Paper No: 20 Media and Information Literacy

Principal Investigator
Module : 11 Media&and Information Ethics: Dr. Jagdish
Cyber lawsArora,
andDirector
Subject Coordinator INFLIBNET Centre, Gandhinagar
Ethics

Development Team
Paper Coordinator
Principal Investigator
Dr. Jagdish Arora, Director
&
INFLIBNET Centre, Gandhinagar
Subject Coordinator
Content Writer

Dr Anubhuti Yadav,
Paper Coordinator Associate Professor, Indian Institute of Mass
Content Reviewer
Communication

Mr Vikram Aditya Narayan,

Content Writer
Lawyer

Dr Anubhuti Yadav,
Content Reviewer Associate Professor, Indian Institute of Mass
Communication
1

Library and
Media and Information Literacy
Information Science Media and Information Ethics: Cyber laws and Ethics

Paper Coordinator
Content Reviewer
 Description of Module

Subject Name Library and Information Science

Paper Name 20 Media and Information Literacy

Module Name/Title Media and Information Ethics: Cyber laws and Ethics

Module Id LIS/MIL-M/11

Pre-requisites

To discuss the cyber laws and its evolution in India.

Objectives To discuss the need for Cyber Ethics
To discuss the IT act and article 19 A of the constitution
Keywords Cyber laws, Cyber Ethics, IT Act, Cyber crimes

Library and
Media and Information Literacy
Information Science Media and Information Ethics: Cyber laws and Ethics
 1. Introduction

The advancements in technology have given rise to a prominent “cyber-space” where people interact through
text, audio, images and videos. While the Internet developed substantially during the cold war years as a
method to safely transmit information, today it has become much more. In 1996, the United Nations
Commission on International Trade Law adopted the Model Law on Electronic Commerce (the “Model Law”).
The Model Law took note of the increasing number of transactions in international trade being carried out by
means of interchanging of electronic data and the General Assembly of the United Nations in its 85th plenary
meeting (vide Resolution 51/162, 1996) recommended that all States give favourable consideration to the
Model Law.

In furtherance thereof, the Indian Parliament enacted the Information Technology Act, 2000 (the “IT Act”),
which came into force on 17th October, 2000. As per its Preamble, the Act is to provide legal recognition for
transactions carried out through electronic communications, commonly referred to as “electronic commerce”,
using alternatives to paper-based methods of communication. Interestingly, the Preamble further states that it
is considered necessary to “promote efficient delivery of Government services by means of reliable electronic
records”, thus making it clear that the IT Act was meant to facilitate “e-Governance.”

As with any other field, the increased human activity in cyber-space has resulted in a simultaneous increase in
criminal offences being performed in cyber-space, even, with cyber-space being the target at times.
Pertinently, in the recent case of Shreya Singhal v. Union of India, the Supreme Court of India upheld the
argument that there is an intelligible differentia between the Internet and other mediums of communication,
in that something posted on the Internet can reach millions of persons all over the world within seconds.
Naturally, this is a major challenge for law enforcement agencies of the day, which, in many cases, are
governed by out-dated statutes forcing them to adhere to extremely rigid procedures. These offences include
infringements to intellectual property rights that have the potential to result in losses of great value over the
Internet.

This module aims to cover all these aspects of the laws related to cyber-space in India, commonly referred to
as “cyber laws”. Coextensive with these laws is the notion that the cyber-space, much like the physical world, is

Library and
Media and Information Literacy
Information Science Media and Information Ethics: Cyber laws and Ethics
 a place requiring ethical behaviour for its smooth functioning. This module also deals with this issue of ethics;
what are these ethics and how are they to be imparted?

2. The Information Technology Act, 2000 and the 2008 Amendment

Among other things, the IT Act was introduced to amend the Indian Penal Code, 1860, the Indian Evidence Act,
1872, the Banker’s Book Evidence Act, 1891 and the Reserve Bank of India Act, 1934 in such a manner that the
said acts may effectively govern cyber-space. The Act consists of 13 Chapters having a total of 90 Sections,
which deal with offences and contraventions in broad terms. It lays down the regulatory mechanisms for the
Certifying authorities, penalty provisions, and the procedures for investigation, adjudication and appeal. It may
be noted that a contravention of the IT Act may result in the attraction of civil and/or criminal liability.

