Cybercrimes and the Need for New Laws

In today’s time, technology is advancing rapidly. In almost all the spheres of life, people have become dependent on the internet. It has become a substitute for all the characteristics of life. With the advancement of technology, everything is shifting towards the online mode. This development has brought with it the possibility of crime in the cyber arena(cybercrime). Although the concept of crime has existed in our society since the beginning, with time, the nature of these crimes have changed. Criminals have changed the mode of committing their crimes to computer-based online methods. Such crimes pose a grave threat to the public as well as personal security.


Cybercrimes refer to those types of crimes where a computer is used as a means of committing crimes like fraud, privacy violations, intellectual property, etc. Although there is no difference between cybercrime and conventional crime, however, the involvement of the kind of medium in the case of cybercrime is different. The only essential needed for establishing a cybercrime is the involvement, a virtual cyber medium at any stage of the offense.

According to Pawan Duggal, a cyber law expert, cybercrime may be said to be those species of which genus is the conventional crime; and where the computer either is an object of is a subject of the conduct constituting the crime.[1]



In this type of crime, the hacker attempts to break into a computer system or a private network on a computer. It is often done for some illegitimate purpose and includes unauthorized access over computer network security systems. In India, it is a punishable offense with punishment ranging from imprisonment up to 3 years or fine or both.[2]


Cyberbullying is a form of bullying or harassment that is carried out using digital devices like computers and tablets. It generally happens through online threats and means, aggressive texts, posting personal information, pictures, or videos designed to hurt or embarrass someone else. Under the IT Act, 2000 Cyberbullying is punished with imprisonment for up to 3 years or fine or with both. [3]


Phishing involves a fraudulent attempt to obtain sensitive data or information such as credit card details, passwords, and usernames by disguising as a reliable entity in an electronic communication. Phishing is a punishable offense under Section 43 of the IT Act, 2000. [4]


It refers to a conscious use of someone else’s identity, usually to gain a financial advantage or obtain benefits in the other person’s name to the disadvantage of the other person.



The Indian Penal Code is considered to be the basic law governing crimes in India. According to this code, the base to constitute the offense is nothing but the guilty intention and the prohibited act. Before the ratification of the Information Technology Act in the year 2000, usually, the Indian Penal Code dealt with every crime falling in the area of cybercrimes. Cybercrime is the creation of the digital era, where technology plays an important role in everyone’s life. Although the modes or ways to commit cybercrime differs from that of conventional crimes, it is not much different from conventional crime. 

In some cases, it has been observed that the existing IT Act lacks adequacy and doesn’t cover all the crimes relating to cyberspace.[5] In all such cases, the Indian Penal code is applicable. Owing to its universality, almost all the crime is covered by it.

The First schedule to the Information Technology Act of 2000 has amended certain provisions of the Indian Penal code, 1860. The scope of these amended provisions has been broadened to include offenses committed through electronic records. Sec. 192 of the Indian Penal code previously defined “fabrication of false evidence” but it didn’t include electronic records within its meaning. The amendment added false entry or electronic records containing a false statement.  The word electronic record again is the creation of the digital world. After the amendment, most of the offenses relating to the documents which are committed using the computer automatically have come under the jurisdiction of the Indian penal code. Another example is that of fraud. Section 25 of I.P.C defines a fraudulent act as “an act which is done with the intention to defraud”. Fraud whether committed through offline mode or online mode is a form of cheating and as such when any cyber fraud is committed, Section 416 of I.P.C. gets attracted which states that “when a person pretends to be some other person, or substitutes one person for another with the knowledge or represents himself to be a person other than his actual self is said to have cheated by personation”. 

Further, the act of launching a virus that is provided under section 43 of I.T.ACT is a criminal offence and would come under the purview of sec. 425 of I.P.C. which defines Mischief. Therefore, it is clear that the provisions that are specific to cyber crimes have their roots in the Indian Penal Code.


