charge under
section 292 of the IPC could be sustained. The Supreme Court quashed the proceedings against Sarat Digumarti
and ruled that if an offence involves an electronic record, the IT Act alone would apply since such was the
legislative intent. It is a settled principle of interpretation that special laws would prevail over general laws and
latter laws would prevail over prior legislation. Further, section 81 of the IT Act states that the provisions of the
IT Act shall have effect notwithstanding anything inconsistent therewith contained in any other law for the time
being in force.
In the case of Gagan Harsh Sharma v. The State of Maharashtra, certain individuals were accused of theft of
data and software from their employer and charged under sections 408 and 420 of the IPC and also under
sections 43, 65 and 66 of the IT Act. All of these sections, other than section 408 of the IPC, have been
discussed above. Section 408 of the IPC deals with criminal breach of trust by clerk or servant and states that
"whoever, being a clerk or servant or employed as a clerk or servant, and being in any manner entrusted in
such capacity with property, or with any dominion over property, commits criminal breach of trust in respect of
that property, shall be punished with imprisonment of either description for a term which may extend to seven
years, and shall also be liable to fine".
Offences under sections 408 and 420 of the IPC are non-bailable and cannot be compounded other than with the
permission of the court. Offences under sections 43, 65 and 66 of the IT Act are bailable and compoundable.
Therefore, the petitioners pleaded that the charges against them under the IPC be dropped and the charges
against them under the IT Act be investigated and pursued. It was further argued that if the Supreme Court's
ruling in Sharat Babu Digumarti were to be followed, the petitioners could only be charged under the IT Act
and not under the IPC, for offences arising out of the same actions.
The Bombay High Court upheld the contentions of the petitioners and ruled that the charges against them under
the IPC be dropped.
Even though the IT Act penalised cyber-crimes with a broad brush through sections 43, 66 and 67, it was only
in 2008 that the IT Act was amended12 and provisions were made for specific cyber-crimes such as sending
offensive messages through communication servers, dishonestly receiving a stolen computer resource or
communication device, identity theft, violation of privacy, cyber terrorism etc. through sections 66A to 66F and
sections 67A to 67C. These amendments stick out like an unwieldy appendage.
 DIGITAL EVIDENCE – CYBER CRIME & IEA
The proliferation of computers and the influence of information technology on society as whole, coupled with
the ability to store and amass information in digital form have all necessitated amendments in Indian law, to
incorporate the provisions on the appreciation of digital evidence. The Information Technology Act, 2000 and
its amendment is based on the United Nations Commission on International Trade Law model Law on
Electronic Commerce. The Information Technology (IT) Act 2000, was amended to allow for the admissibility
of digital evidence. An amendment to the Indian Evidence Act 1872, the Indian Penal Code 1860 and the
Banker's Book Evidence Act 1891 provides the legislative framework for transactions in electronic world.

