Cyber Law Simplified

India is in the midst of a cyber-legal-commercial revolution. In order to provide a smooth transition for e-commerce and e-governance, the IT Act, 2000 has been enacted by the Indian Parliament. The Act provides a legal framework for e-commerce and is a step towards facilitating and enforcing legal discipline.

Cyber Law Simplified presents a harmonious analysis of the key provisions of the IT Act, 2000 in consonance with the relevant aspects of several other laws of the land which impact jurisdiction in the cyber world. The book offers solutions to critical cyber-legal problems and would facilitate legal planning, decision making and cyber-legal compliance in the e-world. The simple and reader friendly style of writing would provide a clear understanding of the subject to managers in the areas of systems, business, legal, tax or human resources; CEOs; COOs; CTOs; and IT consultants. Professionals like chartered accountants, company secretaries and lawyers would also find the book useful.

  • Power of Arrest without Warrant under the IT Act, 2000: A Critique
  • Cyber Crime and Criminal Justice: Penalties, Adjudication and Appeals Under the IT Act, 2000
  • Contracts in the Infotech World
  • Jurisdiction in the Cyber World
  • Battling Cyber Squatters and Copyright Protection in the Cyber World
  • E-Commerce Taxation: Real Problems in the Virtual World
  • Digital Signatures, Certifying Authorities and E-Governance
  • The Indian Evidence Act of 1872 v. Information Technology Act, 2000
  • Protection of Cyber Consumers in India

“Interesting, meaningful and expressive. Today, organizations are grappling with the cyber-legal ramifications of their strategies and policies. The book seeks to address this need in a lucid manner and is therefore an asset for decision-makers who may not have a strong foundation in law. In particular, the implications of the Information Technology Act, 2000 have been explained in an easy-to-understand language. On the whole, a book for the times ahead.”

N R Narayana Murthy
Chairman and CEO, Infosys Technologies Limited

To many, the Internet is the fourth mode of communication. Undoubtedly, the first was communication through gestures before the human race invented speech. For many centuries, speech became the second mode of communication. The third mode of communication was writing. Writing brought in a series of written laws. With each passing year, these laws started getting more and more complex. The Internet is still at a very nascent stage of development. Being the newest mode of communication, we will need laws to govern this mode. As the Internet is currently gaining popularity, unlike other well established modes of communication, the laws ruling them are also at a developing stage. As the Internet gains proliferation, so will the complexity of the cyber laws, covering more and more relevant and critical issues.

While many countries and societies are in the process of putting in place the cyber laws, a few have already laid down cyber laws, and India is proud to be one among them.

India is globalizing its economy. Information Services and Information Technology are starting to have a profound effect on the country's economy, trade and commerce. The Securities and Exchange Board of India has also allowed trading on the Internet. The stock exchanges in the country are carrying out different kinds of transactions and information exchange of their networks. The Central Vigilance Commissioner has directed the banks to computerize their operations to the extent of 70 percent, at the earliest. The Reserve Bank of India has also introduced the electronic payment system on a very limited scale (basically for intra-city cheques clearing). There have also been concerns from Intelligence and Law Enforcement Agencies and others about data protection, computer crime, computer misuse, security standards, intellectual property right, privacy, etc. Clearly the establishment of a legal regime that encourages Electronic Commerce Law is critical for the country.

In India, cyber laws are contained in the Information Technology Act, 2000. In May 2000, both the houses of the Indian Parliament passed the Information Technology Bill. The Bill received the assent of the President in August 2000 and is now the Information Technology Act, 2000 (IT Act, 2000). The IT Act, 2000 aims to provide the legal infrastructure for e-commerce in India. These laws have a major impact for e-businesses and for the new economy in India. It is important for us to understand what the IT Act, 2000 and its various perspectives.

Cyber Law Simplified has presented the cyber laws governing India in a simplified format, rather than in the legal jargon that internet users in the country cannot relate to. What is interesting is that besides articulating the various features of the IT Act, 2000 the books goes forward to explain several other laws and their interplay with the IT Act, 2000. This helps to provide the user with a comprehensive approach to issues dealing with cyber crimes, contract violations, online fraud, etc.

