MCOM Sem II- Advance Accountancy

Roll No: 54
Last Name: Kamath
Topic: 1. Cyber Laws in India

Cyber Laws in India

Cyberspace
Cyberspace can be defined as an intricate environment that involves
interactions between people, software, and services. It is maintained by the
worldwide distribution of information and communication technology devices and
networks.
With the benefits carried by the technological advancements, the cyberspace today
has become a common pool used by citizens, businesses, critical information
infrastructure, military and governments in a fashion that makes it hard to induce
clear boundaries among these different groups. The cyberspace is anticipated to
become even more complex in the upcoming years, with the increase in networks
and devices connected to it.

Cybersecurity
Cybersecurity denotes the technologies and procedures intended to safeguard
computers, networks, and data from unlawful admittance, weaknesses, and attacks
transported through the Internet by cyber delinquents.
ISO 27001 (ISO27001) is the international Cybersecurity Standard that delivers a
model for creating, applying, functioning, monitoring, reviewing, preserving, and
improving an Information Security Management System.
The Ministry of Communication and Information Technology under the
government of India provides a strategy outline called the National Cybersecurity
Policy.
The purpose of this government body is to protect the public and private
infrastructure from cyber-attacks.

Cybersecurity Policy
The cybersecurity policy is a developing mission that caters to the entire field of
Information and Communication Technology (ICT) users and providers. It
includes
 Home users
 Small, medium, and large Enterprises
 Government and non-government entities
It serves as an authority framework that defines and guides the activities associated
with the security of cyberspace. It allows all sectors and organizations in designing
suitable cybersecurity policies to meet their requirements. The policy provides an
outline to effectively protect information, information systems and networks.
It gives an understanding into the Government’s approach and strategy for security
of cyber space in the country. It also sketches some pointers to allow collaborative
working across the public and private sectors to safeguard information and
information systems. Therefore, the aim of this policy is to create a cybersecurity
framework, which leads to detailed actions and programs to increase the security
carriage of cyberspace.

Cyber Crime
The Information Technology Act 2000 or any legislation in the Country does not
describe or mention the term Cyber Crime. It can be globally considered as the
gloomier face of technology. The only difference between a traditional crime and a
cyber-crime is that the cyber-crime involves in a crime related to computers.
Traditional Theft : A thief breaks into Ram’s house and steals an object kept in the
house.
Hacking : A Cyber Criminal/Hacker sitting in his own house, through his
computer, hacks the computer of Ram and steals the data saved in Ram’s computer
without physically touching the computer or entering in Ram’s house.
The I.T. Act, 2000 defines the terms
 access in computer network in section 2(a)
 computer in section 2(i)
 computer network in section (2j)
 data in section 2(0)
 information in section 2(v).

Nature of Threat
Among the most serious challenges of the 21st century are the prevailing and
possible threats in the sphere of cybersecurity. Threats originate from all kinds of
sources, and mark themselves in disruptive activities that target individuals,
businesses, national infrastructures, and governments alike. The effects of these
threats transmit significant risk for the following −

 public safety
 security of nations
 stability of the globally linked international community
Malicious use of information technology can easily be concealed. It is difficult to
determine the origin or the identity of the criminal. Even the motivation for the
disruption is not an easy task to find out. Criminals of these activities can only be
worked out from the target, the effect, or other circumstantial evidence. Threat
actors can operate with considerable freedom from virtually anywhere.
Criminals, terrorists, and sometimes the State themselves act as the source of these
threats. Criminals and hackers use different kinds of malicious tools and
approaches. With the criminal activities taking new shapes every day, the
possibility for harmful actions propagates.

Enabling People
The lack of information security awareness among users, who could be a simple
school going kid, a system administrator, a developer, or even a CEO of a
company, leads to a variety of cyber vulnerabilities. The awareness policy
classifies the following actions and initiatives for the purpose of user awareness,
education, and training
 A complete awareness program to be promoted on a national level.
 A comprehensive training program that can cater to the needs of the national
information security (Programs on IT security in schools, colleges, and
universities).
 Enhance the effectiveness of the prevailing information security training
programs. Plan domain-specific training programs (e.g., Law Enforcement,
Judiciary, E-Governance, etc.)
 Endorse private-sector support for professional information security
certifications.