Digital evidence or electronic evidence is any probative information stored or transmitted in digital form
that a party to a court case may use at trial. Before accepting digital evidence it is vital that the determination of
its relevance, veracity and authenticity be ascertained by the court and to establish if the fact is hearsay or a
copy is preferred to the original. Digital Evidence is “information of probative value that is stored or transmitted
in binary form”. Evidence is not only limited to that found on computers but may also extend to include
evidence on digital devices such as telecommunication or electronic multimedia devices. The e-EVIDENCE can
be found in e-mails, digital photographs, ATM transaction logs, word processing, documents, instant message
histories, files saved from accounting programs, spreadsheets, internet browser histories databases, Contents of
computer memory, Computer backups, Computer printouts, Global Positioning System tracks, Logs from a
hotel’s electronic door locks, Digital video or audio files. Digital Evidence tends to be more voluminous, more
difficult to destroy, easily modified, easily duplicated, potentially more expressive and more readily available.
Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital
storage mediums. Computer forensics is also known as digital forensics. The goal of computer forensics is to
explain the current state of a digital artifact. The term digital artifact can include: A computer system storage
medium (hard disk or CD-ROM) an electronic document (e.g. an email message or JPEG image) or even a
sequence of packets moving over a computer network.
The definition of 'evidence' has been amended to include electronic records. The definition of 'documentary
evidence' has been amended to include all documents, including electronic records produced for inspection by
the court. Section 3 of the Evidence Act, 1872 defines evidence as under: "Evidence" - Evidence means and
includes:-
1) all statements which the court permits or requires to be made before it by witnesses, in relation to matters of
fact under inquiry; such statements are called oral evidence;
2) all documents including electronic records produced for the inspection of the court. Such documents are
called documentary evidence.
The term 'electronic records' has been given the same meaning as that assigned to it under the IT Act. IT Act
provides for "data, record or data generated, image or sound stored, received or sent in an electronic form or
microfilm or computer-generated microfiche". The definition of 'admission' (Section 17 of the Evidence Act)
has been changed to include a statement in oral, documentary or electronic form which suggests an inference to
any fact at issue or of relevance. New Section 22-A has been inserted into Evidence Act, to provide for the
relevancy of oral evidence regarding the contents of electronic records. It provides that oral admissions
regarding the contents of electronic records are not relevant unless the genuineness of the electronic records
produced is in question. The definition of 'evidence' has been amended to include electronic records. The
definition of 'documentary evidence' has been amended to include all documents, including electronic records
produced for inspection by the court. New sections 65-A and 65-B are introduced to the Evidence Act, under
the Second Schedule to the IT Act.
Section 65-A provides that the contents of electronic records may be proved in accordance with the provisions
of Section 65-B. Section 65-B provides that notwithstanding anything contained in the Evidence Act, any
information contained in an electronic, is deemed to be a document and is admissible in evidence without
further proof of the original's production, provided that the conditions set out in Section 65-B are satisfied. The
conditions specified in Section 65-B (2) are:
• Firstly, the computer output containing the information should have been produced by the computer
during the period over which the computer was used regularly to store or process information for the
purpose of any activities regularly carried on over that period by the person having lawful control over
the use of the computer.
• The second requirement is that it must be shown that during the said period the information of the kind
contained in electronic record or of the kind from which the information contained is derived was
regularly fed into the computer in the ordinary course of the said activity'.
• A third requirement is that during the material part of the said period, the computer was operating
properly and that even if it was not operating properly for some time that break did not affect either the
record or the accuracy of its contents.
• The fourth requirement is that the information contained in the record should be a reproduction or
derived from the information fed into the computer in the ordinary course of the said activity.
Under Section 65-B(4) the certificate which identifies the electronic record containing the statement and
describes the manner in which it was produced giving the particulars of the device involved in the production of
that record and deals with the conditions mentioned in Section 65-B(2) and is signed by a person occupying a
responsible official position in relation to the operation of the relevant device 'shall be evidence of any matter
stated in the certificate’.
Section 65-B(1) states that if any information contained in an electronic record produced from a computer
(known as computer output) has been copied on to a optical or magnetic media, then such electronic record that
has been copied 'shall be deemed to be also a document' subject to conditions set out in Section 65-B(2) being
satisfied. Both in relation to the information as well as the computer in question such document 'shall be
admissible in any proceedings when further proof or production of the original as evidence of any contents of
the original or of any fact stated therein of which direct evidence would be admissible.'
ELECTRONIC EVIDENCE -CASE LAW'S
1. Amitabh Bagchi Vs. ENA BAGCHI [Sections 65-A and 65-B of Evidence Act, 1872 were analyzed.]
The court held that the physical presence of person in Court may not be required for purpose of
adducing evidence and the same can be done through medium like video conferencing. Sections 65-A
and 65-B provide provisions for evidences relating to electronic records and admissibility of electronic
records, and that definition of electronic records includes video conferencing.

2. STATE OF MAHARASHTRA vs. DR PRAFUL B DESAI [The question involved whether a witness
can be examined by means of a video conference.] The Supreme Court observed that video conferencing
is an advancement of science and technology which permits seeing, hearing and talking with someone
who is not physically present with the same facility and ease as if they were physically present. The
legal requirement for the presence of the witness does not mean actual physical presence. The court
allowed the examination of a witness through video conferencing and concluded that there is no reason
why the examination of a witness by video conferencing should not be an essential part of electronic
evidence.