The book also highlights the importance of copyright protection in the cyber world and discusses legal remedies against cyber squatting. This is an important issue for Indian businesses that are looking for an online presence.

The book also details the implications of the problems relating to e-commerce taxation in a borderless world and the most significant issue of the protection of cyber consumers in India.

I would like to compliment Mr. Vivek Sood for having put together an excellent book and am sure that it will help the Indian netizens in their cyber voyage.

Phiroz Vandrevala
Chairman, NASSCOM

This book neither contains the philosophy of cyber law nor is it a yet another legal commentary meant only for the legal community. It presents an analysis of the cyber law in India in a simplified form, offering a clear understanding of the subject to the IT community and to the lay netizens, besides the legal fraternity. The book has been written keeping in view the many cyber-legal issues and problems the e-commerce players, such as dot coms, Internet Service Providers (ISPS), software businesses, IT consultants, and corporates having IT as an integral part of their systems, are frequently confronted with. It also covers the issues they are likely to face head-on, once just another fraction of the potential of e-commerce is unleashed on the globe.

In 1996, the online community was 37 million, which rose to 63 million in 1998 and is expected to touch 116 million in 2002. The OECD (Organization for Economic Co-operation and Development) estimates global e-commerce sales of US $ 6500 billion in 2002. Very soon, we would find ourselves in a cyber-legal and commercial society. Today, there are more questions on cyber law than answers. Being a practising lawyer and writer, I, therefore, took it as a duty to provide solutions to cyber-legal problems and share my experience, understanding and opinions on the subject to facilitate decision making. I hope the book proves an asset for all accountable and responsible to ensure that cyber-legal issues/problems are dealt with fairly and there is cyber- legal compliance. The book should be useful to managers (systems, business, legal, tax or human resources), CEOs (Chief Executive Officers), COOs (Chief Operating Officers) and CTOs (Chief Technological Officers) of an e-business or a corporate having IT as an integral part of its system, IT consultants, and other professionals such as chartered accountants, company secretaries, and lawyers having clients from the IT sector.

There is a general misunderstanding that the entire Indian cyber law is encapsulated in the Information Technology Act, 2000. It needs to be digested that cyber law in India consists of a gamut of laws, each of which operates independently and also interplays with one another. For instance, the IT Act, 2000 defines and punishes only a few cyber crimes. Online fraud, for example, is no offence under the IT Act; nevertheless it may amount to 'cheating', punishable under section 420 of the Indian Penal Code, 1860. Although the powers of entry, search and arrest have been granted to specified police and other officers under the IT Act, 2000, the entire procedure of criminal investigation and trial is stated in the Criminal Procedure Code (Cr.P.C.), 1973. The IT Act, 2000 is silent on whether the cyber crimes defined and punishable therein are bailable or non-bailable, for which one has to again travel to Cr.P.C.

Every e-commerce transaction is in essence a contract. The law of contracts has been stated in the Indian Contract Act, 1872. However, sections 12 and 13 of the IT Act, 2000 have significant implications on e-contract formation and hence the necessity of a harmonious analysis of the two laws. The law of jurisdiction of courts in civil disputes is stated in the Code of Civil Procedure, 1908. Section 13 of the IT Act, 2000 has the effect of silently amending the civil law of jurisdiction insofar as civil disputes arising in the cyber world by despatch and receipt of electronic records are concerned. There are several such combinations of laws governing the e-world. In this book, besides including a simple analysis of the important provisions of the IT Act, 2000, I have attempted to cover the relevant aspects of several other laws and their interplay with the IT Act, which directly or indirectly affect transactions in the cyber world. The book is therefore not restricted to the Information Technology Act, 2000.

It is imperative for the IT community to realize the importance of the cyber law. There is a general misconception in the Indian mindset that legal advice is required only when there is a problem on hand. The concept of legal planning in advance, so as to avoid legal hassles or defeat them whenever they arise, is yet to sink into the mindset of the IT community in India.

