2 An overview of cyber crime under information technology act, 2000

Information Technology Act
Information Technology Act, 2000 (IT Act) came into force on 17th October 2000. It has 94 sections divided into 13 chapters.

According to its preamble, the IT Act basically seeks to:
provide legal recognition for electronic commerce,
to facilitate electronic filing of documents with the Government agencies, to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers’ Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934,
promote efficient delivery of Government services by means of reliable electronic records,
give favourable consideration to the Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade Law (UNCITRAL).

The major issues addressed by the IT Act relate to:
Electronic records: authentication of electronic records using digital signatures; legal recognition of electronic records ; digital signatures; use of electronic records ; digital signatures in Government; retention of electronic records; publication in Electronic Gazette; attribution and acknowledgment of receipt of electronic records, time and place of dispatch and receipt of electronic record; secure electronic record, secure digital signature and security procedure.

Establishing of authorities: appointment and functions of Controller and other officers; establishment, procedures and functioning of Cyber Appellate Tribunal; Adjudicating Officers.Certifying Authorities: recognition of foreign Certifying Authorities; functioning and control of Certifying Authorities, digital signature certificates; duties of subscribers such as generating a private-public key pair, acceptance of digital signature certificate and control of private key.Cyber crimes: penalties for damage to computer and for failure to furnish information; factors to be taken into account by an adjudicating officer; offences relating to tampering with source code, hacking, cyber-pornography, disobeying Controller’s orders, unauthorised access to protected system, misrepresentation, breach of confidentiality and privacy and Digital Signature Certificate frauds; offences by companies; confiscation of computers etc, investigation of offences, police powers; liability of Network Service Providers.

Special issues: extra-territorial jurisdiction of the IT Act; overriding effect of the IT Act; protection of action taken in good faith.

Administrative issues: powers of the Central & State Governments and the Controller to make rules and regulations.

Amendments: amendments to Indian Penal Code, Evidence Act, Reserve Bank of India Act and the Bankers’ Books Evidence Act.

Extent and jurisdiction of the IT Act
To understand the extent and jurisdiction of the IT Act, we must examine sections 1(2) and 75 of the Act.

Not only does the IT Act apply to the whole of India, but also to contraventions committed outside India, by anyone, involving a computer located in India.

Illustration: ———, an Australian national, residing in USA, gains unauthorized access to a computer located in India and deletes information. In this case, she will be liable under the provisions of the IT Act.

However there are exceptions to the term “any person”. Certain persons are exempt from prosecution under the IT Act. These include the President of India and the Governors of Indian states, Foreign Heads of State and Ambassadors of foreign countries.

1. Sec 43(a) – Unauthorised access
section 43(a) of the Information Technology Act is covered by Unauthorised access. This section states as under:
Penalty and compensation for damage to computer, computer system, etc.

If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network,-
accesses or secures access to such computer, computer system or computer network or computer resource;
…..he shall beliable topay damages by way of
compensation to the person so affected.

Illustration: A super computer is housed in particular premises of office. Aman breaks open the door and enters the premises where massive super computer is housed . He has gained entry into the computer.

Illustration: A Government computer contains critical information in its hard disk. Mohit unscrews the cabinet of the computer in order to steal the hard disk. He has gained entry into the computer.

Illustration: A Government computer contains critical information. Rahul enters the room where the computer is located and keys in some commands into the keyboard. He does not realize that the keyboard is disconnected from the computer. Here, Sameer has not instructed the logical, arithmetic or memory functions of the computer.

Communicating with is essentially a two-way process that involves exchange of information.

Illustration: Sanjay is a hacker attempting to steal some information from Sangeeta’s computer. He first remotely scans Sangeeta’s computer using specialized software. The software sends out queries to Sangeeta’s computer which replies to the queries. As a result of this, Sanjay obtains details of the operating system installed on Sangeeta’s computer. Sanjay has communicated with Sangeeta’s computer.

Secures access is a term that needs to be examined next. The term “secure” means “to make certain”. The term “secures access” would mean “to make certain that access can be achieved as and when desired by the person seeking to access”.

Compensation is usually the money that the Court orders the offender to pay to the victim. The Court orders this compensation to be paid when the acts of the offender have caused loss or injury to the victim.

Simply put, damages are the compensation for legal injury.

Damages can be of various types:
Compensatory damages are allowed as a recompense for injury actually suffered.Illustration: Maynak physically damages Rina’s laptop by dropping it on the floor. The Court orders Maynak to pay compensation equal to the cost of the laptop as paid by Rina.