3. BODALA MURALI KRISHNA VS. SMT. BODALA PRATHIMA The court held that, “the
amendments carried to the Evidence Act by introduction of Sections 65-A and 65-B are in relation to the
electronic record. Sections 67-A and 73-A were introduced as regards proof and verification of digital
signatures. As regards presumption to be drawn about such records, Sections 85-A, 85-B, 85-C, 88-A
and 90-A were added. These provisions are referred only to demonstrate that the emphasis, at present, is
to recognize the electronic records and digital signatures, as admissible pieces of evidence.”

4. DHARAMBIR Vs. CENTRAL BUREAU OF INVESTIGATION The court arrived at the conclusion
that when Section 65-B talks of an electronic record produced by a computer referred to as the computer
output) it would also include a hard disc in which information was stored or was earlier stored or
continues to be stored. It distinguished as there being two levels of an electronic record. One is the hard
disc which once used itself becomes an electronic record in relation to the information regarding the
changes the hard disc has been subject to and which information is retrievable from the hard disc by
using a software program. The other level of electronic record is the active accessible information
recorded in the hard disc in the form of a text file, or sound file or a video file etc. Such information that
is accessible can be converted or copied as such to another magnetic or electronic device like a CD, pen
drive etc. Even a blank hard disc which contains no information but was once used for recording
information can also be copied by producing a cloned had or a mirror image.
 5. STATE (NCT OF DELHI) Vs. NAVJOT SANDHU There was an appeal against conviction following
the attack on Parliament on December 13 2001. This case dealt with the proof and admissibility of
mobile telephone call records. While considering the appeal against the accused for attacking
Parliament, a submission was made on behalf of the accused that no reliance could be placed on the
mobile telephone call records, because the prosecution had failed to produce the relevant certificate
under Section 65-B(4) of the Evidence Act. The Supreme Court concluded that a cross-examination of
the competent witness acquainted with the functioning of the computer during the relevant time and the
manner in which the printouts of the call records were taken was sufficient to prove the call records.

6. TWENTIETH CENTURY FOX FILM CORPORATION Vs. NRI FILM PRODUCTION

ASSOCIATES (P) LTD. In this case certain conditions have been laid down for video-recording of
evidence:
• Before a witness is examined in terms of the Audio-Video Link, witness is to file an affidavit or an
undertaking duly verified before a notary or a Judge that the person who is shown as the witness is the
same person as who is going to depose on the screen. A copy is to be made available to the other side.
(Identification Affidavit).
• The person who examines the witness on the screen is also to file an affidavit/undertaking before
examining the witness with a copy to the other side with regard to identification.
• The witness has to be examined during working hours of Indian Courts. Oath is to be administered
through the media.
• The witness should not plead any inconvenience on account of time different between India and USA.
• Before examination of the witness, a set of plaint, written statement and other documents must be sent to
the witness so that the witness has acquaintance with the documents and an acknowledgement is to be
filed before the Court in this regard.
• Learned Judge is to record such remarks as is material regarding the demur of the witness while on the
screen.
• Learned Judge must note the objections raised during recording of witness and to decide the same at the
time of arguments.
• After recording the evidence, the same is to be sent to the witness and his signature is to be obtained in
the presence of a Notary Public and thereafter it forms part of the record of the suit proceedings.
• The visual is to be recorded and the record would be at both ends. The witness also is to be alone at the
time of visual conference and notary is to certificate to this effect.
• The learned Judge may also impose such other conditions as are necessary in a given set of facts.
• The expenses and the arrangements are to be borne by the applicant who wants this facility. 8 The recent
judgment of
In the Judgment, the Hon’ble Supreme Court has held that Section 65B of the Evidence Act being a ‘not
obstante clause’ would override the general law on secondary evidence under Section 63 and 65 of the Evidence
Act. The section 63 and section 65 of the Evidence Act have no application to the secondary evidence of the
electronic evidence and same shall be wholly governed by the Section 65A and 65B of the Evidence Act.
The only alternative to prove the electronic record/evidence is by producing the original electronic media as
Primary Evidence to the court or it’s copy by way secondary evidence u/s 65A/65B of Evidence Act. Thus, in
the case of CD, VCD, chip, etc., the same shall be accompanied by the certificate in terms of Section 65B
obtained at the time of taking the document, without which, the secondary evidence pertaining to that electronic
record, is inadmissible. In the present case, the court observed that:
“The appellant admittedly has not produced any certificate in terms of Section 65B in respect of the CDs,
Exhibits-P4, P8, P9, P10, P12, P13, P15, P20 and P22. Therefore, the same cannot be admitted in evidence.
Thus, the whole case set up regarding the corrupt practice using songs, announcements and speeches fall to the
ground.”