Since every e-commerce transaction is a contract, it is imperative to understand the relevant aspects of the Indian Contract Act, 1872 and relate them to the IT Act, 2000. When and where an e-contract is formed, are two important questions which create a contractual relationship of rights and obligations between the parties, determine territorial jurisdiction of courts in the event of a dispute, and may also be important for deciding which legal system's law would govern the transaction. E-contract formation is significant in the context of the growing cross-border e-commerce. The legal validity of shrink-wrap and click-wrap contracts is also a significant issue. Unfortunately, in India, not much attention is being paid to draft e-contracts appropriate to the transaction. There is a general tendency to copy others' contracts which mostly proves to be a liability rather than a cure, in the event of a dispute. By drafting e-contracts properly, several frequent problems can be avoided. Since e-commerce transactions travel across borders with luxurious ease, there is a risk of being sued in foreign lands. In certain parts of the world such as the US, the levels of damages awarded by courts could be mind-boggling for e-businesses and e-services based in India. These and several other aspects ought to be considered while drafting e-contracts.

With the growing e-commerce base and its future potential, domain names today are serving as trade names, trademarks, brands and carry with them the goodwill and reputation of the web-sites they represent. There is a scramble for domain names and this has also attracted cyber squatters. The Uniform Domain Name Dispute Resolution Policy of ICANN (Internet Corporation for Assigned Names and Numbers) is being frequently invoked to evict cyber squatters from domain names in which the complainant has lawful rights. An analysis of the said dispute resolution policy and the other legal rights and remedies under the trademarks law, available against cyber squatting, also assume significance for the IT community.

Copyright protection of web content and software are among the most significant issues confronting the IT community globally. Other than an isolated provision on copyrights in the IT Act, 2000, the area of copyright protection in the cyber world is covered in the Copyright Act, 1957. Moreover, copyright ownership of software or web content developed by an employee or an independent developer, licensing of copyright, assignment, infringement and criminal liability, are substantial issues which frequently arise in most IT businesses. Every Dot Com must be aware of the legal implications of downloading, hyperlinking, framing, etc.

Taxation of e-commerce transactions is a subject that has hit headlines globally. Differences persist among members of the international community on whether or not to tax e-commerce. The extension of the concept of Permanent Establishment (PE) to tax income/profit from e-commerce transactions is not only a legal issue but has assumed political proportions. Is the PE concept relevant in this information age and does it serve the interests of developing countries like India? Imposition of indirect taxes on electronic deliverables such as music, video, software, etc. a dilemma for governments all over and is now sought to be used by some countries as a weapon to protect domestic goods and services from foreign competition especially from the US, which is the largest exporter of e-goods and e-services. Is it fair to impose customs duties on the import of e-deliverables/transactions?

Cyber crimes such as hacking, planting computer viruses and online financial frauds, have the potential of shaking economies. It is the deadliest epidemic confronting our planet in this millennium. The memories of the Love Bug and Melissa viruses, and the hacking of web-site majors such as Yahoo,, eBay,, are still fresh. Cyber crime is growing at a rate of 4.1% per week, posing a challenge for technology and the criminal justice system.

What is cyber crime? What are the various kinds of cyber crimes? How is cyber crime distinct from other forms of criminality such as murder, rape and kidnapping? What are the effective ways of tackling cyber crime? What are the challenges posed by cyber crime to the criminal justice system? Can our police fairly and effectively deal with cyber crime? What are the legal remedies for victims of cyber crime? Other than the cyber criminals, no netizen or web-site owner can afford to ignore these questions as others' problems. It must be realized that everyone and not just the IT community is a potential victim of cyber crime. The wide ambit of the definition of "Hacking" u/s 66 of the IT Act, 2000 and the severe punishment, have serious legal implications for the IT community.

Moreover, section 67, which punishes the publishing and transmission of obscene material in electronic form with imprisonment of up to 5 years along with a fine of up to Rs 1 lakh on first conviction, and with imprisonment of up to 10 years with a fine of up to Rs 2 lakh on second or subsequent conviction, is another controversial provision in the law. The words "is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it" in section 67 have been photocopied from section 292 IPC, 1860. Our lawmakers seem to have forgotten certain important aspects of the Internet. If few friends at a party exchange lascivious jokes or discuss sex, the law does not and ought not to interfere, for it would otherwise amount to an intrusion into their privacy. But, if the sex chat between the friends takes place on the Internet, section 67 would take them to jail. Isn't it a blatant violation of the right to privacy? Sexy e-mail messages exchanged between consenting lovers may also land them behind bars.

