Reading time : 6 minutes

Internet, in modern times, has blended with our day to day life. From basic communication like email, whatsapp, etc. it has taken us even to the world of online shopping and many more. In this period of pandemic, companies with no other option have opted to operate through web. Also, e-commerce is developing. Governmental procedures are also taking place online. The rise in e-finance is also a tremendous one. With all these developments the dangers associated with them have also made their way. Thus, to come over these dangers, there is a cyber law to prevent cyber crimes from happening. We all know, it is a difficult challenge for law makers and crime enforcement body. Yet, they have taken it upon themselves to create  and establish laws to prevent illegal activities that occur online.

1. What is Cyber Law?

Cyber law or law of internet is also known as IT law. Cyber law from its definition, is a legal system designed to deal with the internet. To mark in a phrase, it is, ” Paper laws in Paperless World “. Cyber law is surrounded with the aspects like intellectual property, jurisdiction, privacy data protection and even freedom of expression. There is a definite structure for e-commerce transactions and e-filing. So, in simple words, cyber law means legal infrastructure dealing with cyber crimes.
An increase in usage of e-commerce, has remarked to set up proper regulatory practices to ensure no malpractices take place.
Cyber laws vary from country to country and hence the punishment also varies from find to imprisonment based on crime committed. These laws are very important for a person of a country to be known and be aware of cyber crimes. Computer Fraud and Abuse Act, 1986, was the first ever cyber law to come into existence. This act prohibited unauthorized access to computers and illegal usage of digital information.

2. Why cyber law is required?

As of early 2021 statistics, the number of people that use internet is over 4.66 billion which means number increasing by 7% annually. This means there are 8,75,000 new users daily. This quick increase in use of cyber space, strict cyber laws help to promote safe and secured environment for users. This rapidly progressing world had made a requirement to keep pace with is, the internet. It was just a information tool during initial day’s. But today,  it helps with communication and commerce too. Looking for sophisticated life and development everyday, the usage of internet (cyberspace) has become common which often increases cyber crimes. If somebody is found breaking cyber laws, the victim person / firm can take action against that person.
Just like other law, cyber law consists of different rules that provide how people and companies should use computers and especially Internet. It is close enough to “impossible” if said to curb 100% of all cyber crimes. The importance of cyber law are as follows:
i. It provides for all actions and reactions in cyberspace.
ii. All online transactions and activities are ensured to be safe and protected and are under watch by the cyber officials.
iii. Cyber law provides security for all data and property of individuals, organisations and even Government.
iv. Keeps track of all electronic records and helps to establish electronic governance.

3. Various Components Of Cyber law

i. Data and privacy safeguard.
For an individual, both private and professional information should be secured thoroughly. Financial information of a person always attracts cyber criminals. Misuse of personal, professional or financial information by any other person is illegal and that is where these laws play a vital role.  Avoiding tax giving out personal information on non- reputed websites is the main step to safeguard our data and privacy.

ii. Any illegal activities that occur on internet which includes extortion, harassment, money laundering, hacking, etc. constitute cyber crimes.

iii. Cyber theft is usually stealing of designs, symbols, inventions or anything owned by a person or a group that are copyrighted or patented. These are also known as intangible items or intellectual property of a person or a group.

iv. The wrong usage of e-signatures by any other person is illegal and hence is a cybercrime. Using of e-signatures has become reliable and regular to verify electronic records.

4. Categories of Cyber Crime
There are three main categories of cybercrime which are

1. Individual

2. Governmental

3. Property

i. The activities such as online harassment, distribution and trafficking of child pornography etc.  constitutes to Cyber crime under individual category.

ii. Cyber terrorism, manipulation threats, misuse of power against Government and citizens, etc. are cyber crimes that come under governmental category.

iii. Trespassing cyberspace, computer vandalism and unauthorized possession of information digitally are some of the crimes under the property.

5. Features of Cyber Law

During the 21st century, the IT Act 2000 was introduced as the usage of cyberspace (internet) has become a common practice which has higher number of cons beside higher number of pros.
To bring all online activities and records under the spectrum of legal governance,  this act was introduced. IT Act 2000 and its amendments is the only strong law in India to face and fight any cyber crimes. On 17th October 2000, the IT Act came into force to mainly deal with e-Commerce and cyber crime. According to the IT Act 2000, following is the list of features of Cyber Law:
i. The electronic contracts made via secure electronic channels are valid legally.

ii. There are security measures in place for e-records and digital signatures.

iii. The Cyber law act defines a process for the appointment of an adjudicating officer for carrying out inquiries.

iv. The IT law act provides recognition for digital signatures legally. Also, the digital signatures are obligated to use an asymmetric cryptosystem and a hash function.

v. The senior police officials and other officials are authorized to search any public case without a warrant.

vi. There is a provision in the act to establish a Cyber Regulation Appellate Tribunal. This tribunal handles appeals made against the final order of the Adjudicating Officer or the Controller. But an appeal against the tribunal’s order can only be made in the High Court.

vii. There is also a provision in the act to form a Cyber Regulations Advisory Committee that will advise the Central Government and the Controller.

viii. The nature of the Cyber law act even applies to online crimes or offenses that are committed outside India.

ix. There is also a provision to form the Controller of Certifying Authorities which licenses and regulates the working of the Certifying Authorities. All the digital signatures are stored by the Controller in such a case.