Soon after the IT Act was enacted, demands for a detailed amendment were made by various major industry
bodies. This resulted in the passing of the Amendment Act of 2008, which, inter alia, defined communication
devices, cyber cafés, digital signatures (making it technology neutral) and reasonable security practices to be
followed by Companies. The said amendment also laid emphasis on data privacy, the role of intermediaries,
the role of the Indian Computer Emergency Response Team (“INCERT”) and included new offences like child
pornography and cyber terrorism.

2.1. Definitions

Section 2 of the IT Act contains definitions of certain important phrases. Some important definitions are given
below:

Section 2(ha) – “Communication device” means cell phones, personal digital assistance or combination of both
or any other device used to communicate, send or transmit any text, audio or image.

Library and
Media and Information Literacy
Information Science Media and Information Ethics: Cyber laws and Ethics
 Section 2(i) – “Computer” means any electronic, magnetic, optical or other high-speed data processing device
or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic
or optical impulses, and includes all input, output, processing, storage, computer software, or communication
facilities which are connected or related to the computer in a computer system or computer network.

Section 2(j) – “Computer network” means the inter-connection of one or more computers or computer systems
or communication device through-
(i) the use of satellite, microwave, terrestrial line, wire, wireless or other communication media; and
(ii) terminals or a complex consisting of two or more inter-connected computers or communication device
whether or not the inter-connection is continuously maintained.

Section 2(l) – “Computer system” means a device or collection of devices, including input and output support
devices and excluding calculators which are not programmable and capable of being used in conjunction with
external files, which contain computer programmes, electronic instructions, input data, and output data, that
performs logic, arithmetic, data storage and retrieval, communication control and other functions.

Section 2(nb) – “Cyber security” means protecting information, equipment, devices, computer, computer
resource, communication device and information stored therein from unauthorised access, use, disclosure,
disruption, modification or destruction.

Section 2(o) – “Data” means a representation of information, knowledge, facts, concepts or instructions which
are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being
processed or has been processed in a computer system or computer network, and may be in any form (including
computer printouts, magnetic or optical storage media, punched cards, punched tapes) or stored internally in
the memory of the computer.

Section 2(t) – “Electronic record” means data, record or data generated, image or sound stored, received or
sent in an electronic form or micro film or computer generated micro fiche.

The IT Act also defined “digital signature” as authentication of any electronic record by a subscriber by means
of an electronic method or procedure in accordance with Section 3. Finding the definition of digital signature

Library and
Media and Information Literacy
Information Science Media and Information Ethics: Cyber laws and Ethics
 to be too narrow, the IT Amendment Act of 2008 included the definition of “electronic signature” by inserting
Section 3A.

2.2. Jurisdiction under the Act

Typically, there are two kinds of jurisdiction; pecuniary and territorial. While pecuniary jurisdiction pertains to
the courts power to hear a dispute of a certain value, territorial jurisdiction refers to the power of the court to
hear disputes based on the geographical location of the dispute. An important reason for jurisdiction to be
dispersed on the basis of territory is the understanding that the court closest to the cause of action would be
best suited direct enforcement of the law. This becomes tricky in cyber-space, as the conventional
understanding of territory does not apply. Often the place where the victim of the crime is harmed by the
commission of the crime will be different from the place of the offender, which may still be different from the
place from where the medium/server is maintained.

Section 1(2) of the IT Act states that it shall extend to the whole of India and that it would also apply to any
offence or contravention committed outside India by any person, except where otherwise provided under the
Act. This provision regarding extra-territorial application of the Act is made clearer when read with Section 75
of the IT Act which specifically provides that, regardless of the nationality of a person committing an offence,
the IT Act would also apply to offences committed outside India if the act or conduct constituting the offence
or contravention involves a computer, computer system or computer network located in India.