In my opinion, section 67 should have been restricted to the following situations:

  • Transmitting obscene and lascivious material to persons below 18 years of age.
  • Transmitting or publishing obscene material to any person so as to harass or embarrass the recipient and cause any other such effect. This would exclude sex chats and other adult e-material being exchanged between consenting friends or lovers.
  • The original creators of pornographic web-sites, the management of such web-sites and those sending pornographic material over the Internet as an organized activity, should be labelled criminals.

The arrest of a juvenile--a 16-year-old boy of Air Force Bal Bharti School in South Delhi-for committing the offence under section 67 of the Information Technology Act, 2000 by allegedly setting up a web-site which contained lascivious and obscene material about certain girl students and teachers, has given rise to certain questions such as:

  • Whether severe and deterrent action should be taken against the accused juvenile?
  • Isn't posting lascivious material on the web-site similar to penning vulgar stuff on toilet walls, etc?

In my opinion, the action taken against the accused juvenile in the said case ought to be more harsh than that against a poor juvenile caught for shoplifting or theft from a home. For once, we should shed our sympathies for juveniles born with silver and golden spoons Therefore, let the Juvenile Justice Act, 1986, section 67 of the IT Act, 2000 and the rules of the school take care of the school boy.

The media splash, arrest and action by the school were all necessary for serving as a deterrent to the accused and juveniles nurturing similar ideas.

Posting vulgar material on a web-site cannot be equated with painting or writing obscene stuff on toilet walls. A web-site is accessible on a few clicks to the world at large, whereas a toilet wall is available only to locals of the area.

The recognition of digital signatures would revolutionize e-commerce. The legal implications of digital signatures, liability of digital signatories (subscribers), role and regulation of certifying authorities issuing Digital Signature Certificates and the legal side of e-governance, are issues of importance.

Has the Indian Evidence Act, 1872 been amended or tampered with by the IT Act, 2000? Proof of digital signatures and admissibility of electronic evidence in legal disputes, would be relevant for every e-commerce player.

Once e-commerce passes the stage of infancy, global markets would be at the command of the cyber consumer through the screen of his PC or television. Cyber consumerism would surpass the greatest of the revolutions humanity has ever seen. Since the cyber consumer does not come face to face with the online seller of goods or provider of services, it increases the risk of defective goods being delivered, non-delivery, deficiency in services and other frauds upon the consumers. As goods are purchased online from the cyber market and delivered later, the cyber consumer does not get the opportunity to examine them. Web shops can also disappear easily after booking orders and receiving payments through credit cards. False and fictitious investment schemes are crowding the Internet. In this age of cyber consumerism, protection of cyber consumer in India under the Consumer Protection Act, 1986 would assume a crucial role. The scope and ambit of the law of consumer protection is significant both for cyber consumers and e-retailers, e-service providers and manufacturers as well.

There are also certain serious anomalies in the IT Act, 2000 which are likely to flood the courts with cancerous litigation in the years to come, unless our law makers rise to the occasion and correct the law before it is too late.

The aforesaid and many other issues are covered in this book.

The following appendices are readily available on the Internet at the following addresses and can be downloaded for reference.

  • Information Technology Act, 2000
  • Statement of Objects and Reasons
  • Notes on Clauses
  • Information Technology (Certifying Authorities) Rules, 2000
  • Cyber Regulations Appellate Tribunal (Procedure) Rules, 2000
  • Cyber Regulation Advisory Committee
  • Notification under section 1 (3) of Information Technology Act, 2000
  • UNCITRAL Model Law on Electronic Commerce

Every manager (systems, business, legal, tax or human resources), CEO, COO or CTO of an e-business or a corporate having IT as an integral part of its systems, IT consultant, chartered accountant, company secretary and lawyer having clients from the IT sector, must ask himself the question:

In this information age, can I afford to ignore the cyber law?