COMMON CYBER-CRIME SCENARIOS AND APPLICABILITY OF LEGAL SECTIONS
Let us look into some common cyber-crime scenarios which can attract prosecution as per the penalties and offences prescribed in IT Act 2000 (amended via 2008) Act.
A) Harassment via fake public profile on social networking site : A fake profile of a person is created on a social networking site with the correct address, residential information or contact details but he/she is labelled as ‘prostitute’ or a person of ‘loose character’. This leads to harassment of the victim.
Provisions Applicable : Sections 66A, 67 of IT Act and Section 509 of the Indian Penal Code.
B) Online Hate Community : Online hate community is created inciting a religious group to act or pass objectionable remarks against a country, national figures etc.
Provisions Applicable : Section 66A of IT Act and 153A & 153B of the Indian Penal Code.
C) Email Account Hacking : If victim’s email account is hacked and obscene emails are sent to people in victim’s address book.
Provisions Applicable : Sections 43, 66, 66A, 66C, 67, 67A and 67B of IT Act.
D) Credit Card Fraud : Unsuspecting victims would use infected computers to make online transactions.
Provisions Applicable : Sections 43, 66, 66C, 66D of IT Act and section 420 of the IPC.
E) Web Defacement : The homepage of a website is replaced with a pornographic or defamatory page. Government sites generally face the wrath of hackers on symbolic days.
Provisions Applicable:- Sections 43 and 66 of IT Act and Sections 66F, 67 and 70 of IT Act also apply in some cases.
F) Introducing Viruses, Worms, Backdoors, Rootkits, Trojans, Bugs :
All of the above are some sort of malicious programs which are used to destroy or gain access to some electronic information.
Provisions Applicable:- Sections 43, 66, 66A of IT Act and Section 426 of Indian Penal Code.
G) Cyber Terrorism : Many terrorists are use virtual(GDrive, FTP sites) and physical storage media(USB’s, hard drives) for hiding information and records of their illicit business.
Provisions Applicable : Conventional terrorism laws may apply along with Section 69 of ITAct.
H) Online sale of illegal Articles : Where sale of narcotics, drugs weapons and wildlife is facilitated by the Internet
Provisions Applicable : Generally conventional laws apply in these cases.
I) Cyber Pornography : Among the largest businesses on Internet. Pornography may not be illegal in many countries, but child pornography is.
Provisions Applicable:- Sections 67, 67A and 67B of the IT Act.
J) Phishing and Email Scams :
Phishing involves fraudulently acquiring sensitive information through masquerading a as a trusted entity. (E.g. Passwords, credit card information)
Provisions Applicable:- Section 66, 66A and 66D of IT Act and Section 420 of IPC
K) Theft of Confidential Information : Many business organizations store their confidential information in computer systems. This information is targeted by rivals, criminals and disgruntled employees.
Provisions Applicable:- Sections 43, 66, 66B of IT Act and Section 426 of Indian Penal Code.
L) Source Code Theft : A Source code generally is the most coveted and important "crown jewel" asset of a company.
Provisions applicable:- Sections 43, 66, 66B of IT Act and Section 63 of Copyright Act.
M) Tax Evasion and Money Laundering :
Money launderers and people doing illegal business activities hide their information in virtual as well as physical activities.
Provisions Applicable: Income Tax Act and Prevention of Money Laundering Act. IT Act may apply case-wise.
N) Online Share Trading Fraud : It has become mandatory for investors to have their demat accounts linked with their online banking accounts which are generally accessed unauthorized, thereby leading to share trading frauds.
Provisions Applicable: Sections 43, 66, 66C, 66D of IT Act and Section 420 of IPC
I. Penalties, Compensation and Adjudication sections
Section 43 - Penalty and Compensation for damage to computer, computer system : If any person without permission of the owner or any other person who is in-charge of a computer, computer system or computer network
(a) accesses or secures access to such computer, computer system or computer network or computer resource
(b) downloads, copies or extracts any data, computer data, computer database or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
(c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network-
(d) damages or causes to be damaged any computer, computer system or computer network, data, computer database, or any other programmes residing in such computer,computer system or computer network-
(e) disrupts or causes disruption of any computer, computer system, or computer network
(f) denies or causes the denial of access to any person authorised to access any computer,computer system or computer network by any means
(h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer of a computer, computer system or computer network-
(g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made there under,
(h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network,
(i) destroys, deletes or alters any information residing in a computer resource or
diminishes its value or utility or affects it injuriously by any means,
(j) Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage, he shall be liable to pay damages by way of compensation to the person so affected.
Section 43A - Compensation for failure to protect data :
Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, not exceeding five crore rupees,to the person so affected.
Section 44 - Penalty for failure to furnish information or return, etc :
If any person who is required under this Act or any rules or regulations made there under to
(a) furnish any document, return or report to the Controller or the Certifying Authority,fails to furnish the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand rupees for each such failure;
(b) file any return or furnish any information, books or other documents within the time specified therefore in the regulations, fails to file return or furnish the same within the time specified therefore in the regulations, he shall be liable to a penalty not exceeding five thousand rupees for every day during which such failure continues:
(c) Maintain books of account or records, fails to maintain the same, he shall be liable to a penalty not exceeding ten thousand rupees for every day during which the failure continues.