2.3. Electronic Agreements

With the rise of the Internet, online transactions (e-commerce) have assumed great significance. The
occurrence of transactions in cyber-space has altered the traditional notions of offer, acceptance and
agreement to transact, in that all this can now happen in a much simpler fashion. The law pertaining to offer
and acceptance as it takes place over the Internet is laid down under Section 12 and 13 of the IT Act that talk
about ‘acknowledgement of receipt’ and ‘time and place of dispatch and receipt of electronic record’
respectively. E-Commerce include Business to Business (B2B), Business to Consumer (B2C) and Customer to
Customer (C2C) agreements that use various new methods of transacting, like e-banking and electronic
signatures.

Library and
Media and Information Literacy
Information Science Media and Information Ethics: Cyber laws and Ethics
 Digital and electronic signatures as modes of authentication have already been discussed above. Section 2(ta)
of the IT Act provides that electronic signatures include digital signatures. Pertinently, Section 5 deals with
legal recognition of such signatures, and provides that authentication by signature may also be done through a
digital signature “affixed in such manner as may be prescribed by the Central Government.” As stated in the
Preamble to the IT Act, the Act also amends the Indian Evidence Act to provide for the presumption that
electronic records and signatures are not altered once they have obtained secure status.

One of the most important issues that arise in any form of agreement is that of security, and this is especially
so for online transactions where it is difficult to verify the existence/competency of the party transacting over
the Internet. Sections 14, 15, 16 & 17 of the IT Act deal with the aspects of security in online transactions.
Pertinently, Section 16 states that the Central Government shall prescribe the security procedure for
transactions for the purposes of the Act.

2.4. Cybercrimes

There is no singular or exhaustive definition of “cybercrimes”, and the types of crimes perpetuated under the
head of cybercrimes is increasing each day, with further advancements in technology. It is believed that “any
criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further
crimes comes within the ambit of a cybercrime” (Arora, 2008) According to Susan Brenner (2010), cybercrime
is merely the result of exploiting new technologies to commit old crimes in new ways, rather than a completely
novel phenomenon. It is generally understood that cybercrimes can be categorized broadly into three
categories (Seth, 2010):

a) Cybercrimes against the Government (eg: cyber terrorism);

b) Cybercrimes against persons (eg: cyber pornography, cyber stalking or cyber defamation); and
c) Cybercrimes against property (eg: online gambling, IPR infringement, phishing and credit card fraud)

Chapter 9 of the IT Act deals with “Penalties, Compensation and Adjudication”, and consists of Sections 43 to
47. Section 43 of the IT Act provides for penalty and compensation for damage to computer, computer system,
etc. The explanation to the provision clarifies that “damage” means to destroy, alter, delete, add, modify or
rearrange any computer resource by any means. Sub-sections (a) to (j) cover an array of acts committing

Library and
Media and Information Literacy
Information Science Media and Information Ethics: Cyber laws and Ethics
 without permission of the owner or any other person in charge of a computer, computer system or computer
network. These varied offences are explained in Table A given below.

Table A

Provision Offence Explanation

43(a) Accessing or securing access to such computer, Includes computer trespass,

computer system or computer network or violation of privacy, etc.
computer resource.

43(b) Downloading, copying or extracting any data, Includes digital copying, data
computer data base or information from such theft, data-base theft,
computer, computer system or computer violation of privacy, etc.
network including information or data held or
stored in any removable storage medium.

43(c) Introducing or causing introduction of any Includes deleting, altering,

computer contaminant or computer virus into modifying or damaging of
any computer, computer system or computer computer data or computer
network. programs, etc.

43(d) Damaging or causing damage of any computer, Includes forgery and deleting,
computer system or computer network, data, altering, modifying or
computer data base or any other programme damaging of computer data
residing in such computer, computer system or or computer programs, etc.
computer network.

43(e) Disrupting or causing disruption of any Includes denial of service

computer, computer system or computer attacks, SPAM mail, etc.
network.

Library and
Media and Information Literacy
Information Science Media and Information Ethics: Cyber laws and Ethics
 43(f) Denying or causing denial of access to any Includes denial of service
person authorised to access any computer, attacks, system interference,
computer system or computer network by any misuse of computer devices,
means. etc.