The IT Act is not applicable for_
i. Transactions and documents initiated by Central Government.
ii. Financial and legal acts done by someone who is legally claimed as power of attorney. iii. Contract for sale or transfer of immovable property.

6. Impact of COVID on Cyber safety

During this pandemic there has been a drastic increase in the use of online financial transaction methods which has in turn, led to an increase in frauds. There were many new types of Cyber attacks and fraud, but the domain of cyber security has evolved and grown in various ways recently. There was a huge nuisance on the internet that led cyber security experts to term it as “cyber pandemic” . The work from home, led to the rapid deployment of remote systems; which brought increase in rate of Cyber attacks. Criminals took advantage of vulnerabilities of systems to force entry into the company’s network causing data theft.

7. Attachments done to cyber law in India as of 2021

Government of India has established new rules to regulate social media. These rules were required as per to curb the usage and propagation of hate speech. The most important reason is to address grievances people are facing. The particular platform will be directed by the court order. The government, at its maximum, held that they will not encourage anything that could be possible threat to national security.
As there is sudden rise of visibility on social media, it is very crucial to curb hate speech and defamation as the impact of these will cause severe harm to the public. Also, online protection is of equal importance. For example, there is a need for protecting both men and women from sexual offences is at most.
Another issue that is addressed by new rules is of watching contents driven on OTT platforms. New rules have strict parent locks and will be delivered to right audience.

The two main issues that are observed in new rules are:
i. According to article 19(a) of Indian constitution, the right allows citizens to express any opinion on any medium of communication, be it speech or writing. But, new rules basically strip citizens of this right.
ii. The second one is, ‘To track hate speech and first originator of any vulgar or defamatory statements, nowadays, whats app messages are required’. But, What’s App is end to end encrypted!

Cyber laws are adopted with basic objective of maintaining law and order in all kinds of online activities and reduce cyber crime. Digital signatures became legal only because of introduction of cyber laws. As we have paper-based communication, likewise, legal recognition of all transactions e-filing of documents with governmental departments, electronic fund transfer is possible and is granted by the cyber law.

8. Major Cyber laws.

Major Cyber laws include cyber laws relating to Copyright, Defamation, Cyber fraud, online harassment and stalking, Freedom of Speech ( there are laws to avoid free speech that may cause immorality online ). Agreeing to terms and conditions while opening a website or while downloading a software, which are designed for online privacy concerns, hence cyber law is used.

9. Other rules and Laws

Apart from IT Act 2000, Companies Rules 2014 under Companies Act 2013 have made it mandatory for all companies to ensure that all digital records and security systems are tight and sealed to avoid tampering and illegal access.
Evenly, the Indian Penal Code, 1860, punishes any crime committed in cyberspace. Also, sector specific regulations and strict cyber security rules have been implemented.

10. Conclusion

In this article, efforts are put to know what cyber law is and why we need cyber law. There are few advantages and we come to know that the organizations are now capable of controlling e-commerce and online transactions using cyber law. The key finding is that the battle with cyber crimes is never ending one. The IT Act 2000, has enabled for safe online transactions and legal recognition of digital signatures have reduced time for any business deals. Thus, it is understood that IT Act and its amendments have made our life simpler and easier but we should be aware with eyes wide opened while using cyberspace or the internet. We should also be aware of the Cyber laws which are eagle eyes and keep us alarmed not to do any wrong.

2. Worldwide digital population as of January 2021 – Internet – Statista


Editor: Kanishka VaishSenior Editor, LexLife India.

Cyber laws regarding hacking in India

Reading time: 6-8 minutes.

The Indian Institute of Technology-Madras (IIT-M) initiated an investigation into the hacking of one of its servers, which resulted in the temporary suspension of its e-mail services last month. Confirming that one of its e-mail servers was temporarily down, the institution said that the problem had been resolved and normality had been restored. “All e-mails on the server have been backed up and no e-mails have been lost. E-mail backup is underway and will be finished shortly.

The cause is being investigated”, said the IIT-M Director’s Office on the incident. Responding to a question as to whether ransomware was targeted and accessed the research work of students, scholars and academics, the institution said that “no other systems have been affected.” The Public Relations Department has opted not to comment about whether a criminal complaint has been filed with any law-enforcement agency. The problem emerged after the researcher posted a screenshot of the message he received after logging in to the IIT-M server on social media.