Information Technology Act

The Government of India enacted The Information Technology Act with some
major objectives which are as follows:
 To deliver lawful recognition for transactions through electronic data
interchange (EDI) and other means of electronic communication, commonly
referred to as electronic commerce or E-Commerce. The aim was to use
replacements of paper-based methods of communication and storage of
information.
 To facilitate electronic filing of documents with the Government agencies
and further to amend the Indian Penal Code, the Indian Evidence Act, 1872,
the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act,
1934 and for matters connected therewith or incidental thereto.
The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000.
The I. T. Act got the President’s assent on June 9, 2000 and it was made effective
from October 17, 2000. By adopting this Cyber Legislation, India became the 12th
nation in the world to adopt a Cyber Law regime.
Salient Features of I.T Act
The salient features of the I.T Act are as follows:
  Digital signature has been replaced with electronic signature to make it a
more technology neutral act.
 It elaborates on offenses, penalties, and breaches.
 It outlines the Justice Dispensation Systems for cyber-crimes.
 It defines in a new section that cyber café is any facility from where the
access to the internet is offered by any person in the ordinary course of
business to the members of the public.
 It provides for the constitution of the Cyber Regulations Advisory
Committee.
 It is based on The Indian Penal Code, 1860, The Indian Evidence Act, 1872,
The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act,
1934, etc.
 It adds a provision to Section 81, which states that the provisions of the Act
shall have overriding effect. The provision states that nothing contained in
the Act shall restrict any person from exercising any right conferred under
the Copyright Act, 1957.

Scheme of I.T Act

The following points define the scheme of the I.T. Act-
The I.T. Act contains 13 chapters and 90 sections.
 The last four sections namely sections 91 to 94 in the I.T. Act 2000 deals
with the amendments to the Indian Penal Code 1860, The Indian
Evidence Act 1872, The Bankers’ Books Evidence Act 1891 and the
Reserve Bank of India Act 1934 were deleted.
 It commences with Preliminary aspect in Chapter 1, which deals with the
short, title, extent, commencement and application of the Act in Section
1. Section 2 provides Definition.
 Chapter 2 deals with the authentication of electronic records, digital
signatures, electronic signatures, etc.
 Chapter 11 deals with offences and penalties. A series of offences have
been provided along with punishment in this part of The Act.
 Thereafter the provisions about due diligence, role of intermediaries and
some miscellaneous provisions are been stated.
  The Act is embedded with two schedules. The First Schedule deals with
Documents or Transactions to which the Act shall not apply. The Second
Schedule deals with electronic signature or electronic authentication
technique and procedure. The Third and Fourth Schedule are omitted.

Application of the I.T Act

As per the sub clause (4) of Section 1, nothing in this Act shall apply to documents
or transactions specified in First Schedule. Following are the documents or
transactions to which the Act shall not apply −
 Negotiable Instrument (Other than a cheque) as defined in section 13 of the
Negotiable Instruments Act, 1881;
 A power-of-attorney as defined in section 1A of the Powers-of-Attorney
Act, 1882;
 A trust as defined in section 3 of the Indian Trusts Act, 1882;
 A will as defined in clause (h) of section 2 of the Indian Succession Act,
1925 including any other testamentary disposition;
 Any contract for the sale or conveyance of immovable property or any
interest in such property;
 Any such class of documents or transactions as may be notified by the
Central Government.