This judgment will have severe implications in all the cases where the prosecution relies heavily on the
electronic data specially those cases where the audio-video recordings are produced in the form of CD/DVD
before the court. The anticorruption cases are generally based on a lot of electronic / digital evidence and the
CD/DVD forwarded to the courts are without a certificate and shall therefore not be admissible as evidence u/s
65B Evidence Act, which makes it mandatory to produce a certificate u/s 65 B(4). The failure to provide the
certificate u/s 65 B(4). further occludes the judicial process as the expert view in that matter cannot be availed
of till the preceding condition is fulfilled. It has been specified in the judgment that Genuineness, Veracity or
Reliability of the evidence is looked into by the court subsequently only after the relevance and admissibility is
fulfilled. The requirement to ensure the source and authenticity, pertaining to electronic records is because it is
more vulnerable to tampering, alteration, transposition, excision, etc. without such safeguards, the whole trial
based on proof of electronic records can lead to mockery of justice.
The original recording in Digital Voice Recorders/mobile phones need to be preserved as they may get
destroyed, in such a case the issuance of certificate under section 65B(4) of the Evidence Act cannot be given.
Therefore such CD/DVD is inadmissible and cannot be exhibited as evidence, the oral testimony or expert
opinion is also barred and the recording/data in the CD/DVD’s do not serve any purpose for the conviction.
The progression of the Indian evidence law is apparent as it has withstood the pressures and challenges of
technology and the cyber world. The appropriate amendments in Evidence Law, incorporated by our judiciary
show pro-activism. In my opinion the law enforcement agencies and investigating officers have to update
themselves about the authentication process prescribed by the court regarding the admissibility of
electronic/digital evidences so that impediments in trial procedures can be successfully overcome. Proper
training of law enforcement agencies in handling cyber related evidence and correct application of procedure
and sections of Evidence Law while presenting such evidence in court is the primary need of recent times.
Common man in the role of a complainant should be now aware that while submitting evidence to police or
courts, he should submit it with a certificate under section 65B(4) of The Indian Evidence Act so the court takes
cognizance and reads it as a primary evidence.
BIBLIOGRAPHY
1. Computer Law: Drafting and Negotiating Forms and Agreements, by Richard Raysman and Peter
Brown. Law Journal Press
2. Cyber Law: A Legal Arsenal For Online Business", New York: World Audience, Inc.
3. Emerging Technologies and the Law: Forms and Analysis, by Richard Raysman, Peter Brown, Jeffrey
D. Neuburger and William E. Bandon, III.
4. Zittrain, Jonathan (2003). "Be Careful What You Ask For: Reconciling a Global Internet and Local
Law".
5. Gibson, Owen (March 23, 2006). "Warning to chatroom users after libel award for man labelled a
Nazi".
6. The Guardian. http://www.guardian.co.uk/law/
7. Myers KS (Fall 2006). : Fitting the Communications Decency Act to Wikipedia.
8. http://www.cyberlawsindia.net/
9. Law and Borders - The Rise of Law in Cyberspace
10. Zittrain, Jonathan (2003). "Be Careful What You Ask For: Reconciling a Global Internet and Local
Law".
11. Gibson, Owen (March 23, 2006). "Warning to chatroom users after libel award for man labelled a
Nazi". The Guardian.
12. Myers KS (Fall 2006). "Wikimmunity: Fitting the Communications Decency Act to Wikipedia".
Harvard Journal of Law & Technology

13. Electronic Evidence/ Digital Evidence & Cyber Law in India (Blogpost)