(Position before IT Amendment Bill 2008 was passed)

By- Karnika Seth, Cyberlaw expert

According to Section 65 of the Indian IT Act, a person who intentionally conceals or destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer program, computer system or network when the computer source code is required to be maintained by law is punishable with imprisonment upto 3 years or with fine that may extend upto 2 lakh Rupees or with both. ‘Computer source code’ means the listing of programs, computer commands, designs and layout and program analysis or computer resource in any form.

Section 66 of the IT Act deals with the offence of computer hacking. In simple words, hacking is accessing of a computer system without the express or implied permission of the owner of that computer system. Examples of hacking may include unauthorized input or alteration of input, destruction or misappropriation of output, misuse of programs or alteration of computer data. As per Section 66, a person with the intention to cause or with the knowledge that he will cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in computer resource or diminishes it value or utility or affects its injuriously by any means commits hacking. Punishment for hacking is imprisonment upto 3 years or fine which may extend to 2 lakh Rupees or both. ‘Hacking’ means destruction or alteration of any information residing in computer resource, that is destruction or alteration of tangible and/or intangible assets of a computer resource.

Academicians hold a view that it is difficult to prove intention to cause wrongful loss or damage in the electronic environment and Internet. The words “wrongful loss” is not defined under the IT Act, 2000. However, Section 23 of the Indian Penal Code defines “wrongful loss” to mean “loss by unlawful means of property to which the person losing it is legally entitled”.

Further, how do you prove the diminishing of value of information? The value of information is inherent in the information itself. Further, the value of information is likely to differ from context to context and from perspective to perspective. Further, there will be great impediments to prove diminishing of utility of information. No standards for proving the same as per law have yet been laid down. Also, how will you prove that information has been affected injuriously by any means? What are the norms and standards for proving injury in the electronic medium and Internet? All these questions are yet to be answered.

The punishment for transmitting or publishing or causing to be published or transmitted, any material that is obscene in electronic form may be imprisonment for a term that may extend to two years and with fine that may extend to twenty five thousand rupees on first conviction
[1]. If necessary to comply with the provisions of this Act, the Controller can direct a Certifying Authority or any employee of such Authority to take such measures or cease carrying on such activities as specified[2] . The Controller has the power to direct a subscriber to extend facilities to decrypt information in the event that it is necessary, in the opinion of the Controller, to do so[3] :

– In the interest of the sovereignty or integrity of India
– Security of the State
– Friendly relations with foreign States
– Public order
– For preventing incitement to the commission of any cognizable offence.

The subscriber or any person in charge of the computer resource (though which such information has to be intercepted) is required to extend all facilities and technical assistance to decrypt the information. Any person failing to do so shall be punished with an imprisonment term that may extend to seven years. The appropriate Government may by notification declare any computer, computer system or computer network to be a protected system[4]. Any unauthorized access of such systems will be punishable with imprisonment that may extend to ten year or with fine.

Any person Misrepresenting or suppressing any material fact to the Controller or the Certifying Authority shall be punished with imprisonment for a term which may be extend to one lakh rupees or both[5]. Punishment for breach of confidentiality and privacy is imprisonment for a term which may extend to two years or with a fine which may extend to one lakh rupees or both[6] .

There is a provision to govern and control the Certifying Authority or any other person who possesses the knowledge that the digital signature certificate is false by prescribing a penalty for publishing false Digital Signature Certificates[7] . All persons who are guilty of the offence of being involved in cases where the system of digital certificates is used for unlawful and fraudulent purposes are covered and a punishment prescribed [8]. The jurisdiction of the Act is outlined and its provisions are to be applicable even for offences or contravention committed outside India, by person irrespective of his nationality[9] .

The confiscation of the computer and its peripherals in respect of any provision of this Act, rules, orders or regulations being contravened, is also provided for[10]. Further, the court is permitted to direct otherwise if it feels that the person is possession of the system is not responsible for the contravention of the Act. The processes that may be carried out by virtue of the provisions of this Act should not negate the application or enforcement of provisions of any other Act [11]. Therefore, any prosecution for any offence under any Act can commence before, during or after the commencement of prosecution under this Act. A police officer not below the rank of Deputy Superintendent of Police can investigate any offence under this Act[12] .

[1] . Section 67
[2] . Section 68
[3] . Section 69
[4] . Section 70
[5] . Section 71
[6] . Section 72
[7] . Section 73
[8] . Section 74
[9] . Section 75
[10] . Section 76
[11] . Section 77
[12] . Section 78