Amendments Brought in the I.T Act

The I.T. Act has brought amendment in four statutes vide section 91-94. These
changes have been provided in schedule 1-4
 The first schedule contains the amendments in the Penal Code. It has
widened the scope of the term "document" to bring within its ambit
electronic documents.
 The second schedule deals with amendments to the India Evidence Act. It
pertains to the inclusion of electronic document in the definition of evidence.
 The third schedule amends the Banker's Books Evidence Act. This
amendment brings about change in the definition of "Banker's-book". It
includes printouts of data stored in a floppy, disc, tape or any other form of
 electromagnetic data storage device. Similar change has been brought about
in the expression "Certified-copy" to include such printouts within its
purview.
 The fourth schedule amends the Reserve Bank of India Act. It pertains to the
regulation of fund transfer through electronic means between the banks or
between the banks and other financial institution
DIGITAL SIGNATURE

A digital signature is an electronic scheme for demonstrating the authenticity

of a digital message or document. A valid digital signature gives recipient a
reason to believe that the message was created by a known sender and that it
was not altered in transit. Digital signatures are commonly used for software
distribution, financial transactions, and in other cases where it is important
to detect imitation or tampering.
Authentication of Digital Signature
A digital signature shall
• Be created and verified by cryptography that concerns itself with
transforming electronic records.
• use ―Public Key Cryptograph which employs an algorithm using
two different mathematical keys one for creating a digital signature or
transforming it and another key for verifying the signature or
returning the electronic record to original form. Hash function shall be
used to create this signature. Software utilizing such keys are termed
as―asymmetric cryptography Rule 3 of IT Rules, 2000].

Digital signatures can be used to authenticate the source of messages. When

ownership of a digital signature secret key is bound to a specific user, a valid
signature shows that the message was sent
by that user. The importance of high confidence in sender authenticity is
obvious in a financial context.
For example, suppose a bank's branch office sends instructions to the central
office requesting a change in the balance of an account. If the central office
is not convinced that such a message is truly sent from an authorized source,
acting on such a request could be a grave mistake.

Verification of Digital Signature

Verification means to determine whether –
 • The initial record was a fixed with the digital signature by using the
keys of the subscriber.
• The original record is retained intact or has been altered since such
electronic record was bounded with the digital signature [Sec.2(1)
(zh)].

DIGITAL SIGNATURE CERTIFICATE

A digital signature certificate is an electronic document which uses a digital

signature to bind an identity information such as the name of a person or an
organization, their address, and so forth. The certificate can be used to verify
that it belongs to an individual. Any person can make an application to the
Certifying Authority for the issue of this digital certificate. The Authority
charges fees (as prescribed by the Central Government) for the issue of
digital signature certificate.

Generation of Digital Certificate

The generation of digital signature certificate shall involve –
• receipt of an approved and verified certificate request.
• creating a new digital signature certificate.
• a distinguished name associated with the digital certificate owner.
• a recognized and relevant policy as defined in certification practice
statement [Rule 24 of the IT rules].

Expiry of Digital Signature Certificate

A digital signature certificate shall be issued with a designated expiry date. It
will expire automatically and on expiry, it shall not be reused. The period for
which a digital certificate has been issued shall not be extended, but a new
digital signature certificate may be issued after the expiry of such period
[Rules 26 of IT Act, 2000].

Mission and Vision Cybersecurity Program

Mission
The following mission caters to cybersecurity:
  To safeguard information and information infrastructure in cyberspace.
 To build capabilities to prevent and respond to cyber threats.
 To reduce vulnerabilities and minimize damage from cyber incidents
through a combination of institutional structures, people, processes,
technology, and cooperation.

Vision
To build a secure and resilient cyberspace for citizens, businesses, and
Government.

Cyber Law - Objectives

The recent Edward Snowden revelations on the US surveillance program PRISM
have demonstrated how a legal entity network and computer system outside a
particular jurisdiction is subject to surveillance without the knowledge of such
legal entities. Cyber cases related to interception and snooping are increasing at an
alarming rate. To curb such crimes, cyber laws are being amended quite regularly.