Consequential damages are consequential upon the act complained of.

Illustration: Mohit physically damages Aayushi’s laptop by dropping it on the floor. Aayushi has to purchase a new laptop. The Court orders Mohit to pay compensation equal to the price of a new laptop.

Exemplary or punitive damages are awarded as a punishment and serve as a warning to others.

Illustration: Pankaj is Monika’s business rival. He destroys Monika’s data by physically damaging her laptop. The Court orders Pankaj to pay compensation equal to 10 times the price of a new laptop.

General damages are awarded for things such as mental agony, loss of reputation etc. Such things cannot be accurately stated in terms of money.

Illustration: Mahendra posts a defamatory post about Kavita on a social networking website. This harms Kavita’s reputation and causes her mental agony. The Court orders Mahendra to pay her Rs 10 lakh as compensation.

2. Sec 43(b) – Unauthorised downloading, copying or extraction
Unauthorised downloading, copying or extraction is covered by section 43(b) of the Information Technology Act. This section states as under:
Penalty and compensation for damage to computer, computer system, etc.

If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network,-
downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
……he shall beliable topaydamagesbyway of compensation to the person so affected.

This section penalises the following unauthorised acts:downloading from a computer, computer system or computer network,
copying from a computer, computer system or computer network,
extracting data, database or information from a computer, computer system or computer network. Let us examine some of these terms in detail.

Illustration: Ruchi makes an online purchase of some songs. After the payment is processed, she downloads the song from the music company’s website onto her cell phone which is connected to her laptop.

Copies means “to duplicate or reproduce or imitate something”. The original information is not affected by the copying. It remains unchanged. The copied information may be in a different format as compared to the format of the original information. This can be understood from the following examples.

Illustration: Kavita has purchased a CD containing dozens of songs in mp3 format. Using her computer, she copies the songs from the CD onto her cell phone.

Extracts means to derive or obtain something. Extracting usually requires some special effort or skill.

Illustration: Rekha obtains the source code files for open source software. She then uses “compiler” software to convert the source code files into the executable file. This executable file can be used to install the software onto a computer. She has extracted the executable file from the source code files.

Data is a formalised representation of information, knowledge, facts, concepts or instructions. Data undergoes processing by a computer. Data can be in electronic form (e.g. stored in a CD) or physical form (e.g. computer printouts). Examples of data include computerised attendance records of a school, information in the RAM of a computer, printouts of a computerised accounting system etc.

Computer database is a formalised representation of information. The term includes information produced by a computer and intended for use in a computer.
Information includes data, text, images, sound, voice, codes, computer programmes, software and databases or microfilm or computer generated micro fiche. Microfilms are processed sheets of plastic (similar to the commonly used photograph rolls) that carry images of documents. These images are usually about 25 times reduced from the original document size.

Removable storage medium is a storage medium that retains the stored information even after it has been removed from a computer e.g. hard disks, floppies, USB disks, zip drives, CD, VCD, DVD. The RAM of a computer would not be removable storage medium as it loses all stored data as soon as it is removed from the host computer.

It is relevant to note section 81 of the Information Technology Act, which states-
81. Act to have overriding effect. –
The provisions of this Act shall have effect notwithstanding anything consistent therewith contained in any other law for the time being in force.

Provided that nothing contained in this Act shall restrict any person from exercising any right conferred under the Copyright Act, 1957 or the Patents Act, 1970.

Compensation is usually the money that the Court orders the offender to pay to the victim. The Court orders this compensation to be paid when the acts of the offender have caused loss or injury to the victim.simply put, damages are the compensation for legal injury.

Damages can be of various types:
Compensatory damages
Consequential damages
Exemplary or punitive damages
General damages
3. Sec 43(c) – Computer virus, worm, contaminant
Unauthorised introduction of a virus etc into a computer is covered by section 43(c) of the Information Technology Act. This section states as under:
Penalty and compensation for damage to computer, computer system, etc.

If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network,-
introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
……he shall beliable topaydamages by way of compensation to the person so affected.

This section penalises two acts namely:
(1) introducing a virus or contaminant into a computer, causing the introduction of a virus or contaminant into a computer.

