Penalties And Offenses Under IT Act 2000

INVESTIGATION OF CYBER-CRIMES IN INDIA

Penalties, Compensation and Adjudication sections

 Section 43 – Penalty and Compensation for damage to computer, computer system
If any person without permission of the owner or any other person who is in-charge of a computer, computer system or computer network –

o Accesses or secures access to such computer, computer system or computer network or computer resource.

o Downloads, copies or extracts any data, computer data, computer database or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium

o Introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network

o Damages or causes to be damaged any computer, computer system or computer network, data, computer database, or any other programmes residing in such computer, computer system or computer network

o Disrupts or causes disruption of any computer, computer system, or computer network

o Denies or causes the denial of access to any person authorized to access any computer, computer system or computer network by any means.

o Charges the services availed of by a person to the account of another person by tampering with or manipulating any computer of a computer, computer system or computer network.

o Provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made there under.

o Charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network.

o Destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means.

o Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage,
he shall be liable to pay damages by way of compensation to the person so affected.

 Section 43A – Compensation for failure to protect data Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, not exceeding five crore rupees, to the person so affected.

 Section 44 – Penalty for failure to furnish information or return, etc. If any person who is required under this Act or any rules or regulations made there under to –

o Furnish any document, return or report to the Controller or the Certifying Authority, fails to furnish the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand rupees for each such failure

o File any return or furnish any information, books or other documents within the time specified therefore in the regulations, fails to file return or furnish the same within the time specified therefore in the regulations, he shall be liable to a penalty not exceeding five thousand rupees for every day during which such failure continues

o Maintain books of account or records, fails to maintain the same, he shall be liable to a penalty not exceeding ten thousand rupees for every day during which the failure continues.

 Section 45 – Residuary Penalty Whoever contravenes any rules or regulations made under this Act, for the contravention of which no penalty has been separately provided,shall be liable to pay a compensation not exceeding twenty-five thousand rupees to the person affected by such contravention or a penalty not exceeding twenty-five thousand rupees.

 Section 47 – Factors to be taken into account by the adjudicating officer Section 47 lays down that while adjudging the quantum of compensation under this Act, an adjudicating officer shall have due regard to the following factors, namely :-

o The amount of gain of unfair advantage, wherever quantifiable, made as a result of the default;
o The amount of loss caused to the person as a result of the default,
o The repetitive nature of the default.

II. Offences sections

 Section 65 – Tampering with Computer Source Documents If any person knowingly or intentionally conceals, destroys code or alters or causes another to conceal, destroy code or alter any computer, computer program, computer system, or computer network,he shall be punishable with imprisonment up to three years, or with fine up to two lakh rupees, or with both.

 Section  66 – Computer Related Offences If any person, dishonestly, or fraudulently, does any act referred to in section 43,he shall be punishable with imprisonment for a term which may extend to two three years or with fine which may extend to five lakh rupees or with both.

 Section 66A – Punishment for sending offensive messages through communication service. Any person who sends, by means of a computer resource or a communication device

o Any information that is grossly offensive or has menacing character

o Any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently makes by making use of such computer resource or a communication device.

o Any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages shall be punishable with imprisonment for a term which may extend to three years and with fine.

 Section 66B – Punishment for dishonestly receiving stolen computer resource or communication device. Whoever dishonestly receives or retains any stolen computer resource or communication device knowing or having reason to believe the same to be stolen computer resource or communication device,shall be punished with imprisonment of either description for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.

 Section 66C – Punishment for identity theft Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person,shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.

 Section 66D – Punishment for cheating by personation by using computer resource Whoever, by means of any communication device or computer resource cheats by personating; shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.

 Section 66E – Punishment for violation of privacy Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person.

Explanation – For the purposes of this section:

a. “transmit” means to electronically send a visual image with the intent that it be viewed by a person or persons.

b. “capture”, with respect to an image, means to videotape, photograph, film or record by any means.

c. “private area” means the naked or undergarment clad genitals, pubic area, buttocks or female breast.

d. “publishes” means reproduction in the printed or electronic form and making it available for public.

e. “under circumstances violating privacy” means circumstances in which a person can have a reasonable expectation that–

i. he or she could disrobe in privacy, without being concerned that an image of his private area was being captured or

ii. any part of his or her private area would not be visible to the public, regardless of whether that person is in a public or private place.

Cyber-crime scenarios and Applicability of Legal Sections

Let us look into some common cyber-crime scenarios which can attract prosecution as per the penalties and offences prescribed in IT Act 2000 (amended via 2008) Act.

 Harassment via fake public profile on social networking site

A fake profile of a person is created on a social networking site with the correct address, residential information or contact details but he/she is labelled as ‘prostitute’ or a person of ‘loose character’. This leads to harassment of the victim.Provisions Applicable:- Sections 66A, 67 of IT Act and Section 509 of the Indian Penal Code.

 Online Hate Community

Online hate community is created inciting a religious group to act or pass objectionable remarks against a country, national figures etc.Provisions Applicable: Section 66A of IT Act and 153A 153B of the Indian Penal Code.