Emerging Trends of Cyber Law

Reports reveal that upcoming years will experience more cyber-attacks. So
organizations are advised to strengthen their data supply chains with better
inspection methods.
Some of the emerging trends of cyber law are as follows:
 Stringent regulatory rules are put in place by many countries to prevent
unauthorized access to networks. Such acts are declared as penal offences.
 Stakeholders of the mobile companies will call upon the governments of the
world to reinforce cyber-legal systems and administrations to regulate the
emerging mobile threats and crimes.
 The growing awareness on privacy is another upcoming trend. Google’s
chief internet expert Vint Cerf has stated that privacy may actually be an
anomaly.
  Cloud computing is another major growing trend. With more advancements
in the technology, huge volumes of data will flow into the cloud which is not
completely immune to cyber-crimes.
 The growth of Bitcoins and other virtual currency is yet another trend to
watch out for. Bitcoin crimes are likely to multiply in the near future.
 The arrival and acceptance of data analytics, which is another major trend to
be followed, requires that appropriate attention is given to issues concerning
Big Data.

Create Awareness
While the U.S. government has declared October as the National Cybersecurity
Awareness month, India is following the trend to implement some stringent
awareness scheme for the general public.
The general public is partially aware of the crimes related to virus transfer.
However, they are unaware of the bigger picture of the threats that could affect
their cyber-lives. There is a huge lack of knowledge on e-commerce and online
banking cyber-crimes among most of the internet users. Some of them are:
 Filter the visibility of personal information in social sites.
 Do not keep the "remember password" button active for any email address
and passwords
 Make sure your online banking platform is secure.
 Keep a watchful eye while shopping online.
 Do not save passwords on mobile devices.
 Secure the login details for mobile devices and computers, etc.

Areas of Development
The "Cyber law Trends in India 2013" and "Cyber law Developments in India in
2014" are two prominent and trustworthy cyber-law related research works
provided by Perry4Law Organization (P4LO) for the years 2013 and 2014.There
are some grave cyber law related issues that deserve immediate consideration by
the government of India. The issues were put forward by the Indian cyber law
roundup of 2014 provided by P4LO and Cyber Crimes Investigation Centre of
India (CCICI). Following are some major issues:
 A better cyber law and effective cyber-crimes prevention strategy.
 Cyber-crimes investigation training requirements.
 Formulation of dedicated encryption laws.
 Legal adoption of cloud computing.
 Formulation and implementation of e-mail policy.
 Legal issues of online payments.
 Legality of online gambling and online pharmacies.
 Legality of Bitcoins.
 Framework for blocking websites.
 Regulation of mobile applications
With the formation of cyber-law compulsions, the obligation of banks for cyber-
thefts and cyber-crimes would considerably increase in the near future. Indian
banks would require to keep a dedicated team of cyber law experts or seek help of
external experts in this regard.

Cyber Law - Strategies For Cyber Security

To design and implement a secure cyberspace, some stringent strategies have been
put in place. The major strategies employed to ensure cybersecurity are as follows:
 Creating a Secure Cyber Ecosystem
 Creating an Assurance Framework
 Encouraging Open Standards
 Strengthening the Regulatory Framework
 Creating Mechanisms for IT Security
 Securing E-governance Services
 Protecting Critical Information Infrastructure

Case Study
Hacking of Iranian nuclear plant through the internet.
Explanation − A program was designed to automatically run the Iranian nuclear
plant. Unfortunately, a worker who was unaware of the threats introduced the
program into the controller. The program collected all the data related to the plant
and sent the information to the intelligence agencies who then developed and
inserted a worm into the plant. Using the worm, the plant was controlled by
miscreants which led to the generation of more worms and as a result, the plant
failed completely.
Cyber Law - Policies To Mitigate Cyber Risk
There were various policies laid to minimize cyber risk. It is only with well-
defined policies that the threats generated in the cyberspace can be reduced.
 Promotion of R&D in Cybersecurity
Due to the ever-increasing dependence on the Internet, the biggest challenge
we face today is the security of information from miscreants. Therefore, it is
essential to promote research and development in cybersecurity so that we
can come up with robust solutions to mitigate cyber risks.