Due to the growing popularity of e-commerce, the internet has made a huge impact on the cyber arena. This made it necessary for the enactment of new rules that would govern cyberspace. Likewise, the Indian legal system enacted the Information technology Act in the year 2000. Section 65 of the IT Act, 2000 defines cybercrime as, Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy, or alter any computer source code used for a computer, computer program , computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.”[6] 

Owing to certain inadequacy in the IT Act, 2000, an amendment was needed for the smooth functioning of the Act; the amendment came in the year 2008. To meet the problem of enforcement, certain important sections were inserted in the 2008 amendment. The Information Technology (Amendment) Act, 2008 included various illegal activities committed on computers within the definition of cybercrime. The IT (Amendment) Act, 2008 has also brought considerable changes in the existing IT Act, 2000. It added various important definitions in the Act. E.g. the term “Communication device” has been added in Section 2(ha) which has brought all communication devices, cell phones, iPods, or other devices used to communicate, send or transmit any text, video, audio, or image. under the purview of cybercrime. The Amendment Act has also inserted various new things in the Act, like the controlling authority, power of adjudicative authority. More importantly, certain provisions regarding the offenses have been included in the Act. Section 66 of the IT Act now includes 66A (sending offensive messages) 66B (receiving stolen computer resources), 66C (identity theft), 66D (Cheating by impersonation), 66E (violation of privacy). A new offence of Cyber terrorism has also been added in Section 66F. 


Cybercrimes under the Information Technology Act, 2000 range from hacking to cyber terrorism. In this Act, only the Cyber Terrorism is punishable with life imprisonment, and the rest of them are punishable with imprisonment of three years while some others are punishable with imprisonment for seven years. In the case of a mere hacking, it shall not involve imprisonment unless it includes phishing, money laundering, email frauds, etc. No provision in Indian law imprisons a person for life for a crime of hacking. There is a visible inflexibility in the way; punishment has been formulated for all these crimes. India needs to amend its cyber laws more in a strict manner, because of India’s cyber laws there is a growth of scammers, phishing, money laundering, etc. According to the 2016 information from home ministry data, the conviction in India in cases of cybercrime is very low. This shows that India does not have strict laws relating to cybercrimes.  Although it is very difficult to calculate exact conviction rates for 2015, approximately 11592 cases have been registered across the country, a rise of 20% from the previous year. In 2015, charge sheets were filed in 3206 while there was only conviction in 234 cases, in 2014 there were 9622 cases registered and they only secure 76 convictions.[7] The officials reported that most of the government officials are not aware of their adjudicating powers under the Information Technology Act, 2008. Many of the government officials (IT secretaries) do not exercise the quasi-judicial power that they possess. Also, there is a lack of standard procedures for seizing and analyzing digital evidence. The present law does not provide a standard procedure for the examination of digital evidence. It is therefore clear that the existing laws have several loopholes in it and India needs new laws to fill the existing gaps.


Summing up, although the Indian legal System has various laws concerning cybercrimes, owing to the technical nature of cyber crimes; a technical process is required to execute the criminal law in the true sense. In the Indian legal system, substantive criminal law is sufficient, but due to a lack of procedural aspects, it becomes difficult for the laws to get executed. The basic problem with cybercrime is that there is no specific manner by which the internet can be misused; it is on the criminals, that they always misuse it differently, therefore the legal system can’t meet with the need of the growing pace of cybercrimes.  Further, the nature of cybercrime is cross-border, therefore it requires international cooperation. Merely coming up with new laws will not help tackle the menace. The Information Technology Act, 2000 and all the related laws have provisions regarding transnational jurisdiction, but the execution is possible only when all the countries in the world recognize the act as a crime, and allow proceedings to flow on that aspect.


[1] Pawan Duggal, Cyber Fraud, Cybercrime and Law in India 17 (2nd edn., 2003). 

[2] The Information Technology Act, 2000 (Act 21 of 2000) s. 66(2).

[3] The Information Technology Act, 2000 (Act 21 of 2000) s. 66A.

[4] The Information Technology Act, 2000 (Act 21 of 2000) s. 43.

[5]Navadha Pandey, “Govt plans new IT Act to factor in cyber crime, data privacy, new tech”,Livemint, 26 Feb 2020, available at (last visited on 30th Aug 2020).

[6] The Information Technology Act, 2000 (Act 21 of 2000), s. 65.

[7] Anurabh Saikia, Why most cybercrimes in India don’t end in conviction”, Livemint, 29 Jul 2016, available at (last visited on 30th Aug 2020).


Leave a Comment

Your email address will not be published. Required fields are marked *