These acts may be directed towards a computer, a computer system or computer network. Let us discuss the important terms:
Computer virus means any computer instruction, information, data or programme that
destroys, damages, degrades or adversely affects the performance of a computer resource or
attaches itself to another computer resource and operates when a programme, data or instruction is executed or some other event takes place in that computer resource.

Illustration: Macro viruses usually come embedded in Microsoft Word and Excel files. When a user runs the infected file, the macro virus gets activated and damages his data.

Illustration: The Chernobyl virus can lie dormant for the entire year in a victim’s computer. Most versions of the virus get activated only on April 26th. The virus, which was originally called CIH, is referred to as the Chernobyl Virus because it attacks on April 26th which is the date when the Chernobyl nuclear accident took place in Ukraine in 1986.

Computer contaminant means any set of computer instructions that are designed to
modify, destroy, record, transmit data or programme residing within a computer, or
usurp the normal operation of the computer.

Illustration: Aakash installs a key logger on a cyber café computer. The key logger automatically records all text entered on the infected computer by users. Every evening at 5 pm the key logger transmits this recorded data to Aman’s email account. This is an example of a computer contaminant.

Compensation is usually the money that the Court orders the offender to pay to the victim. The Court orders this compensation to be paid when the acts of the offender have caused loss or injury to the victim.Simply put, damages are the compensation for legal injury.

Damages can be of various types:
Compensatory damages
Consequential damages
Exemplary or punitive damages
General damages
4. Sec 43(d) – Damaging a computer
Unauthorised damage is covered by section 43(d) of the Information Technology Act. This section states as under:
Penalty and compensation for damage to computer, computer system, etc.

If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network,-
damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;
……he shall be liable to pay damages by way of compensation to the person so affected.

This section penalises two acts namely (1) damaging and (2) causing to be damaged. These acts may be directed towards a computer, a computer system, computer network, data, computer database or other programs.

Let us discuss the important terms:
Data is a formalised representation of information, knowledge, facts, concepts or instructions. Data undergoes processing by a computer. Data can be in electronic form (e.g. stored in a CD) or physical form (e.g. computer printouts). Examples of data include computerised attendance records of a school, information in the RAM of a computer, printouts of a computerised accounting system etc.

Computer database is a formalised representation of information. The term includes information produced by a computer and intended for use in a computer. This is best understood through the following illustration.

Damage for the purposes of this section implies to destroy, alter, delete, add, modify or rearrange any computer resource by any means.

Illustration: Vishal picks up Savita’s laptop with the intention of stealing it. He then accidentally drops it on the floor, thereby destroying it. Vishal has damaged Savita’s laptop.

To cause means to make something happen. Cause can be direct or indirect.

Illustration: Utkarsh pressed the “delete” button on the keyboard causing the data to be deleted. Utkasrh’s act of pressing the delete button is the direct cause of the data being deleted.

Compensation is usually the money that the Court orders the offender to pay to the victim. The Court orders this compensation to be paid when the acts of the offender have caused loss or injury to the victim.Simply put, damages are the compensation for legal injury.

Damages can be of various types:
1 Compensatory damages are allowed as a recompense for injury actually suffered.

Illustration: Maynak physically damages Rina’s laptop by dropping it on the floor. The Court orders Maynak to pay compensation equal to the cost of the laptop as paid by Rina.

2 Consequential damages are consequential upon the act complained of.

Illustration: Mohit physically damages Aayushi’s laptop by dropping it on the floor. Aayushi has to purchase a new laptop. The Court orders Mohit to pay compensation equal to the price of a new laptop.

3 Exemplary or punitive damages are awarded as a punishment and serve as a warning to others.

Illustration: Pankaj is Monika’s business rival. He destroys Monika’s data by physically damaging her laptop. The Court orders Pankaj to pay compensation equal to 10 times the price of a new laptop.

4 General damages are awarded for things such as mental agony, loss of reputation etc. Such things cannot be accurately stated in terms of money.

Illustration: Mahendra posts a defamatory post about Kavita on a social networking website. This harms Kavita’s reputation and causes her mental agony. The Court orders Mahendra to pay her Rs 10 lakh as compensation.

5. Sec 43(e) – Disruption of a computer
Unauthorised disruption of a computer is covered by section 43(e) of the Information Technology Act. This section states as under:
Penalty and compensation for damage to computer, computer system, etc.

If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network,-
disrupts or causes disruption of any computer, computer system or computer network;
……he shall beliable to paydamages by way of compensation to the person so affected.