 Cybersecurity Research
Cybersecurity Research is the area that is concerned with preparing solutions
to deal with cyber criminals. With increasing amount of internet attacks,
advanced persistent threats and phishing, lots of research and technological
developments are required in the future.

 Cybersecurity Research-Indian Perspective

In the recent years, India has witnessed an enormous growth in cyber
technologies. Hence it calls for an investment in the research and
development activities of cybersecurity. India has also seen many successful
research outcomes that were translated into businesses, through the advent of
local cybersecurity companies.

 Threat Intelligence
Research work to mitigate cyber-threats is already being commenced in
India. There is a proactive response mechanism in place to deal with cyber
 threats. Research and Development activities are already underway at
various research organizations in India to fight threats in cyberspace.

 Next Generation Firewall

Multi-identity based expertise such as Next Generation Firewall that offers
security intelligence to enterprises and enable them to apply best suited
security controls at the network perimeter are also being worked on.

 Secured Protocol and Algorithms

Research in protocols and algorithms is a significant phase for the
consolidation of cybersecurity at a technical level. It defines the rules for
information sharing and processing over cyberspace. In India, protocol and
algorithm level research includes
 Secure Routing Protocols
 Efficient Authentication Protocols
 Enhanced Routing Protocol for Wireless Networks
 Secure Transmission Control Protocol
 Attack Simulation Algorithm, etc.

 Authentication Techniques
Authentication techniques such as Key Management, Two Factor
Authentication, and Automated key Management provide the ability to
encrypt and decrypt without a centralized key management system and file
protection. There is continuous research happening to strengthen these
authentication techniques.

 BYOD, Cloud and Mobile Security

With the adoption of varied types of mobile devices, the research on the
security and privacy related tasks on mobile devices has increased. Mobile
security testing, Cloud Security, and BYOD (Bring Your Own Device) risk
mitigation are some of the areas where a lot of research is being done.

 Cyber Forensics
 Cyber Forensics is the application of analysis techniques to collect and
recover data from a system or a digital storage media. Some of the specific
areas where research is being done in India are
 Disk Forensics
 Network Forensics
 Mobile Device Forensics
 Memory Forensics
 Multimedia Forensics
 Internet Forensics

 Reducing Supply Chain Risks

Supply chain risk can be defined as, any risk that an opponent may damage,
write some malicious function to it, deconstruct the design, installation,
procedure, or maintenance of a supply item or a system so that the entire
function can be degraded

Network Security Devices

Firewalls
A firewall is a network security system that manages and regulates the network
traffic based on some protocols. A firewall establishes a barrier between a trusted
internal network and the internet.Firewalls exist both as software that run on a
hardware and as hardware appliances. Firewalls that are hardware-based also
provide other functions like acting as a DHCP server for that network.Most
personal computers use software-based firewalls to secure data from threats from
the internet. Many routers that pass data between networks contain firewall
components and conversely, many firewalls can perform basic routing functions.
Firewalls are commonly used in private networks or intranets to prevent
unauthorized access from the internet. Every message entering or leaving the
intranet goes through the firewall to be examined for security measures.An ideal
firewall configuration consists of both hardware and software based devices. A
firewall also helps in providing remote access to a private network through secure
authentication certificates and logins.
Hardware and Software Firewalls
Hardware firewalls are standalone products. These are also found in broadband
routers. Most hardware firewalls provide a minimum of four network ports to
connect other computers. For larger networks eg: for business purpose- business
networking firewall solutions are available.
Software firewalls are installed on your computers. A software firewall protects
your computer from internet threats.

Antivirus
An antivirus is a tool that is used to detect and remove malicious software. It was
originally designed to detect and remove viruses from computers.
Modern antivirus software provide protection not only from virus, but also from
worms, Trojan-horses, adwares, spywares, key loggers, etc. Some products also
provide protection from malicious URLs, spam, phishing attacks, botnets, DDoS
attacks, etc.

