We have reached that generation with time where even doctors are consulted through virtual calls and everything is just a click away. The Internet has actually made our lives way easier than any of us ever thought. But as we all know, there are two sides to every coin. Similarly, there are few people who misuse this blessing on human kind to harass others. This kind of virtual crime and illegal use of the internet is commonly known as ‘cyber-crime.’ The law which puts hold on such virtual crimes is known as ‘cyber law.’ [1] According to Section 2(nb) of the IT Act, 2000, cyber security means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction. [2]

The phrase ‘cyber-crime’ was for the first time used in the year 1995 by Sussma and Heuston. This term is not even described in the IT Act as its ambit is really vast. It is a combination of act and conduct through virtual mode[3]. This particular type of crime is unique. Unlike the usual way of crime, it is not necessary that the victim will suffer any physical injury. There can be mental harassment, emotional hurt and psychological damage too and this is because in this kind of crime the offender and the victim do not face each other in reality. Everything happens from behind the virtual veil of the internet.  Bullying someone online, child harassment, posting pornographic material online, software breach, cyber terrorism, hacking etc., are all part of cyber-crime. The evolution of cyber crime has seen Morris worm to Ransomware in its journey. Many countries and multinational companies have come together to build such a strong program which stops cyber crime permanently because the ambit of cyber crime is not as narrow as an individual’s harassment, rather, if organized through proper channels, an entire country’s information can be leaked and can cause severe damage to the entire nation.[4]

India came up with the Information Technology Act, 2000 to fight back the problem of cyber-crime. This Act was a product of a resolution which was passed in the General Assembly in 1970. This Act has covered various facets of the electronic world including authentication of accounts, signatures, cyber bullying, punishments for virtual crimes etc. [5]


Any criminal or illegal activity through an electric channel or through any computer network is counted under cyber-crime. Hacking into someone’s email and stealing information is fraud and is an excellent example of cyber-crime. Social networking has become an integral part of an individual in the 21st century. They have become the best means to maintain personal as well as professional contacts. The users generally put/post their personal information on these sites and also accept the terms and conditions it asks for. We ought to realise that almost everything we do on the web can be viewed or discovered because it leaves a digital footprint. Another emerging challenge to online privacy is the use of smartphones. Any device that is hooked up to the internet has a specific MAC address attached to it, whether it’s a computer, smartphone, playstation or something else that can be followed. Many times we do not even read the terms and conditions of the arrangement between the user and the social networking sites and blindly grant them access to our gallery, and other vital information. Such agreements are known as ‘clickwrap agreements’ and are widely used by such pages. By signing such arrangements, people revoke some of their rights to privacy. Excessive use of these emerging technologies has improved intrusion, as access to Personally Identifiable Information is simpler than ever. The Government has tried in several ways to fix this issue, whether it is the 2008 amendment to the IT Act or the 2018 Draft Personal Security Bill. These acts and bills strengthen the battle against cyber-crimes in the world, but there is a way further to go. The bill is yet to be enacted and there is a need for further amendments.[6]

“In India, usage of personal data or information of citizens is regulated by the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, under Section 43A of the Information Technology Act, 2000.” [7]


Currently all the laws dealing with data protection or any kind of cyber protection are codified in the Information Technology Act, 2000. According to Section 43A of the IT Act:


Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected. Explanation. -For the purposes of this section,-

  • “body corporate” means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities;
  •  “reasonable security practices and procedures” means security practices and procedures designed to protect such information from unauthorized access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for the time being in force and in the absence of such agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit;
  •  “sensitive personal data or information” means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit. [8]

This section creates a responsibility on any company or body which possesses the data of people to keep it safe and if failed to do so, they will be punished accordingly. Even though this Act states that any computer or network of India which operates outside the territory of India will be covered under its ambit, this section still has a very vague and ambiguous meaning and needs more clarity. In 2006, major amendments were made in this Act but the disappointing fact is that cyber terrorism and issues of national security were never seriously considered under it. Hacking into the Indian Space Research Organization’s Antrix website is one such example in a bucket full of many where a national, governmental website was jeopardized. Still, we as a country have a long way to go in order to achieve cyber security. [9]

Further, Section 65 stipulates that whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy, or alter any computer source code used for a computer, computer programming, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.” [10]

The key and fundamental aim of Section 65 is to safeguard the endowment of “intellectual property” in the computer system. It is a subtle method of protecting the origins of publications of computational modelling outside the limits of the provisions of law.