This section penalises two acts namely (1) disrupting and (2) causing to be disrupted. These acts may be directed towards a computer, a computer system or computer network. Let us discuss the important terms:
Disrupting means “to prevent the normal continuance of”, “to throw into confusion or disorder”, “to interrupt or impede the progress of”. Disruption can be total or partial.

Illustration: Nitin is an employee of the Mumbai office of Xyz Ltd. The office has a medium speed Internet connection. Nitin starts downloading several movies from the Internet simultaneously. This slows down the Internet speed available to the other Noodle employees. Nitin has partially disrupted the Noodle network.

Compensation is usually the money that the Court orders the offender to pay to the victim. The Court orders this compensation to be paid when the acts of the offender have caused loss or injury to the victim. simply put, damages are the compensation for legal injury.

Damages can be of various types:
1 Compensatory damages
2 Consequential damages
3 Exemplary or punitive damages
4 General damages

6. Sec 43(f) – Denial of Service
Denial of Service is covered by section 43(f) of the Information Technology Act. This section states as under:
Penalty and compensation for damage to computer, computer system, etc.

If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network,-
denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means;
……he shall be liable to pay damages by way of compensation to the person so affected.

This section penalises two acts namely:
denying an authorised person access to a computer
causing the denial of access to an authorised person.These acts may be directed towards a computer, a computer system or computer network. Let us discuss the important terms:
To deny access means “to restrict access” or “to disallow access”. This denial can be total or partial.

Illustration: Gourav has created a computer virus that opens up multiple program windows on a victim computer. This virus affects Meena’s computer and opens up hundreds of program windows on her computer. This results in her computer becoming unusable. Gourav has caused total denial of access.

Illustration: A series of more than 125 separate but coordinated denial of service attacks hit the cyber infrastructure of Estonia in early 2007. It is suspected that the attacks were carried out by Russian hackers using sophisticated automated denial of service software. The software made millions of requests to Estonia Government servers. The servers could not handle so many requests and they crashed. This resulted in legitimate users being unable to access the servers. This is a total denial of access.

Compensation is usually the money that the Court orders the offender to pay to the victim. The Court orders this compensation to be paid when the acts of the offender have caused loss or injury to the victim. simply put, damages are the compensation for legal injury.

Damages can be of various types:
1 Compensatory damages
2 Consequential damages
3 Exemplary or punitive damages
4 General damages
7. Sec 43(g) – Facilitating unauthorised access
Providing assistance to facilitate illegal access is covered by section 43(g) of the Information Technology Act. This section states as under:
Penalty and compensation for damage to computer, computer system, etc.

If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network,-
provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder;
……he shall be liable to pay damages by way of compensation to the person so affected.

The essential element of this section is that assistance is provided for obtaining access to a computer in contravention of the IT Act and its allied laws. A person who obtains access to a computer in contravention of the IT Act would be liable under the relevant sections (e.g. 43(a) or 66 or 70 etc). What this section specifically covers is providing assistance to such a person. Such assistance must facilitate the unlawful access.

Assistance is the act of helping or aiding.

Facilitate means “to make easier” or “to make less difficult” or to “assist in the progress of”.

Compensation is usually the money that the Court orders the offender to pay to the victim. The Court orders this compensation to be paid when the acts of the offender have caused loss or injury to the victim. Simply put, damages are the compensation for legal injury.

Damages can be of various types:
1 Compensatory damages
2 Consequential damages
3 Exemplary or punitive damages
4 General damages
8. Sec 43(h) – Tampering or manipulating computer
Tampering or manipulating computer is covered by section 43(h) of the Information Technology Act. This section states as under:
Penalty and compensation for damage to computer, computer system, etc.

If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network,-
charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system or computer network,
……he shall be liable to pay damages by way of compensation to the person so affected.

Let us discuss the key terms in this section.

Tampering implies “meddling so as to misuse”.

Illustration: Shivani has put a “BIOS” password on her computer. This means that as soon as her computer is switched on, it asks for a password. It does not boot up the operating system till this password is entered. Shubham removes the CMOS battery of Shivani’s computer for a few minutes. He then puts the battery back and starts her computer. The “BIOS” password gets deleted and he is able to obtain unauthorised access to her computer. He has tampered with her computer.

Manipulating implies “influencing something skilfully in an unfair manner”.

