white black legal international law journal ISSN: 2581-8503

Peer-Reviewed Journal | Indexed at Manupatra, HeinOnline, Google Scholar & ROAD

CYBERSECURITY AND CYBERLAW WITH REFERENCE TO INDIA by - T. Naga Dhanalakshmi Sarvani

CYBERSECURITY AND CYBERLAW WITH REFERENCE TO INDIA

 

Authored by - T. Naga Dhanalakshmi Sarvani

 

ABSTRACT

The use of the internet has rapidly increased in recent years. These days, a person spends most of their time online. Even though using the internet has many benefits, there are drawbacks. Cyber threats are one of the drawbacks of the internet. We should ensure robust cyber security to combat these negative features of cyberspace, which are covered by cyber law. India, one of the nations with widespread internet usage, has adopted and is enforcing rules relating to cyber security and a safe online environment. We must educate our citizens on using this technology as our country quickly develops its cyber infrastructure. Knowledge about Cyber-ethics, cyber-safety and cyber-security must be incorporated into the educational process from a young age. This essay focuses on cybercrime and cybersecurity and tries to make the explanation more understandable while shedding light on India’s situation and the country’s legal safeguards for a secure online environment. Additionally, it demonstrates compliance with NIST and the important cybersecurity case laws.

 

Keywords – Cyberlaw, Cybersecurity, Cyber threats, Cybercrime, Cybersecurity in India, Cyberspace

 

  1. INTRODUCTION

Making cyberspace secure from dangers, namely cyber threats, is the goal of cyber security. The term “cyber-threats” is very ambiguous and refers to the malicious use of information and communication technologies (ICTs) by various malevolent actors, either as a target or a tool. Cybercrimes occur when illegal or unauthorized data access involves a computer or device. There is a rapid increase in cybercrimes, including fraud, abuse, and misuse of devices. With the widespread use of the internet in all spheres of life, cybercriminals now have much room to operate without being physically present in areas like sports, nuclear, or personal information. Technology and the internet are increasing lightning-fast, which has pros and cons. Individuals use these cons after founding loopholes in the system for illegal activity, also known as cybercrime.

Cybercrime is not defined by the I.T Act of 2000, the National Cyber Security Policy of 2013, or any other Indian law. Therefore, cybercrime is just a combination of computer crime. In other words, “cybercrime can be known as any such crime which involves the use of a computer.” Take a situation in which a computer or data stored on a computer utilized or misused by the fraudster serves as the basis for or facilitates such a crime. The I.T. Act defines the computer and its network, data, information, and all other components required to commit cybercrime. Cyber security is usually secured in India under I.T. Act, 2000 and IPC.

 

  1. RESEARCH METHODOLOGY

The research approach used to perform this research is doctrinal, analytical, and descriptive. The research material used for this research is secondary; articles, websites, and research will be discussed in the literature review section and assessed to the best of the researcher’s knowledge.

 

  1. SCOPE AND LIMITATIONS

This research includes information about cyber law and cyber security. Along with its relationship to cyber law and NIST, this research also involves the I.T. Act and the Companies Act, including the Indian Penal Code about cyber law. This study does not analyse cyber law and cybercrimes in depth; it just provides information regarding cyber law and cyber security.

 

  1. LITERATURE REVIEW
  1. Cyberlaw terminology as a new lexical field in legal discourse[1]:

The article explained the history and development of the term “cyber,” examined the conceptual categories employed in the terminology of E.U. law that uses the term “cyber,” and identified the Lithuanian terms that are used to translate “cyber” into their Lithuanian equivalents. The ad hoc English and Lithuanian corpora of the E.U. legislative papers were assembled for the study’s aims. The research’s findings are helpful for students and teachers of legal terminology and legal translation, as well as writers of legislative and administrative documents and other experts involved in cybersecurity.

 

  1. Emerging threats for the human element and countermeasures in the current cybersecurity landscape[2]:

This article states that cybersecurity increasingly relies on developments in the study of human behavior to get more significant insights into handling the digital world’s developing issues. 