Section 45 – Residuary Penalty : Whoever contravenes any rules or regulations made under this Act, for the contravention of which no penalty has been separately provided,shall be liable to pay a compensation not exceeding twenty-five thousand rupees to the person affected by such contravention or a penalty not exceeding twenty-five thousand rupees.
Section 47 - Factors to be taken into account by the adjudicating officer : It lays down that while adjudging the quantum of compensation under this Act,an adjudicating officer shall have due regard to the following factors, namely :-
(a) The amount of gain of unfair advantage, wherever quantifiable, made as a result of the default;
(b) The amount of loss caused to the person as a result of the default,
(c) The repetitive nature of the default.
II. Offences sections
Section 65 - Tampering with Computer Source Documents : If any person knowingly or intentionally conceals, destroys code or alters or causes
another to conceal, destroy code or alter any computer, computer programme,
computer system, or computer network, he shall be punishable with imprisonment up to three years, or with fine up to two lakh rupees, or with both.
Section - 66 Computer Related Offences : If any person, dishonestly, or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to two three years or with fine which may extend to five lakh rupees or with both.
Section 66A - Punishment for sending offensive messages through communication service : Any person who sends, by means of a computer resource or a communication device,
(a) any information that is grossly offensive or has menacing character;
(b) any information which he knows to be false, but for the purpose of causing
annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation,enmity, hatred, or ill will, persistently makes by making use of such computer resource or a communication device,
(c) any electronic mail or electronic mail message for the purpose of causing
annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages shall be punishable with imprisonment for a term which may extend to three years and with fine.
Section 66B - Punishment for dishonestly receiving stolen computer resource or communication device : Whoever dishonestly receives or retains any stolen computer resource or communication device knowing or having reason to believe the same to be stolen computer resource or communication device, shall be punished with imprisonment of either description for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.
Section 66C - Punishment for identity theft : Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person,shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.
Section 66D - Punishment for cheating by personation by using computer resource : Whoever, by means of any communication device or computer resource cheats by personating shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.
Section 66E - Punishment for violation of privacy : Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both.
Section-66F Cyber Terrorism :
Whoever with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by
(i) denying or cause the denial of access to any person authorized to access
computer resource; or
(ii) attempting to penetrate or access a computer resource without authorisation
or exceeding authorized access. commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life.
Section 67 - Punishment for publishing or transmitting obscene material in electronic form :
Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it,shall be punished on first conviction with imprisonment of either description for a term which may extend to two three years and with fine which may extend to five lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.
Section 67B. Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form :
Whoever:-
(a) publishes or transmits or causes to be published or transmitted material in
any electronic form which depicts children engaged in sexually explicit act or conduct or
(b) creates text or digital images, collects, seeks, browses, downloads, advertises,
promotes, exchanges or distributes material in any electronic form depicting children in
obscene or indecent or sexually explicit manner or
(c) cultivates, entices or induces children to online relationship with one or more
children for and on sexually explicit act or in a manner that may offend a reasonable adult on the computer resource or
(d) facilitates abusing children online or
(e) records in any electronic form own abuse or that of others pertaining to
sexually explicit act with children,shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with a fine which may extend to ten lakh rupees & and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.Provided that the provisions of section 67, section 67A and this section does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic form
Section 69 - Powers to issue directions for interception or monitoring or decryption of any information through any computer resource :
(1) Where the central Government or a State Government or any of its officer specially authorized by the Central Government or the State Government, as the case may be, in this behalf may, if is satisfied that it is necessary or expedient to do in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may,subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information transmitted received or stored through any computer resource.
(2) The Procedure and safeguards subject to which such interception or monitoring or decryption may be carried out, shall be such as may be prescribed.
(3) The subscriber or intermediary or any person in charge of the computer resource shall, when called upon by any agency which has been directed under sub section (1),extend all facilities and technical assistance to -
provide access to or secure access to the computer resource generating, transmitting, receiving or storing such information; or
intercept or monitor or decrypt the information, as the case may be; or
provide information stored in computer resource.
The subscriber or intermediary or any person who fails to assist the agency referred to in sub-section (3) shall be punished with an imprisonment for a term which may extend to seven years and shall also be liable to fine.
Section 69A - Power to issue directions for blocking for public access of any information through any computer resource :
(1) Where the Central Government or any of its officer specially authorized by it in this behalf is satisfied that it is necessary or expedient so to do in the interest of sovereignty and integrity of India, defense of India, security of the State, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offence relating to above, it may subject to the provisions of sub-sections (2) for reasons to be recorded in writing, by order direct any agency of the Government or intermediary to block access by the public or cause to be blocked for access by public any information generated, transmitted, received, stored or hosted in any computer resource.
(2) The procedure and safeguards subject to which such blocking for access by the public may be carried out shall be such as may be prescribed.