43(g) Providing any assistance to any person to Includes misuse of computer

facilitate access to a computer, computer devices, illegal access, etc.
system or computer network in contravention
of the provisions of this Act.

43(h) Charging the services availed of by a person to Includes fraud, cheating,

the account of another person by tampering misrepresentation, etc.
with or manipulating any computer, computer
system or computer network.

Suspicion regarding commission of any of the offences covered under Section 43 would attract civil
prosecution, and a person found guilty of contravening any of the sub-sections would be liable to pay damages
by way of compensation not exceeding five crore rupees to the person adversely affected. Section 46 & 47 of
the IT Act lay down the power of the adjudicating officers appointed by the Central Government to adjudicate
offences under Chapter 9, and the manner in which adjudication is to be done. Sections 48 to 61 of the Act
concern the powers and functions of the Cyber Appellate Tribunal.

Sections 65 to 67 of the IT Act list the punishments for various kinds of cybercrime, the commission of which
result in criminal prosecution. Details of these provisions of the IT Act are given in Table B given below:

Table B

Provision Offence Punishment

65 Tampering with computer source documents – Up to 3 years imprisonment

this covers instances of concealment, and/or fine extending up to 2

Library and
Media and Information Literacy
Information Science Media and Information Ethics: Cyber laws and Ethics
 destruction or alteration of any computer lakh rupees.
source code.

66 Computer related offences – this covers all the Up to 3 years imprisonment

offences referred to in Section 43, as listed in and/or fine extending up to 5
Table A above. lakh rupees.

66B Punishment for dishonestly receiving stolen Up to 3 years imprisonment

computer resource or communication device. and/or fine extending up to 2
lakh rupees.

66C Punishment for identity theft – this covers Up to 3 years imprisonment

fraudulent or dishonest use of electronic and/or fine extending up to 1
signatures, passwords or any other unique lakh rupees.
identification feature.

66D Punishment for cheating by personation by Up to 3 years imprisonment

using computer resource. and/or fine extending up to 1
lakh rupees.

66E Punishment for violation of privacy – this covers Up to 3 years imprisonment

any act of capturing, publishing or transmitting and/or fine extending up to 2
the image of a private area of any person lakh rupees.
without his or her consent.

66F Punishment for cyber terrorism – this covers Imprisonment which may
certain acts committed with the intention of extend to imprisonment for
threatening the unity, integrity, security or life.
sovereignty of India.

67 Punishment for publishing or transmitting Up to 5 years imprisonment

obscene material in electronic form – this and/or fine extending up to

10

Library and
Media and Information Literacy
Information Science Media and Information Ethics: Cyber laws and Ethics
 covers the publication/transmission of any 10 lakh rupees.
material which is lascivious or appeals to the
prurient interest of persons or tends to deprave
and corrupt persons in certain circumstances.

67A Punishment for publishing or transmitting of First conviction: Up to 5 years

material containing sexually explicit act, etc., in imprisonment and/or fine
electronic form. extending up to 10 lakh
rupees. Second conviction: Up
to 7 years imprisonment
and/or fine extending up to
10 lakh rupees.

67B Punishment for publishing or transmitting of Up to 7 years imprisonment

material depicting children in sexually explicit and/or fine extending up to
act, etc., in electronic form. 10 lakh rupees.

67C Preservation and retention of information by Up to 3 years imprisonment

intermediaries – this provision requires and/or fine.
intermediaries to preserve and retain
information for a certain duration (as may be
specified by the Central Government). Failure to
meet this requirement would attract
punishment.

In addition to the above, Sections 70-74 lay down the punishments for certain other cybercrimes including
misrepresentation, breach of confidentiality and privacy, disclosure of information in breach of lawful contract
and publishing fake Electronic Signature Certificates.