Content Filtering
Content filtering devices screen unpleasant and offensive emails or webpages.
These are used as a part of firewalls in corporations as well as in personal
computers. These devices generate the message "Access Denied" when someone
tries to access any unauthorized web page or email.Content is usually screened for
pornographic content and also for violence- or hate-oriented content. Organizations
also exclude shopping and job related contents.
Content filtering can be divided into the following categories:
 Web filtering
 Screening of Web sites or pages
 E-mail filtering
 Screening of e-mail for spam
 Other objectionable content
Intrusion Detection Systems
Intrusion Detection Systems, also known as Intrusion Detection and Prevention
Systems, are the appliances that monitor malicious activities in a network, log
information about such activities, take steps to stop them, and finally report them.
Intrusion detection systems help in sending an alarm against any malicious activity
in the network, drop the packets, and reset the connection to save the IP address
from any blockage. Intrusion detection systems can also perform the following
actions
 Correct Cyclic Redundancy Check (CRC) errors
 Prevent TCP sequencing issues
 Clean up unwanted transport and network layer options

Cyber Law - Offence & Penalties

The faster world-wide connectivity has developed numerous online crimes and
these increased offences led to the need of laws for protection. In order to keep in
stride with the changing generation, the Indian Parliament passed the Information
Technology Act 2000 that has been conceptualized on the United Nations
Commissions on International Trade Law (UNCITRAL) Model Law.
The law defines the offenses in a detailed manner along with the penalties for each
category of offence.
Offences
Cyber offences are the illegitimate actions, which are carried out in a classy
manner where either the computer is the tool or target or both.
Cyber-crime usually includes the following:
 Unauthorized access of the computers
 Data diddling
 Virus/worms attack
 Theft of computer system
 Hacking
 Denial of attacks
 Logic bombs
 Trojan attacks
 Internet time theft
 Web jacking
  Physically damaging computer system.

The offences included in the I.T. Act 2000 are as follows:

