Cyber Laws For CxO
Be Aware... Be Empowered
April 2010
Editor
Naavi
www.naavi.org
Publisher
Ujvala Consultants Pvt Ltd
www.ujvala.com
Questions and Answers
We intend using this section of the news letter to answer the Cyber Law related queries raised by our readers. This being an inaugural issue, we don’t have any questions to be answered.
We hope that this would be one of the most vibrant sections of this news letter which may generate illuminating debates which would be of use to one and all.
We appreciate if queries are raised by persons indicating their Name, Occupation and Contact details. We however don’t want to restrain the readers from raising questions without revealing their identity. Such readers may therefore send the questions as “Anonymous” in which case even their e-mail ID would not be provided on the news letter.
All questions may however be sent by e-mail to naavi@in.com by e-mail with the subject line containing “Cyber Laws for CxOs”.
Editor
What Constitutes a Cyber Crime?
Defining a Cyber Crime is largely a matter of semantics.
One popular definition of a Cyber Crime is that “It is a crime where a computer is either a target or a tool of the crime.”.
This definition however needs to be modified in the light of laws that are being legislated world wide to tackle Cyber Crimes where the target of legislation is not restricted to offences committed with “Computers” but extending it to any offence committed with the use of Electronic Documents and devices which are not computers but are capable of computer like operations such as generating, storing and forwarding of Electronic Documents. ITA 2000 also adopts this process.
Hence a better definition of Cyber Crime is
“Cyber Crime means any contravention of law where an Electronic Document or any device that generates, stores or transmits an Electronic Document is either a tool or target of contravention”.
According to this definition Cyber Crimes are not restricted to offences mentioned in ITA 2000 or ITA 2008 (ITA 2000 as amended by Information Technology Amendment Act 2008). It includes Internet and Non Internet Crimes. It includes Computer, Mobile, ATM and Credit Card related crimes. It includes crimes against physical electronic assets including destruction of a computer or a mobile or a CD or a Pen drive. Even IPR offences against Cyber Properties can be covered as Cyber Crimes under this definition.
This definition also includes offences in which only “Electronic Documents” are involved even when such electronic document is in “Non Electronic Format” for the time being.
It may be noted that the above is a derived definition suggested by Naavi and is not incorporated in the current versions of ITA 2008 as such. It however is a direct outcome of the ITA 2008.
What to do when you spot a potential Cyber Crime
If you observe what you believe as a “Cyber Crime”, first determine if you are a victim or a passive observer.
Think for a moment about why you think something is a Cyber Crime and try to preserve the evidence regarding the same.
Contact an expert if required at this stage to understand whether there is a prima-facie evidence of a Crime or not.
If confirmed, locate the nearest Police Station and lodge a written complaint and obtain an acknowledgement with time and date.
Most Cyber Crime Police Stations and senior police officers are available on E-Mail and a complaint can be lodged on the e-mail preferably with digital signature. If required use the services of a “Certified E-Mail Forwarder” such as Cyber Evidence Archival Center (www.ceac.in).
If you have suffered any loss on account of a Cyber Crime, approach a Cyber Law expert in your area or take the assistance of E-NGOs such as Naavi.org.
Which Police Station to Approach
Some State Governments have created specialized Cyber Crime Police Stations in some Metros. If available contact them since you may find knowledgeable police officers there.
Otherwise approach any Police Station within your area and lodge the complaint. They will guide you to the appropriate alternate Police Station if any.
In case of difficulty approach the senior Police officers in the area or a suitable advocate.
How To Recover the Monetary Loss?
In case any monetary loss has arisen due to contravention of any provisions of ITA 2008, approach the “Adjudicator” of your State.
Please see the March Issue of Cyber Laws For CxOs for more information on the Adjudication process.
If the contravention is not of ITA 2008, then you may have to approach the alternate Court/Forum of jurisdiction such as Consumer Forum or a Civil Court etc.
A Cyber Crime in an Organization
If a Cyber Crime is committed with the use of any resources belonging to a Company, the executives of the company including the CEO as well as the Directors may be liable both for civil and criminal liabilities for negligence under ITA 2008 (Sec 85).
Hence immediate steps have to be taken to secure evidence and bring in the Police for investigation.
Additionally ITA 2008 compliance audit to be initiated if not already done so that “Due Diligence” requirements under ITA 2008 are fulfilled.
Negligence that facilitates a Crime, Negligence that assists a Criminal, suppression and erasure of evidence and not taking adequate steps after a Cyber Crime incident may all lead to enhancing the culpability and liability of the organization.
How Do we Recognize a Cyber Crime?
Following are the ingredients of a Cyber Crime.
- A Wrongful loss has occurred to some body
- There is a violation of some legal provision
- A Computer, Mobile or a similar electronic device or an Electronic Document is involved in the Crime.
- At least one device in India has been used in the commission of crime.
- Victim or the Perpetrator may be either in India or abroad.
Who Has to make a Cyber Crime Complaint?
Preferably the complaint is to be made by a person who has suffered a loss or is likely to suffer a loss on account of the incident.
A third party may also bring a crime to the notice of the law enforcement in the interest of the public in general.
Is Theft or Damage of a Computer a Cyber Crime?