2.5. The IT Act & Article 19(1)(a) of the Constitution

11

Library and
Media and Information Literacy
Information Science Media and Information Ethics: Cyber laws and Ethics
 Section 66A of the IT Act, which was introduced by the 2008 amendment, was modelled along the lines of
Section 127 of the Telecommunication Act, 2003, prevalent in the United Kingdom. The provision criminalised
the sending, by means of a computer resource or a communication device any information that is grossly
offensive or has menacing character or any information which the sender knows to be false, but for the
purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity,
hatred or ill will. Commission of offences covered under this provision, including the act of cyber stalking, was
to attract a punishment of 2-3 years imprisonment and fine. However, recently in the landmark case of Shreya
Singhal v. Union of India 2015 SCC OnLine SC 248 the Supreme Court of India declared this provision to be
unconstitutional for violating Article 19(1)(a) of the Constitution, which provided the fundamental right to
freedom of speech and expression.

The judgment also dealt with Section 79A of the IT Act and the Intermediary Rules of 2011 notified under
Section 87(2)(g). Together, the Act and Rules placed upon intermediaries the difficult task of exercising due
diligence while discharging their functions and screening all content posted online. As per Section 79(3)(b) and
Rule 3(4), the intermediary was given the responsibility of determining whether content violated other
provisions of the IT Act, and, if it found that such a violation had been committed, the intermediary was
required to remove or disable access to such content within 36 hours! Holding that this would not be possible
or desirable given the volume of content and complex legal questions involved, the Shreya Singhal judgment
read down these two provisions to mean that an intermediary is obligated to remove or disable access to such
content only after receiving actual knowledge that a court order had been issued directing it to do so.

3. National e-Governance Plan

With the exponential growth of cyber-space with each passing day, the potential use of the Internet is growing
manifold. This has been recognised by the Government of India, with it rolling out the National e-Governance
Plan, as formulated by the Department of Electronics and Information Technology (DEITY) and the Department
of Administrative Reforms and Public Grievances (DARPG), in 2006. The stated objective of this plan is to
improve delivery of Government services to citizens and businesses, thus moving beyond the B2B, B2C and C2C
agreements discussed under ‘Electronic Agreements’. Implementation of the e-Governance is a highly complex
12

Library and
Media and Information Literacy
Information Science Media and Information Ethics: Cyber laws and Ethics
 process requiring provisioning of hardware & software, networking, process re-engineering and change
management. The Government’s focus on the Internet as a medium of development is a testament to the
power vested in cyber-space. However, for such a plan to function smoothly, it is crucial that cyber laws are up
to date and regulatory authorities are appropriately empowered to check misuse.

4. Ethics of the Cyber-space

Ethics are taught and learnt through a variety of institutions – familial, religious, educational, etc. While
questions of what is right and wrong have in the physical domain been explored for centuries, the answers to
these questions are still not universally agreed on insofar as the virtual world is concerned. Many scholars have
argued that students in particular find it difficult to identify wrong from right in the virtual world (Baum, 2008).
This has been partly attributed to the human tendency to treat one’s actions in the intangible, virtual world of
technologies as less serious than actions in the real world.

Cyber ethics are really nothing more than a code of ethics for the Internet. It includes a variety of rules
including that:

a) people should not post offensive material towards others;

b) people must respect the privacy of another person’s online account on any forum just the way we respect
others’ physical properties;
c) people should not share their personal or financial details on a public forum, unless they have thoroughly
verified that such details shall be used for the purposes for which they have authorised their use;
d) people should not impersonate others;
e) copyrighted information shall not be misused, and generally that information discovered online should be
used solely for legal purposes;

This is not an exhaustive list, but is merely indicative of the kind of rules that must be inculcated for the
Internet to become a reflection of our civil society.

13

Library and
Media and Information Literacy
Information Science Media and Information Ethics: Cyber laws and Ethics
 5. Criticism of the Existing Legal Framework

One major point of criticism often raised against the IT Act is that cyber stalking and cyber harassment have
not been specifically defined under it. Although the Indian penal statutes, when read together, do provide a
legal framework under which it is possible to catch certain cyber criminals, it may be seen that none of the
concerned enactments deal with cybercrimes in totality. Different standards of culpability arise under different
statutes and there is often confusion over which statute would even be applicable to a given case. Thus, it has
been argued that India should enact an exhaustive Code (Malgi, 2012) that would take into account all the
aspects of the law relating to the Internet, including issues like privacy, data protection, defamation, etc.