 This section extends towards the Copyright Act and helps the companies to protect the source code of their programs. Offence under Section 65 is triable by any magistrate. This is a cognizable and non-bailable offense with imprisonment up to 3 years and/or fine up to two lakh rupees.

DR. K.A KOSHY v. STATE OF KERALA: The de facto plaintiff, M / s. Jay Polychem (India) Limited, a company registered under the Companies Act, 1956, with its corporate office at D-143, Defence Colony, New Delhi, is primarily engaged in the trading and distribution of petrochemicals in India and abroad. The company has an international clientele. The Business has a website called On 30.11.2009, one of the Company’s Directors noted a website under the name and style “” containing defamatory and malicious material toward the Company and its Directors. HELD: As the crimes referred to in Section 65 of the IT Act, 2000 are entitled to bail pursuant to Section 77(b) of the Act, the accused has been granted bail.[11]

Section 66 lays that if any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both. [12]

R v. GOLD & SCHIFREEN: In this case specifically, the offender had obtained access to network files of the British telecommunications firm Prest Gold. The business lodged a lawsuit in a federal court. Held: “Such a crime that has been committed is an unholy trick, not a criminal offence.” [13]

R. v. WHITELEY  : The query before the Court of Justice in the above-mentioned case was how the accused obtained remote access to the Joint Academic Network (JANET) and removed, inserted files and changed passwords to deny access to authorized personnel.. “The perspective of the section does not merely protect the information but is to protect the integrity and security of computer resources from attacks by unauthorized persons seeking to enter such a resource, whatever may be the intention or motive.” [14]

The Budapest Convention on Cyber Crimes, 2001 is one of the most prominent conventions where countries like Canada, America, Japan and South Africa came together to protect the country from cyber warfare. However, India declined to adopt it and did not sign the treaty on the grounds that we might be asked to share data with foreign agencies. [15]


The document says that with people quickly buying smartphones, tablets, and other devices, the cyber environment is becoming increasingly fragile. It’s a desperate need of the hour to create a safety wall between people’s real and virtual lives. The new goal of cyber hygiene awareness is to encourage the use of legal apps and devices. It is also the responsibility of the private sector to work with the government to improve cyber security. The administration has unparalleled opportunities and is required to incorporate national security policies when planning or reshaping the IT Act so that the country can be completely armed against any such cyber-attack. [16]


[1]Vinayak pujari, “Cyber Crime & Criminal Law’s in India” 07 International Journal of Advance and Innovative Research 62 (2020).

[2]The Information Technology Act, 2000, s.2(nb).

[3]Gopika Gopakumar, “Malware caused India’s biggest debit card data breach: Audit report” Mint (2017).

[4]Hemraj Saini & Yerra Shankar Rao, “Cyber-Crimes and their Impacts: A Review” 02 International Journal of Engineering Research and Applications (IJERA) 203 (2012).

[5]Aparna Vishwanathan, Cyber law- Indian and International Perspectives on key Topics including Data Security, ECommerce , Cloud Computing and Cyber Crimes, (lexis Nexis, 1st Edition, 2012). 

[6]Dr. Mike McGuire & Samantha Dowling, “Cyber crime: A review of the evidence” University of Surrey 05-07 (2013).

[7]Akshat Mittal, “National Security Laws Pertaining to Cyber Security” bnwjournal (2020).

[8]The Information Technology Act, 2000, s.43A.

[9]Mohd Ujaley, Dedicated legislation for Cyber Security is needed: Pavan DuggalExpressComputer, July 25, (2018),, (last visited on October 28, 2020).

[10]The Information Technology Act, 2000, s.65.

[11]2010 (1) KLT 945.

[12]The Information Technology Act, 2000, s. 66.

[13][1988] 2 WLR 984.

[14][1991] 93 cr App rep 25.

[15]Dolly Krishnan & Moit Verma, “Cybersecurity And Cyber Laws Around The World And India: Major Thrust Highlighting Jharkhand For Concerns”, The Law Brigade Publishers (2020).

[16]Special Correspondent, Centre to revamp IT Act, The Hindu (Feb. 26, 10:28 PM), (last visited on October 28, 2020)


Leave a Comment

Your email address will not be published. Required fields are marked *