 Tampering with the computer source documents.
 Hacking with computer system.
 Publishing of information which is obscene in electronic form.
 Power of Controller to give directions.
 Directions of Controller to a subscriber to extend facilities to decrypt
information.
 Protected system.
 Penalty for misrepresentation.
 Penalty for breach of confidentiality and privacy.
 Penalty for publishing Digital Signature Certificate false in certain
particulars.
 Publication for fraudulent purpose.
 Act to apply for offence or contravention committed outside India
Confiscation.
The following table shows the offence and penalties against all the mentioned
sections of the I.T. Act—
Bailability and
Sec Offence Punishment Congizability
Offence is Bailable,
Tampering with Computer Imprisonment up to 3 years
65 Cognizable and triable
Source Code or fine up to Rs 2 lakhs
by Court of JMFC
Offence is Bailable,
Imprisonment up to 3 years
66 Computer Related Offences Cognizable
or fine up to Rs 5 lakhs
Sending offensive messages Offence is Bailable,
Imprisonment up to 3 years
66-A through Communication Cognizable and triable
and fine
service, etc... by Court of JMFC
Dishonestly receiving stolen Offence is Bailable,
Imprisonment up to 3 years
66-B computer resource or Cognizable and triable
and/or fine up to Rs.1 lakh
communication device by Court of JMFC
Imprisonment of either Offence is Bailable,
66-C Identity Theft description up to 3 years Cognizable and triable
and/or fine up to Rs. 1 lakh by Court of JMFC
 Imprisonment of either Offence is Bailable,
Cheating by Personation by
66-D description up to 3 years Cognizable and triable
using computer resource
and/or fine up to Rs.1lakh by Court of JMFC
Offence is Bailable,
Imprisonment up to 3 years
66-E Violation of Privacy Cognizable and triable
and/or fine up to Rs. 2 lakh
by Court of JMFC
Offence is Non-Bailable
Imprisonment extend to
66-F Cyber Terrorism Cognizable and triable
imprisonment for Life
by Court of Sessions
On first
conviction,
imprisonment up
to 3 years and/or
fine up to Rs.5
Publishing or transmitting Offence is Bailable,
lakh. On
67 obscene material in Cognizable and triable
subsequent
electronic form by Court of JMFC
conviction
imprisonment up
to 5 years and/or
fine up to Rs. 10
lakh
On first Conviction
imprisonment
Publishing or transmitting up to 5 years and/or fine
Offence is Non-Bailable,
of material containing upto Rs. 10 lakh On
67-A Cognizable and triable
sexually explicit act, etc in Subsequent
by Court of JMFC
electronic form Conviction imprisonment
up to 7 years and/or fine up
to Rs. 10 lakh
On first Conviction
imprisonment of
either description up to 5
years and
Publishing or transmitting
/or fine up to Rs. 10 lakh. Offence is Non Bailable,
of material depicting
67-B On Cognizable and triable
children in sexually explicit
Subsequent Conviction by Court of JMFC
act etc., in electronic form
imprisonment
of either description up to 7
years
and/or fine up to Rs. 10 lakh
 Intermediary intentionally
or knowingly contravening
Imprisonment up to 3 years Offence is Bailable,
67-C the directions about
and fine Cognizable.
Preservation and retention
of information
Failure to comply with the
Imprisonment up to 2 years Offence is Bailable,
68 directions given by
and/or fine up to Rs. 1 lakh Non-Cognizable.
Controller
Failure to assist the agency
referred to in sub section (3)
in regard interception or Imprisonment up to 7 years Offence is Non-Bailable,
69
monitoring or decryption of and fine Cognizable.
any information through
any computer resource
Failure of the intermediary
to comply with the direction
issued for blocking for Imprisonment up to 7 years Offence is Non-Bailable,
69-A
public access of any and fine Cognizable.
information through any
computer resource
Intermediary who
intentionally or knowingly
contravenes the provisions
of sub-section (2) in regard Imprisonment up to 3 years Offence is Bailable,
69-B
monitor and collect traffic and fine Cognizable.
data or information through
any computer resource for
cybersecurity
Any person who secures
access or attempts to secure Imprisonment of either
Offence is Non-Bailable,
70 access to the protected description upto 10 years
Cognizable.
system in contravention of and fine
provision of Sec. 70
Indian Computer Imprisonment up to 1 year Off Offence is Bailable,
70-B Emergency Response Team and/or fine up to Rs. 1 lakh Non-Cognizable
to serve as national agency
for incident response. Any
service provider,
intermediaries, data centres,
etc., who fails to prove the
 information called for or
comply with the direction
issued by the ICERT.
Misrepresentation to the
Imprisonment up to 2 years Offence is Bailable,
71 Controller to the Certifying
and/or fine up to Rs. 1 lakh. Non-Cognizable.
Authority
Breach of Confidentiality Imprisonment up to 2 years Offence is Bailable,
72
and privacy and/or fine up to Rs. 1 lakh. Non-Cognizable.
Disclosure of information in Imprisonment up to 3 years Offence is Cognizable,
72-A
breach of lawful contract and/or fine up to Rs. 5 lakh. Bailable
Publishing electronic
Imprisonment up to 2 years Offence is Bailable,
73 Signature Certificate false
and/or fine up to Rs. 1 lakh Non-Cognizable.
in certain particulars
Publication for fraudulent Imprisonment up to 2 years Offence is Bailable,
74
purpose and/or fine up to Rs. 1 lakh Non-Cognizable