 Email Account Hacking

If victim’s email account is hacked and obscene emails are sent to people in victim’s address book.Provisions Applicable:- Sections 43, 66, 66A, 66C, 67, 67A and 67B of IT Act.

 Credit Card Fraud

Unsuspecting victims would use infected computers to make online transactions.Provisions Applicable:- Sections 43, 66, 66C, 66D of IT Act and section 420 of the IPC.

 Web Defacement

The homepage of a website is replaced with a pornographic or defamatory page. Government sites generally face the wrath of hackers on symbolic days.Provisions Applicable:- Sections 43 and 66 of IT Act and Sections 66F, 67 and 70 of IT Act also apply in some cases.

 Introducing Viruses, Worms, Backdoors, Rootkits, Trojans, Bugs

All of the above are some sort of malicious programs which are used to destroy or gain access to some electronic information.Provisions Applicable:- Sections 43, 66, 66A of IT Act and Section 426 of Indian Penal Code.

 Cyber Terrorism

Many terrorists are use virtual(GDrive, FTP sites) and physical storage media(USB’s, hard drives) for hiding information and records of their illicit business.Provisions Applicable: Conventional terrorism laws may apply along with Section 69 of IT Act.

 Online sale of illegal Articles

Where sale of narcotics, drugs weapons and wildlife is facilitated by the Internet Provisions Applicable:- Generally conventional laws apply in these cases.

 Cyber Pornography

Among the largest businesses on Internet. Pornography may not be illegal in many countries, but child pornography is.Provisions Applicable:- Sections 67, 67A and 67B of the IT Act.

 Phishing and Email Scams

Phishing involves fraudulently acquiring sensitive information through masquerading a site as a trusted entity. (E.g. Passwords, credit card information)Provisions Applicable:- Section 66, 66A and 66D of IT Act and Section 420 of IPC

 Theft of Confidential Information

Many business organizations store their confidential information in computer systems. This information is targeted by rivals, criminals and disgruntled employees.Provisions Applicable:- Sections 43, 66, 66B of IT Act and Section 426 of Indian Penal Code.

 Source Code Theft

A Source code generally is the most coveted and important “crown jewel” asset of a company.Provisions applicable:- Sections 43, 66, 66B of IT Act and Section 63 of Copyright Act.

 Tax Evasion and Money Laundering

Money launderers and people doing illegal business activities hide their information in virtual as well as physical activities.Provisions Applicable: Income Tax Act and Prevention of Money Laundering Act. IT Act may apply case-wise.

 Online Share Trading Fraud

It has become mandatory for investors to have their demat accounts linked with their online banking accounts which are generally accessed unauthorized, thereby leading to share trading frauds.Provisions Applicable: Sections 43, 66, 66C, 66D of IT Act and Section 420 of IPC

REGULATORY AUTHORITIES AND OVERVIEW OF RULES ISSUED UNDER THE IT ACT 2000

These Rules may be called Information Technology (Certifying Authorities) Rules, 2000.
They shall come into force on the date of their publication in the Official Gazette.
In these Rules, unless the context otherwise requires,–

(a) “Act” means the Information Technology Act, 2000 (21 of 2000)

(b) “applicant” means Certifying Authority applicant

(c) “auditor” means any internationally accredited computer security professional or agency appointed by the Certifying Authority and recognized by the Controller for conducting technical audit of operation of Certifying Authority

(d) “Controller” means Controller of Certifying Authorities appointed under sub-section (1) of Section 17 of the Act

(e) “Digital Signature Certificate” means Digital Signature Certificate issued under sub-section 4 of section 35 of the Act

(f) “information asset” means all information resources utilized in the course of any organisation’s business and includes all information, applications (software developed or purchased), and technology (hardware, system software and networks)

(g) “licence” means a licence granted to Certifying Authorities for the issue of Digital Signature Certificates under these rules

(h) “licensed Certifying Authority” means Certifying Authority who has been granted a licence to issue Digital Signature Certificates

(i) “person” shall include an individual; or a company or association or body of individuals; whether incorporated or not; or Central Government or a State Government or any of the Ministries or Departments, Agencies or Authorities of such Governments

(j) “Schedule” means a schedule annexed to these rules

(k) “subscriber identity verification method” means the method used to verify and authenticate the identity of a subscriber

(l) “trusted person” means any person who has: –

(i) direct responsibilities for the day-to-day operations, security and performance of those business activities that are regulated under the Act or these Rules in respect of a Certifying Authority; or
(ii) duties directly involving the issuance, renewal, suspension, revocation of Digital Signature Certificates (including the identification of any person requesting a Digital Signature Certificate from a licensed Certifying Authority), creation of private keys or administration of a Certifying Authority’s computing facilities.

(m) words and expressions used herein and not defined but defined in Schedule-IV shall have the meaning respectively assigned to them in that schedule.

Article By Prerna Prakash
Edited By Mahima Gupta

Also Read : https://www.youthkiawaaz.com/2018/06/women-are-easy-prey-to-cyber-crimes/#.XUBQ1NWIVSE.whatsapp