The suspected ransomware message stated that all files had been encrypted and, in order to retrieve them, the data had to be decrypted. The user was asked to send an e-mail to a different account for the decrypted file that would be made available for payment. Recognizing that there was a “significant attack” on campus computers, IIT-M sent a letter to students / staff that the virus appeared to hit computers running on a specific operating system and asked them to urgently back up their work.

The root and type of ransomware are under investigation by in-house experts. The Tamil Nadu police denied that they had received any complaint from IIT-M regarding the incident.

Significance of this development

It is important that companies collaborate to build cyber-threat detection and response teams and processes. We know cybercrimes are going to affect even the most trained organizations. As members of our organizations and our sectors, we need to ensure that we are prepared to recognise where these crimes are committed and react appropriately. CFR will help you do that. CyberSec First Responder (CFR) Logical Operations is the ideal credential for a company to use to verify that their staffs have the expertise required to conduct essential information security job functions.

Importance of cyber security

We often equate cyber security with computers, but they really have a far broader application than just that. The first instance of a cyber assault was in 1903, when magician Nevil Maskelyne interrupted John Ambrose Fleming’s demonstration by transmitting derogatory Morse code messages on the auditorium screen! Modern-day hackers had 114 years to update and develop information security infrastructure. Hacking techniques and methods have increased as the Internet has expanded, and it is now much easier to target a company or a person in this way.

These tools have become known as “Manipulate Kits” and are designed to manipulate human vulnerability or weaknesses in your Computer or server; those who use these devices have been dubbed “Script Kiddies.” Good cyber protection is not simply about defending a network, because most hackers do not attempt to penetrate a network, but will rather target a website or a server.

Accessing networks is more challenging for hackers, because most individuals and companies have a firewall in place that is impossible for hackers to penetrate. Minimum cyber security requirements for a network should be as follows: Endpoint Protection, Firewall, Intrusion Detection System / Intrusion Prevention System, Web Filtering Software, Radius Server, Logging Software, Encryption.

Provisions regarding anti-hacking in India

Sections 43 and 66 of the IT Act cover fraud or manipulation of data on civil and criminal offences. Pursuant to Section 43, a simple civil offence, where a person without the owner’s consent accesses the device and removes any data or harm to the data stored therein, shall be liable to civil liability and shall be liable to pay compensation to the individuals concerned. Under the IT Act 2000, the overall pay-out limit was fine for Rs. one crore. However, this limit was removed in the change made in 2008.

Section 43A was introduced in the 2008 amendment to include the business shed where workers stole information from the company’s confidential files. Section 66B refers to fines for obtaining stolen computer resources or information. The penalty requires one year’s imprisonment or a fine of one lakh rupee or both. Mens rea is an essential element of Section 66A.

The purpose or information to inflict unjust harm to others, i.e. the presence of criminal intent and evil mind, i.e. the principle of men’s rea, degradation, deletion, modification or loss of value or use of data, are all main ingredients for bringing any act under this Act.

Development of cyber laws

Throughout the early 1970s, countries started to introduce broad legislation to protect individual privacy. Many of these regulations are based on the frameworks put in place by the Organization for Economic Cooperation and Development and the Council of Europe. The origins of current legislation in this field can be traced back to the first data protection law in the world introduced in the Land of Hesse in Germany in 1970.

This was followed by regional legislation in Sweden (1973), the United States (1974), Germany (1977) and France (1978). The first federal computer fraud legislation in the U.S.A. was the Computer Fraud and Abuse Act, 1984. The fact that only one arrest had ever been made under the Act before it was revised in 1986 demonstrates how difficult it is to draw up successful laws on computer crime.

The Information Communication Technology Revolution in India began in 1975, when the Government of India strategically agreed to take proactive steps towards the development of information systems and the use of computer resources. The National Information Technology Centre under the Electronic Commission / Department of Electronics was the result of this view and was supported by the United Nations Development Program (UNDP).

The establishment of the National Association of Software Services Companies at the beginning of the 1990s reflects the power of India in this field. The Internet came to India in 1995 and, after nearly five years, India was getting ready to legislate on its first cyber law. The Information Technology Act, 2000 heralded a new cyber law regime in the country. India became the 12th nation in the world to enact cyber laws.


There is no question that hacking is a major threat to the virtual world. Not many people in the country are aware of the theft. There needs to be more understanding of hacking and cracking in the world. The laws of the government are stringent, but there is a lack of enforceability and knowledge in society. Most of the minor hacking cases go unnoticed as people are abstaining from filing cases for petty offences even though it is seriously punished.

Also, it is very difficult to track down a virtual hacker due to lack of equipment. Since hacking can happen anywhere in the world, it is hard for the police to track the culprit down and arrest him in another country. These issues need to be resolved for effective implementation. Punishment can also be made a little more strenuous to discourage citizens from committing these crimes.

Author: Harneet Singh from Presidency University, Bengaluru.

Editor: Ismat Hena from Faculty of Law, Jamia Millia Islamia.