Under Section 66B, retaining or using of a stolen device is an offence. Hence stealing indirectly becomes assistance to commit Sec 66B crime and hence can be considered as a Cyber crime. Causing damage to a computer is an offence under Section 66 and contravention under Sec 43. Physical damage of a computer can also therefore be called a cyber crime.
What Crimes are covered under ITA 2008?
ITA 2008 is a comprehensive legislation that covers many types of Cyber Crimes. The Act does not use the popular names of Cyber Crimes but describes them through different sections. If properly interpreted, it covers most of the known cyber crime offences.
Section 66 covers most of the common crimes arising out of “Unauthorised Access”. If any loss is caused with fraudulent intention by an unauthorized access, it is punishable. The section includes unauthorized downloading, alteration, deletion etc. It also includes denial of access and causing damage to computer resources. It also includes assistance to others for commission of crimes and the common financial frauds in which an electronic resource is used by one but charged for payment to another. (eg: when some body else’s credit card is used online by a fraudster).
The most critical part of the section is that “Diminishing the Value or Utility” of information residing inside a computer is considered as an offence under this section. This clause is amenable for wide interpretation and is one of the powerful features of ITA 2008.
How are E-Mail Based Crimes Covered under ITA 2008?
Section 66A of ITA 2008 covers offences such as sending offensive and threatening mails as well as mails sent with a false sender’s address. This section can be invoked in cases of Phishing. Under certain circumstances this can also be used in cases of “Defamation”. “Cyber Stalking” by causing harassment through e-mail or SMS messages can also be brought under this section.
What is the Extent of Punishment for Cyber Crimes?
Most of the Cyber Crimes carry imprisonment of 3 years. The maximum imprisonment is “Life Imprisonment” under Section 66F for “Cyber Terrorism”. Additionally there could be fines normally in the range of Rs 1 to 5 lakhs. Damages are also payable to the victim. A full list of section wise punishments is given separately.
What is the Extent of Civil Liability for Cyber Crimes?
There is no limit for the civil liability under ITA 2008. Liability is for all contraventions under Chapter IX including Section 43A regarding data protection. Claims upto and inclusive of Rs 5 Crores are within the jurisdiction of the Adjudicator and beyond Rs 5 Crores is within the jurisdiction of the appropriate Civil Court.
Particulars of Offences covered under Chapter XI of ITA 2008
Section
Description
Imprisonment (Yrs)
Fine (Rs, lakhs)
65
Tampering of certain Electronic Documents required to be preserved for certain time
3
2
66
Various Computer Related Offences
3
5
66A
Sending Offensive Messages
3
USA
66B
Receiving Stolen Devices
3
1
66C
Identity Theft
3
1
66D
Impersonation
3
1
66E
Video Voyeurism
3
2
66F
Cyber Terrorism
Life
-
67
Publishing and Transmission of Obscene Electronic Documents
3
5
Repeat offence
5
5
67A
Publishing and Transmission of Sexually Explicit Material in Electronic Form
5
10
Repeat offence
7
10
67B
Child Pornography.(Includes .publishing, Transmission, Browsing, Storing, Chatting etc)
5
10
Repeat offence
7
10
67C
Preservation and Retention of Information by Intermediaries
3
USA
68
Failure to Comply with Controller’s direction
(Applicable to Certifying Authorities and their employees)
2
1
69
Failure to assist in Interception and Monitoring
7
USA
69A
Failure to assist in Blocking
7
USA
69B
Failure to provide information
3
USA
70
Attempt or Access of Protected System
7
USA
70A
Not related to offences
70B
Failure to Comply Directions from Nodal Agency
1
1
71
Misrepresentation for obtaining Digital /Electronic Signature Certificate
2
1
72
Breach of Confidentiality by authorities
2
1
72A
Unauthorised Disclosure of Information
3
5
73
Publishing false Digital/Electronic Signature Certificate
2
1
74
Publishing Digital/Electronic Signature Certificate for fraudulent purpose
2
1
USA=Unspecified Amount
What is the punishment of Abetment and Assistance?
Abetment for any offence will carry a punishment meant for the specific offence.
Assistance for commission of any Crime would be punishable with half the punishment meant for the specific offence.
Can Company Officials be Arrested for the Offences committed by Employees
Yes. Under Section 85, if the offence is attributable to the Company and negligence can be attributed to any officer or director, the criminal liability can rest on the officials. An offence can be attributed to the Company when its resources are used by the employees to commit a crime.
Cognizability, Bailability and Compoundability
All offences with 3 or more years of imprisonment are considered “Cognizable” Offences with three years of imprisonment are Bailable. Offences upto and inclusive of 3 years imprisonment are Compoundable
Are Foreign Companies and Individuals Liable?
Jurisdiction under ITA 2008 extends to persons outside India and Persons who are not citizens of India provided at least one Computer situated in India has been used in the commission of the offence.
Are there instances of Company Officials Punished for Vicarious Liabilities?
Proceedings are in progress in the case of Section 67 offence at baazee.com against the CEO of the Company. The ultimate decision will depend on the Court being either satisfied or not of the “Due Diligence” exercised by the Company.
P.S: Views expressed here may be considered as suggestive and other experts may have differing opinions. Answers given here are for academic clarification and debate and do not constitute legal advice.
A PDF Copy of the News Letter would be sent by e-mail to all persons who subscribe. Subscription is free.