Illustration: Mohit is a hotel waiter. He secretly notes down credit card information of the hotel customers. He then purchases a software program from a website. In order to pay for the purchase he provides the credit card information of one of the hotel customers. This information is then passed on by the website to the payment gateway (e.g. Master, Visa etc.). The automated software at the gateway authenticates the transaction as the credit card information is correct. In reality, the gateway has been manipulated to allow a fraudulent transaction to go through.

Compensation is usually the money that the Court orders the offender to pay to the victim. The Court orders this compensation to be paid when the acts of the offender have caused loss or injury to the victim. Simply put, damages are the compensation for legal injury.

Damages can be of various types:
1 Compensatory damages
2 Consequential damages
3 Exemplary or punitive damages
4 General damages

9. Sec 43(i) – Destruction, deletion or alteration
Unauthorised destruction, deletion or alteration of information is covered by section 43(i) of the Information Technology Act. This section states as under:
Penalty and compensation for damage to computer, computer system, etc.

If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network,-
destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means;
……he shall be liable to pay damages by way of compensation to the person so affected.

Computer resource includes computer, computer system, computer network, data, computer data base or software.

Information residing in a computer resource must be construed in a wide manner. It includes information that exists or is present in a computer resource temporarily or permanently.
Illustration: information residing in a computer resource are: music files stored in an iPod, software installed on a computer, ebook stored on a CD, software installed in a cell phone, software embedded in a microwave oven.

Destroy means “to make useless”, “cause to cease to exist”, “nullify”, “to demolish”, or “reduce to nothing”.

Destroying information also includes acts that render the information useless for the purpose for which it had been created.

Deletes in relation to electronic information means “to remove”, “to erase”, “to make invisible” etc. Such deletion can be temporary or permanent.

Illustration: Prachi has created a text file containing her resume. Himanshu deletes the file from her computer. On deletion, the file gets automatically transferred to the “recycle bin” of Prachi’s computer, from where it can be easily retrieved. Here Himanshu has temporarily deleted the file. Himanshu empties the “recycle bin” of Prachi’s computer. The file is still only temporarily deleted as it can be recovered using cyber forensics.

Himanshu then uses specialised wiping software so that the file cannot be recovered using forensics. Now he has permanently deleted the file.

Alters, in relation to electronic information, means “modifies”, “changes”, “makes different” etc. This modification or change could be in respect to size, properties, format, value, utility etc. Alteration can be permanent or temporary. It can also be reversible or irreversible.

Illustration: Barkha has created a webpage for her client. A webpage is essentially an HTML (Hyper Text Markup Language) file. Arun changes the file from HTML to text format. He has altered the file. This is a reversible alteration.

Compensation is usually the money that the Court orders the offender to pay to the victim. The Court orders this compensation to be paid when the acts of the offender have caused loss or injury to the victim. Simply put, damages are the compensation for legal injury.

Damages can be of various types:
1 Compensatory damages
2 Consequential damages
3 Exemplary or punitive damages
4 General damages
10. Sec 43(j) – Source code theft
Stealing, concealing, destroying or altering source code is covered by section 43(j) of the Information Technology Act. This section states as under:
Penalty and compensation for damage to computer, computer system, etc.

If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network-
steal, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage;
……he shall be liable to pay damages by way of compensation to the person so affected.

Computer source code is the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form. Computer source code need not only be in the electronic form. It can be printed on paper (e.g. printouts of flowcharts for designing a software application).

Let us understand this using illustrations.

Illustration: Xyz Ltd has created software for viewing and creating image files. The programmers who developed this program used the computer-programming language called Visual C++. Using the syntax of these languages, they wrote thousands of lines of code. This code is then compiled into an executable file and given to end-users. All that the end user has to do is double-click on a file (called setup.exe) and the program gets installed on his computer. The lines of code are known as computer source code.

The following acts are prohibited in respect of the source code
stealing, concealing, destroying or altering
(2) causing another to steal, conceal, destroy or alter.

Let us discuss the relevant terms and issues in detail.

The term steal and “commit theft” are usually used interchangeably. Section 378 of the Indian Penal Code defines theft as “Whoever intending to take dishonestly any moveable property out of the possession of any person without that person’s consent, moves that property in order to such taking, is said to commit theft.”
Illustration: Sunita has created a software program. The source code files of the program are contained in a pen-drive. Rajat takes that pen-drive out of Sunita’s cupboard without informing her. He has “stolen” the source code.

Conceal simply means “to hide”.