The article provided a broad overview of recent developments in human behavior psychology and the evolution of cyber threats. The function of social engineering is considered, in addition to the significance of the human element as the starting point for developing cyber security programs in enterprises and safeguarding individual online behavior. Ethics and issues related to new developments in human behavior research are also covered. The article ends with a list of unanswered research concerns that require prompt academic attention to prevent the future exponential expansion of information breaches.

 

  1. National Cybersecurity Strategies: Global trends in Cyber space[3]:

In order to explain how to fulfil the requirements of a national strategy, this study provides a National Cyber-security Strategy Model (NCSSM) based on important pillars. The objective of this plan is to create global cybersecurity connections, plans, and collaboration. The primary purpose of this research is to compare the cybersecurity policies of ten significant countries and five international organizations. There are eleven cybersecurity frameworks that abide with cyberlaw and governance.

Additionally, this article compares the national security policies of ten nations from five different continents, examines policymaking issues from five international intergovernmental organizations, and describes the most recent cybersecurity frameworks.

 

  1. Cybersecurity – Trends and Challenges[4]:

The primary topics covered in this article are trends, difficulties, and cyber ethics in cyber security. Cyber events underscore the importance of staying up to date on global cybercrime trends, especially those that pertain to the use of mobile and personal computer devices. Given how the world is growing, computer security is a large subject that is getting more crucial. Enterprises are being tested by the newest and most innovative technologies in terms of how they protect their infrastructure, and in order to do so, they need new platforms and information in in addition to the emerging cyber tools and threats that appear every day. This article describes the professions with a high risk of cybercrimes and different categories in which cybercrime can be seen, along with cyber ethics to follow.

 

  1. Cyber workforce development using behavioural cybersecurity paradigm[5]:

By highlighting important gaps and providing useful educational alternatives, this research report supports continuing efforts in the cybersecurity community to foster the development of the cyber workforce. In the current research, a pilot education program developed at the University of Central Florida was discussed in order to address the unique difficulties of the human component in cybersecurity (UCF). The article’s conclusion looks at the “lessons learnt” from how the first cohort of students responded to the UCF program. It provided as a starting point for more conversation about the human factor in cybersecurity.

 

  1. CYBER LAW IN INDIA

Like every other nation, India is concerned about cyber security. It is even more crucial to have strict cyber laws or legislation because India is one of the countries with widespread internet usage. There are four primary cyber-security laws in India, and they have helped advance electronic commerce and government and broaden the use and reach of digital media. 

The present laws of India cannot be interpreted in the context of the necessity of cyberspace to incorporate all problems pertaining to varied practices in cyberspace, not even with the most lenient and liberal interpretation. If the existing laws were to be construed in the context of the developing cyberspace, without adopting new cyber laws, practical experience and wise judgment found that it shall not be without significant hazards and traps.

 

 

 

  1. INFORMATION TECHNOLOGY ACT, 2000

The majority of India’s cyber laws are governed by the information technology act of 2000. This law simplifies registering real-time data with the government while also attempting to legalize e-commerce. Numerous modifications have been made as a result of the increase in cybercrime. The I.T. legislation passed by the parliament emphasizes the harsh fines and punishments imposed for failing to protect the e-commerce, e-banking, and e-governance sectors. All communication devices are now included in the reach of the I.T. legislation. The I.T. Act mandates that cybercrime be subject to stricter regulation under Indian law.

 

Objectives of the Act:

  • The I.T Act of 2000 gives transactions made via electronic data interchange, other electronic means of communication, or electronic commerce legal status.
  • To make it easier for papers to be electronically uploaded to administrative authorities, it is also required to establish alternatives to paper-based information and communication storage.
  • This statute also modified the Indian Evidence Act of 1872, the Bankers’ Books Evidence Act of 1891, and the Reserve Bank of India Act of 1934. The following are the Act’s goals:
  • All transactions conducted electronically, whether through data interchange, other electronic communication, or e-commerce, should be given legal status in place of the previous paper-based communication.
  • Give digital signatures legal status to verify any information or things that need to be verified legally.
  • Facilitating electronic submission of documents with ministries and government agencies
  • Make it easier for data to be stored electronically.
  • Give legal backing and make it easier for banks and other financial institutions to transfer money electronically.