Typical Cyber Crime Cases

 State of Tamil Nadu Vs Suhas Katti

This case related to posting of obscene, defamatory and annoying message about a
divorcee woman in the yahoo message group. E-Mails were also forwarded to the
victim for information by the accused through a false e-mail account opened by
him in the name of the victim. The posting of the message resulted in annoying
phone calls to the lady in the belief that she was soliciting. Based on a complaint
made by the victim in February 2004, the Police traced the accused to Mumbai and
arrested him within the next few days. The accused was a known family friend of
the victim and was reportedly interested in marrying her. She however married
another person. This marriage later ended in divorce and the accused started
contacting her once again. On her reluctance to marry him, the accused took up the
harassment through the Internet.
On 24-3-2004 Charge Sheet was filed u/s 67 of IT Act 2000, 469 and 509 IPC
before The Honourable Addl. CMM Egmore by citing 18 witnesses and 34
documents and material objects. The same was taken on file in C.C.NO.4680/2004.
On the prosecution side 12 witnesses were examined and entire documents were
marked as Exhibits. The defence argued that the offending mails would have been
given either by ex-husband of the complainant or the complainant her self to
implicate the accused as accused alleged to have turned down the request of the
complainant to marry her. Further the Defence counsel argued that some of the
documentary evidence was not sustainable under Section 65 B of the Indian
Evidence Act. However, the court relied upon the expert witnesses and other
evidence produced before it, including the witnesses of the Cyber Cafe owners and
came to the conclusion that the crime was conclusively proved.
Ld. Additional Chief Metropolitan Magistrate, Egmore, delivered the judgement
on 5-11-04 as follows:" The accused is found guilty of offences under section 469,
509 IPC and 67 of IT Act 2000 and the accused is convicted and is sentenced for
the offence to undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/-and
for the offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and
to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for
2 years and to pay fine of Rs.4000/- All sentences to run concurrently." The
accused paid fine amount and he was lodged at Central Prison, Chennai. This is
considered as the first case convicted under section 67 of Information Technology
Act 2000 in India

 Bazee.com case
CEO of Bazee.com was arrested in December 2004 because a CD with
objectionable material was being sold on the website. The CD was also being sold
in the markets in Delhi. The Mumbai city police and the Delhi Police got into
action. The CEO was later released on bail. This opened up the question as to what
kind of distinction do we draw between Internet Service Provider and Content
Provider. The burden rests on the accused that he was the Service Provider and not
the Content Provider.

Cyber Law - Summary

Cyber Laws are the sole savior to combat cyber-crime. It is only through stringent
laws that unbreakable security could be provided to the nation’s information. The
I.T. Act of India came up as a special act to tackle the problem of Cyber Crime.
The Act was sharpened by the Amendment Act of 2008.
Cyber Crime is committed every now and then, but is still hardly reported. The
cases of cyber-crime that reaches to the Court of Law are therefore very few. There
are practical difficulties in collecting, storing and appreciating Digital Evidence.
Thus the Act has miles to go before it can be truly effective.
While the lawmakers have to be complemented for their admirable work removing
various deficiencies in the Indian Cyber law and making it technologically neutral,
yet it appears that there has been a major mismatch between the expectation of the
nation and the resultant effect of the amended legislation. The most bizarre and
startling aspect of the new amendments is that these amendments seek to make the
Indian cyber law a cyber-crime friendly legislation -a legislation that goes
extremely soft on cyber criminals, with a soft heart; a legislation that chooses to
encourage cyber criminals by lessening the quantum of punishment accorded to
them under the existing law; A legislation which makes a majority of cybercrimes
stipulated under the IT Act as bailable offences; a legislation that is likely to pave
way for India to become the potential cyber-crime capital of the world.

Bibliography
https://www.tutorialspoint.com/information_security_cyber_law/quick_guide.
htm
https://en.wikipedia.org/wiki/Larceny#:~:text=Traditionally%20intent%20to
%20steal%20is,possession%20of%20the%20property
%20permanently.&text=However%2C%20it%20is%20not%20a,did%20not
%20belong%20to%20him.
https://www.google.com/search?
q=hacking+meaning&oq=hacking&aqs=chrome.1.69i57j0l7.3690j0j7&sourcei
d=chrome&ie=UTF-8
http://www.legalserviceindia.com/legal/article-1019-importance-of-cyber-law-
in-india.html#:~:text=Cyber%20law%20is%20important%20because,legal
%20and%20cyber%20legal%20angles.