Illustration: Ankita has created a software program. The source code files of the program are contained in a folder on Ankita’s laptop. Mohan changes the properties of the folder and makes it a “hidden” folder.

Although the source code folder still exists on Ankita’s computer, she can no longer see it. Mohan has concealed the source code.

Destroy means “to make useless”, “cause to cease to exist”, “nullify”, “to demolish”, or “reduce to nothing”.

Destroying source code also includes acts that render the source code useless for the purpose for which it had been created.

Illustration: Divya has created a software program. The source code files of the program are contained in a folder on Divya’s laptop. Prashant deletes one of the source code files. Now the source code cannot be compiled into the final product. He has destroyed the source code.

Alters, in relation to source code, means “modifies”, “changes”, “makes different” etc. This modification or change could be in respect to size, properties, format, value, utility etc.

Illustration: Roshni has created a webpage for her client. The source code of the webpage is in HTML (Hyper Text Markup Language) format. Mayank changes the file from HTML to text format. He has altered the source code.

Compensation is usually the money that the Court orders the offender to pay to the victim. The Court orders this compensation to be paid when the acts of the offender have caused loss or injury to the victim. Simply put, damages are the compensation for legal injury.

Damages can be of various types:
1 Compensatory damages
2 Consequential damages
3 Exemplary or punitive damages
4 General damages
11. Sec 43A – Failure to protect data
Compensation for failure to protect data is covered by section 43A of the Information Technology Act. This section states as under:
43 A. Compensation for failure to protect data
Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.

Explanation – For the purposes of this section,-
“body corporate” means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities;
“reasonable security practices and procedures” means security practices and procedures designed to protect such information from unauthorised access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for the time being in force and in the absence of such agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit;
“sensitive personal data or information” means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.

The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 have been made under this section. They came into force on 11th April 2011.

According to these rules, sensitive personal data or information of a person means such personal information which consists of information relating to;—
password;
financial information such as Bank account or credit card or debit card or other payment instrument details ;
physical, physiological and mental health condition;
sexual orientation;
medical records and history;
Biometric information;
any detail relating to the above clauses as provided to body corporate for providing service; and
any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise:
The following information is not regarded as sensitive personal data or information:
any information that is freely available or accessible in public domain
any information that is furnished under the Right to Information Act, 2005 or any other law for the time being in force.

Compensation is usually the money that the Court orders the offender to pay to the victim. The Court orders this compensation to be paid when the acts of the offender have caused loss or injury to the victim. Simply put, damages are the compensation for legal injury.

Damages can be of various types:
1 Compensatory damages are allowed as a recompense for injury actually suffered.

Illustration: Maynak physically damages Rina’s laptop by dropping it on the floor. The Court orders Maynak to pay compensation equal to the cost of the laptop as paid by Rina.

2 Consequential damages are consequential upon the act complained of.

Illustration: Mohit physically damages Aayushi’s laptop by dropping it on the floor. Aayushi has to purchase a new laptop. The Court orders Mohit to pay compensation equal to the price of a new laptop.

3 Exemplary or punitive damages are awarded as a punishment and serve as a warning to others.

Illustration: Pankaj is Monika’s business rival. He destroys Monika’s data by physically damaging her laptop. The Court orders Pankaj to pay compensation equal to 10 times the price of a new laptop.

4 General damages are awarded for things such as mental agony, loss of reputation etc. Such things cannot be accurately stated in terms of money.

Illustration: Mahendra posts a defamatory post about Kavita on a social networking website. This harms Kavita’s reputation and causes her mental agony. The Court orders Mahendra to pay her Rs 10 lakh as compensation.

Non-compliance with any of the provisions of the data privacy rules is also penalized with a compensation /penalty of upto Rs. 25,000 under section 45 of the Information Technology Act. This section is as under:
45. Residuary penalty.

Whoever contravenes any rules or regulations made under this Act, for the contravention of which no penalty has been separately provided, shall be liable to pay a compensation not exceeding twenty-five thousand rupees to the person affected by such contravention or a penalty not exceeding twenty-five thousand rupees.

Sec 65 – Tampering with computer source documents
Tampering with computer source documents is covered by section 65 of the Information Technology Act. This section states as under:
65. Tampering with computer source documents.

Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

Explanation. – For the purposes of this section, “computer source code” means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.

Computer source code is the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form. Computer source code need not only be in the electronic form. It can be printed on paper (e.g. printouts of flowcharts for designing a software application). Let us understand this using illustrations.