Another point of criticism of the cyber laws in India is that of jurisdiction. This module has already discussed
the complexities arising from acts committed in the virtual world. However, even with Section 75 of the IT Act
declaring it to be applicable extra-territorially, victims of cybercrimes in India have had difficulties in registering
FIRs for the crimes committed because of the jurisdictional issues involved. As suggested in the Draft
Explanatory Memorandum to the Draft Convention on Cybercrime (Council of Europe, 2001), one solution to
this would be to broaden the territorial notion of jurisdiction to prosecute so that it allows the nation to
prosecute whenever the offender’s conduct occurred in whole or in part in the prosecuting nation’s territory.
This problem could have even been met if the IT Act dealt with international cooperation on these issues and if
the Government were to sign Extradition Treaties that favoured extradition in cases involving the commission
of cybercrimes. In any case, training should be imparted to the law enforcement agencies to be sensitive to the
difficulty of pinning territorial jurisdiction of seemingly geography-agnostic cybercrimes to one place.

6. Summary

This module highlights the importance of cyber-space and the need for it to be well regulated. One of the most
important aspects of the IT Act is that it provides the legal structure for e-commerce to flourish in India. The
abilities of parties to enter into contracts online has diminished transactions costs otherwise involved in signing
of contracts and has presented the commercial world with unmatched potential for growth. However, equally
important is that the Internet is not misused for the perpetration of crimes, commonly referred to as

14

Library and
Media and Information Literacy
Information Science Media and Information Ethics: Cyber laws and Ethics
 cybercrimes. The IT Act contains detailed provisions for the prosecution and punishment of persons who
commit cyber offenses, and also amends various penal laws to facilitate the same. It also provides for
compensation and other remedies to victims of cybercrimes and other forms of abuse faced over the Internet.

Meanwhile cyber ethics has developed as a branch of ethics to cover cyber-space, highlighting the need for
codes that check human behaviour. While the distinctions between the physical world and the virtual world
continue to be a matter of debate, the notion that respect for others’ private space on the Internet is a must is
gaining popularity world over. The jurisprudence of laws relating to cyber-space in India is still in its nascent
stage, but India is making valiant attempts to keep abreast with the technological developments taking place
across the globe. To conclude, it may be stated that cyber laws in India will only truly be effective when they
are able to constantly adjust to the new forms in which problems arise over the Internet. For this, an active
Legislature, Executive and Judiciary in the field of Internet regulation is an absolute must. However, as the
Shreya Singhal judgment has shown us, it is essential that the distinction between “regulation” and
“unreasonable restriction” be appreciated.

References

 Arora, Tarun, “The Concept of Cyber Crimes: An Introduction”, Legal News & Views, Volume 22, Issue 6,
2008.
 Council of Europe, Draft Explanatory Memorandum to the Draft Convention on Cyber-Crime (2001).
 B.R Suri & T.N Chhabra, “Cyber Crime”, 1st ed., 2002, Pentagon Press, Delhi.
 Baum, Janna J., “Cyber Ethics: The New Frontier”, Tech-Trends, Volume 49 (2008), 54-56.
 Brenner, Susan, “Is There Such a Thing as Virtual Crime?”, California Criminal Law Review, Volume 4, Issue
1, 2001, available at:
<[Link] (Last accessed on
12th May, 2015).

15

Library and
Media and Information Literacy
Information Science Media and Information Ethics: Cyber laws and Ethics
  Malgi, Shashirekha, “Cyber Crimes under Indian IT Laws”, International Journal of Scientific & Engineering
Research, Volume 3, Issue 6, 2012, 1-11.
 Resolution adopted by the General Assembly of the United Nations, A/RES/51/162, 16th December, 1996,
available at: <[Link] (Last accessed
on 9th May, 2015).
 Seth, Karnika, “Cyber Crimes and the Arm of the Law – An Indian Perspective”, available at:
<[Link] (Last
accessed on 11th May, 2015).

16

Library and
Media and Information Literacy
Information Science Media and Information Ethics: Cyber laws and Ethics