 

  1. INDIAN PENAL CODE (IPC), 1980

As previously said, traditional criminal behaviours, including theft, fraud, forgery, defamation, and mischief, will also be a part of cybercrime. These behaviours are prohibited by the Indian penal code and fall under its jurisdiction. As a result, thefts and related cyber scams are defined by Indian criminal law in connection with the I.T Act of 2000. 

  • Section 292 of IPC: 

The Section was first drafted to deal with obscene material and explicit content publication. The obscene and explicit content featuring children is also governed under this same Section.

 

  • Section 354 C of IPC: 

The cybercrime addressed by this clause is the taking or disseminating of an image of a woman’s privacy or activities without the woman’s consent. This Section only addresses the offense of “voyeurism,” which classifies observing a woman engage in such behavior as a felony. If the requirements of this Section, such as gender, are not met, Section 292 of IPC and Section 66 E of I.T. Act, 2000 are sufficiently broad to consider similar offenses. First-time offenders face a sentence of one to three years in jail, while repeat offenders face a sentence of three to seven years.

 

  • Section 354 D of IPC: 

This clause penalizes “stalking,” including physical and online forms. Cyberstalking occurs when a woman is followed by email, the internet, or other technological means or when someone persistently tries to get in touch with her despite her indifference. The Section’s last sentence lists the penalty for this offense as imprisonment for up to three years for the first offense and up to five years for the second offense, followed by a fine. 

The victim in Kalindi Charan Lenka v. The State of Odisha[6] received an offensive SMS from an unknown number that harmed her reputation. In addition, the accused wrote emails and set up a bogus Facebook account with photoshopped images of the victim. The High Court concluded that, in accordance with the I.T. Act's guidelines and Section 354D of the IPC, the accused had a strong case for indulging in cyber stalking.

 

  • Section 379 of IPC:

Theft of a mobile phone, its data, or computer hardware is under Section 379, which bears a complete sentence of three years of imprisonment, a fine, or both, depending on the circumstances. However, it must be noted that these provisions cannot be used if the requirements of the particular law, the I.T. Act of 2000, are invoked. In the case of Gagan Harsh Sharma v. The State of Maharashtra[7], one of several employers discovered that software and data had been taken, computers had been infiltrated, and employees had been given access to critical material.

The employer provided information to the police, filing a case under the I.T. Act’s numerous sections and Sections 379, 408, and 420 of the IPC. The issue before the court is whether the police can file a case under the IPC. The court ruled that the I.T. Act has precedence over the IPC provisions. Hence the case cannot be initiated based on those provisions.

 

  • Section 411 of IPC: 

This relates to a crime committed and punished following Section 379. One will be prosecuted in Section 411 of the IPC if they receive a stolen mobile phone, computer, or data from one. The material need not be in the thief’s possession. This clause shall be drawn even if it is held by a third party aware that it belongs to someone else. The penalty can be imposed as a fine, an extended sentence of up to three years in jail, or both.

 

  • Section 419 of IPC: 

Personation-based cheating is penalized by a fine, any type of jail with a maximum sentence of three years, or by both.

 

  • Section 420 of IPC: 

A fine and up to seven years in prison, depending on the type of imprisonment, are the penalties for anyone who fraudulently induces someone to surrender property to another person, creates, modifies, or destroys a valuable security, or anything that is signed or sealed and can be changed into a valuable security.

 

  • Section 465 of IPC: 

This provision often covers the punishment for forgery. Cyberspace offenses, including forging emails and creating fraudulent papers, are dealt with, and punished under this Section, which carries a maximum sentence of two years in prison, a fine, or both. In Anil Kumar Srivastava v. Addl Director, MHFW[8], Before bringing a claim against the same person in court, the petitioner electronically falsified the A.D.'s signature. The petitioner tried to present it as an authentic document. The petitioner was therefore found to be accountable under Sections 465 and 471 of the IPC, the court held.