(3) The intermediary who fails to comply with the direction issued under sub-section(1) shall be punished with an imprisonment for a term which may extend to seven years and also be liable to fine
Section 69B. Power to authorize to monitor and collect traffic data or information through any computer resource for Cyber Security :
(1) The Central Government may, to enhance Cyber Security and for identification,analysis and prevention of any intrusion or spread of computer contaminant in the country, by notification in the official Gazette, authorize any agency of the Government to monitor and collect traffic data or information generated, transmitted, received or stored in any computer resource.
(2) The Intermediary or any person in-charge of the Computer resource shall when called upon by the agency which has been authorized under sub-section (1), provide technical assistance and extend all facilities to such agency to enable online access or to secure and provide online access to the computer resource generating, transmitting,receiving or storing such traffic data or information.
(3) The procedure and safeguards for monitoring and collecting traffic data or
information, shall be such as may be prescribed.
(4) Any intermediary who intentionally or knowingly contravenes the provisions of subsection (2) shall be punished with an imprisonment for a term which may extend to three years and shall also be liable to fine.
Section 71. Penalty for misrepresentation : Whoever makes any misrepresentation to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any license or Electronic Signature Certificate, as the case may be,shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.
Section 72 - Breach of confidentiality and privacy : Any person who, in pursuant of any of the powers conferred under this Act, rules or regulations made there under, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent
of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.
Section 72A - Punishment for Disclosure of information in breach of lawful contract : Any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned,or in breach of a lawful contract, such material to any other person shall be punished with imprisonment for a term which may extend to three years, or with a fine which may extend to five lakh rupees, or with both.
Section 73. Penalty for publishing electronic Signature Certificate false in certain particulars :
(1) No person shall publish a Electronic Signature Certificate or otherwise make it available to any other person with the knowledge that
the Certifying Authority listed in the certificate has not issued it; or
the subscriber listed in the certificate has not accepted it; or
the certificate has been revoked or suspended, unless such publication is for the purpose of verifying a digital signature created prior to such suspension or revocation
(2) Any person who contravenes the provisions of sub-section (1) shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.
Section 74 - Publication for fraudulent purpose :
Whoever knowingly creates, publishes or otherwise makes available a Electronic
Signature Certificate for any fraudulent or unlawful purpose shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.
Section 75 - Act to apply for offence or contraventions committed outside India :
(1) Subject to the provisions of sub-section (2), the provisions of this Act shall apply also to any offence or contravention committed outside India by any person irrespective of his nationality.
(2) For the purposes of sub-section (1), this Act shall apply to an offence or
contravention committed outside India by any person if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India.
Section 77A - Compounding of Offences :
(1) A Court of competent jurisdiction may compound offences other than offences for which the punishment for life or imprisonment for a term exceeding three years has been provided under this Act.Provided further that the Court shall not compound any offence where such offence affects the socio-economic conditions of the country or has been committed against a child below the age of 18 years or a woman.
(2) The person accused of an offence under this act may file an application for
compounding in the court in which offence is pending for trial and the provisions of section 265 B and 265C of Code of Criminal Procedures, 1973 shall apply.
Section 77B - Offences with three years imprisonment to be cognizable :
Notwithstanding anything contained in Criminal Procedure Code 1973, the offence punishable with imprisonment of three years and above shall be cognizable and the offence punishable with imprisonment of three years shall be bailable.
Section 78 - Power to investigate offences :
Notwithstanding anything contained in the Code of Criminal Procedure, 1973, a police officer not below the rank of Inspector shall investigate any offence under this Act.
-----------------------------------------------------------------------------------------------
Note : Sec.78 of I.T. Act empowers Police Inspector to investigate cases falling under this Act
-----------------------------------------------------------------------------------------------
Sec.503 IPC : Sending threatening messages by e-mail
Sec.509 IPC : Word, gesture or act intended to insult the modesty of a woman
Sec.499 IPC : Sending defamatory messages by e-mail
Sec.420 IPC : Bogus websites , Cyber Frauds
Sec.463 IPC : E-mail Spoofing
Sec.464 IPC : Making a false document
Sec.468 IPC : Forgery for purpose of cheating
Sec.469 IPC : Forgery for purpose of harming reputation
Sec.383 IPC : Web-Jacking
Sec.500 IPC : E-mail Abuse
Sec.506 IPC : Punishment for criminal intimidation
Sec.507 IPC : Criminal intimidation by an anonymous communication
Sec.51 : When copyright infringed:- Copyright in a work shall be deemed to be infringed
Sec.63A : Offence of infringement of copyright or other rights conferred by this Act. Any person who knowingly infringes or abets the infringement of
Sec.63B : Enhanced penalty on second and subsequent covictions knowing use of infringing copy of computer programme to be an offence
Sec.292 IPC : Obscenity
Sec.292A IPC : Printing etc. of grossly indecent or scurrilous matter or matter intended for blackmail Sale, etc., of obscene objects to young person Sec .293 IPC
Sec.294 IPC : Obscene acts and songs
Sec.378 : Theft of Computer Hardware
Sec.379 : Punishment for theft
NDPS Act : Online Sale of Drugs
Arms Act : Online Sale of Arms
No comments:
Post a Comment