 

  • Section 468 of IPC: 

Section 468 enters the picture if the offenses of email spoofing or online forgery are done to commit more serious offenses, such as cheating. This Section provides a sentence of seven years in jail, a fine, or both.

 

  • Section 469 of IPC: 

The penalty for forging a document, whether in physical or electronic form, with the knowledge that doing so will harm someone else’s reputation or desire to do so, is up to three years in jail and a fine.

 

  • Section 500 of IPC: 

This clause makes slander any person illegal. Sending abusive or defamatory content via email is considered a crime under Section 500 of the IPC. The maximum sentence under this Section for imprisonment and fine is two years.

 

  • Section 504 of IPC: 

Anyone using email or any other electronic form to threaten, insult, or attempt to provoke another person to bring peace violates Section 504 of the IPC. Punishment for this offense includes a fine, up to two years in jail, or a combination of both.

 

  • Section 506 of IPC: 

If a person attempts to criminally intimidate another individual using physical force or electronic means regarding a person’s life, property destruction by fire, or a woman’s chastity, they may get a sentence of up to seven years in jail, a fine, or a combination of the two.

 

  • Section 509 of IPC: 

The offense of using words, making gestures, or doing something else that can impair a woman’s modesty is covered in this Section. Invasion of a woman’s privacy also includes the sounds and actions taken. If this crime is committed physically or electronically, Section 509 is invoked, and the offender faces a maximum one-year sentence in jail, a fine, or both.

 

  1. COMPANIES ACT, 2013

Business sector stakeholders describe this Act as a legal obligation to enhance and oversee daily operations. The Serious Fraud Investigation Office (SFIO) was created under the Companies Act, granting it the power to prosecute Indian corporations and their directors. The company’s 2014 inspection, investment, and inquiry guidelines caused the SFIO to become stricter and more proactive in this area. 

The law has ensured that all types of regulatory compliance, such as e-discovery, cyber forensics, and cyber-security diligence, are adequately covered by its scope. Strong standards have been outlined on the roles and responsibilities of company directors and leaders in confirming cyber-security under the Companies (Management and Administration) Rules of 2014.

 

  1. COMPLIANCE WITH THE NATIONAL INSTITUTE OF STANDARD TECHNOLOGY, NIST

By providing a standardized approach to cyber-security, the national institute of standards and technology, and the NIST-approved cyber-security framework, the National Commission of Forensic Sciences has established itself as the most trustworthy global certifying organization. All guidelines, benchmarks, and best practices are provided by the NIST cybersecurity framework for effectively managing cyber-related risks. In this framework, adaptability and economy are given top priority.

It benefits critical infrastructure protection and resilience by:

  1. It enables improved monitoring, interpretation, and reduction of cyber-security threats to lessen data abuse, loss, and the subsequent expense of restoration.
  2. Identifying the crucial tasks and activities and concentrating on securing them
  3. By highlighting the reliability of companies that protect important assets
  4. It discusses the legal and contractual obligations.
  5. It maximizes the return on investment (ROI) for cyber security and aids in prioritizing investments.
  6. Aids in the expansion of the information security program

 

  1. CASE LAWS
    1. The Bois Locker Room Case
  • The “bois locker room” incident is a real-world illustration of cybercrime. These 15-year-olds have taken up another issue in a culture where consent is still discussed - sharing photographs of young females without consent. They also threatened to rape them and called them inappropriate words like slutty.

 

  • This began when a girl shared many dialogue screenshots on her Instagram story. The gang had posted images of girls who might have been friends of their shared buddies. The screenshots quickly went viral. Girls received rape threats as a result of the worried group of boys. Girls spoke out against rape culture in great numbers despite the threats. They believed these practices were to blame for the spread of child pornography.

 

  • Following the IPC and I.T. Act’s requirements, the Delhi Police filed a complaint. The POCSO Act of 2012 made it illegal to share pictures of minors. The details of the “Bois Locker Room” gang were now widely known. The cyber cell decided to investigate it as a result. The Instagram chat group administrator was taken into custody. The identified members’ gadgets were seized and forwarded for forensic examination.

 

  • The screenshots also showed communication between two lads on Snapchat. One of them suggested raping a girl. It was eventually discovered to be a girl testing the persona by dressing up as a boy. She did, however, receive a word of caution.

 

    1. Case of Bazaee. com[9]
  • Because a CD containing undesirable information was being offered on the website, the CEO of Bazee.com was detained in December 2004. The CD was also offered for sale in Delhi’s marketplaces.

 

  • The Delhi Police and the Mumbai Police acted. The CEO was later released on bond. The problem of classifying Internet service providers and content providers was brought up by this. It is the burden of the accused, not the content, to establish that he offered the service. It also raises several concerns about how law enforcement should approach cases of cybercrime.

 

 

    1. The NSP Bank Case
  • A management trainee at the bank was engaged to be married in one of the most prominent cybercrime instances, the Bank NSP case. The pair sent and received numerous emails using the computers at the business site. 

 

  • After some time, the couple broke up, and the girl began using fake email addresses like “Indian bar association” to contact the boy’s international clients. She finished this on the bank’s computer. After incurring a large clientele loss, the boy’s business sued the bank. The bank held itself accountable for the emails that were sent using its technology.

 

  1. CONCLUSION

Cybersecurity uses the proper technological and procedural security measures to secure information and information systems (networks, computers, databases, data centres, and apps). Although necessary for protecting user data and computer networks, firewalls, antivirus software, and other technological solutions are not enough to guarantee security. We must educate our citizens on using this technology as our country quickly develops its cyber infrastructure. Cyber-ethics, cyber-safety, and cyber-security must be incorporated into the educational process from a young age. Technology, operations, awareness, training, and education are essential components of cyber security. In order to safeguard the data and systems they deal with, as well as the network itself, Indian residents must determine the best security measures. The I.T. sector has been playing catch-up with hackers and thieves for decades.

 

Therefore, a cyber-security curriculum is required soon in order to instill an understanding of cyber-security in today’s youth and, in turn, to increase the number of profound, securely skilled professionals in the I.T. sector, both in the security and in all other sectors, improving both the communication and brain compatibility skills of both employees and employers. Effective cybersecurity policies, best practices, and, most importantly, their implementation at all levels must be prepared. Therefore, all people must stay safe in cyberspace and take measures to secure their cyberspace from cyber threats and cybercrime.

 

 

 

 


[1] Rackevičienė, S., & Mockienė, L. (2020). Cyber law terminology as a new lexical field in legal discourse. International Journal for the Semiotics of Law-Revue internationale de Sémiotique juridique33(3), 673-687.

 

[2] Benson, V., Mc Alaney, J., & Frumkin, L. A. (2019). Emerging threats for the human element and countermeasures in the current cyber security landscape. In Cyber Law, Privacy, and Security: Concepts, Methodologies, Tools, and Applications (pp. 1264-1269). IGI Global.

[3] Sabillon, R., Cavaller, V., & Cano, J. (2016). National cyber security strategies: global trends in cyberspace. International Journal of Computer Science and Software Engineering5(5), 67.

[4] Vidhya, P. M. (2014). Cyber security-Trends and Challenges. International Journal of Computer Science and Mobile Computing3(2), 586-590.

 

[5] Caulkins, B. D., Badillo-Urquiola, K., Bockelman, P., & Leis, R. (2016, October). Cyber workforce development using a behavioral cybersecurity paradigm. In 2016 International Conference on Cyber Conflict (CyCon US) (pp. 1-6). IEEE.

 

[6] Kalindi Charan Lenka v. The State of Odisha [BLAPL No.7596 of 2016] (https://indiankanoon.org/doc/73866393/

[7] Gagan Harsh Sharma v. The State of Maharashtra [Cri. W.P. 4361/2018] (https://indiankanoon.org/doc/123849383/

[8] Anil Kumar Srivastava v. Addl Director, MHFW [2005 (3) ESC 1917] (https://indiankanoon.org/doc/117846/

[9] Avnish Bajaj v. State (NCT) of Delhi [(2008) 105 DRJ 721: (2008) 150 DLT 769]

-->

Let's Start With Publication

SUBMIT YOUR PAPER FOR REVIEW

Submit