Illustration: Abc Ltd has created software for viewing and creating image files. The programmers who developed this program used the computer-programming language called Visual C++. Using the syntax of these languages, they wrote thousands of lines of code. This code is then compiled into an executable file and given to end-users. All that the end user has to do is double-click on a file (called setup.exe) and the program gets installed on his computer. The lines of code are known as computer source code.

This section relates to computer source code that is either:
required to be kept (e.g. in a cell phone, hard disk, server etc), or(2) required to be maintained by law.

The following acts are prohibited in respect of the source code
knowingly concealing or destroying or altering
intentionally concealing or destroying or altering
knowingly causing another to conceal or destroy or alter
intentionally causing another to conceal or destroy or alter. Let us discuss the relevant terms and issues in detail.

Conceal simply means “to hide”.

Illustration: Anita has created a software program. The source code files of the program are contained in a folder on Anita’s laptop. Rajesh changes the properties of the folder and makes it a “hidden” folder. Although the source code folder still exists on Anita’s computer, she can no longer see it. Rajesh has concealed the source code.

Destroy means “to make useless”, “cause to cease to exist”, “nullify”, “to demolish”, or “reduce to nothing”.

Destroying source code also includes acts that render the source code useless for the purpose for which it had been created.

Illustration: Madhuri has created a software program. The source code files of the program are contained in a folder on Madhuri’s laptop. Vijay deletes the folder. He has destroyed the source code.

Alters, in relation to source code, means “modifies”, “changes”, “makes different” etc. This modification or change could be in respect to size, properties, format, value, utility etc.

Illustration: Sanya has created a webpage for her client. The source code of the webpage is in HTML (Hyper Text Markup Language) format. Rahul changes the file from HTML to text format. He has altered the source code.

SUMMARY
Acts penalized
(1) knowingly or intentionally concealing, destroying or altering computer source code
(2) knowingly or intentionally causing another to conceal, destroy or alter computer source code
Punishment

Imprisonment upto 3 years and / or fine upto Rs 2 lakhWhether cognizable?

Yes
Whether bailable?
Whether
Yes
Yes.

Compoundable
Relevent court
First appeal lies to
However, it shall not be compounded if the crime affects the socio economic conditions of the country or has been committed against a child below the age of 18 years or against a woman.

Magistrate of the first class
Court of session13. Sec 66 – Computer related offenses
Computer related offences are covered by section 66 of the Information Technology Act. This section states as under:
66. Computer related offences.

If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.

Explanation – For the purposes of this section
the word “dishonestly” shall have the meaning assigned to it in section 24 of the Indian Penal Code;
the word “fraudulently” shall have the meaning assigned to it in section 25 of the Indian Penal Code.

The acts referred to in section 43 of the Information Technology Act are:
accessing or securing access to a computer, computer system, computer network or computer resource without the permission of the owner or person in-charge.

downloading, copying or extracting any data, computer data base or information from a computer, computer system or computer network or removable storage medium without the permission of the owner or person in-charge.

introducing or caused to be introduced any computer contaminant or computer virus into any computer, computer system or computer network without the permission of the owner or person in-charge.

damaging or causing to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network without the permission of the owner or person in-charge.

disrupting or causing disruption of any computer, computer system or computer network.

denying or causing the denial of access to any person authorised to access any computer, computer system or computer network by any means without the permission of the owner or person in-charge.

providing any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder without the permission of the owner or person in-charge.

(h) charging the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system or computer network.

(i) without the permission of the owner or person in-charge;destroying, deleting or altering any information residing in a computer resource or diminishing its value or utility or affecting it injuriously by any means without the permission of the owner or person in-charge.

(j) stealing, concealing, destroying or altering or causing any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage without the permission of the owner or person in-charge.

Section 24 of Indian Penal Code states-
Whoever does anything with the intention of causing wrongful gain to one person or wrongful loss to another person, is said to do that thing “dishonestly”.

Section 25 of Indian Penal Code states-
A person is said to do a thing fraudulently if he does that thing with intent to defraud but not otherwise.

Another relevant provision is Section 23 of Indian Penal Code which defines some of the words discussed above, as under:
“Wrongful gain” is gain by unlawful means of property to which the person gaining is not legally entitled.

“Wrongful loss” is the loss by unlawful means of property to which the person losing it is legally entitled.

Gaining wrongfully, losing wrongfully.–A person is said to gain wrongfully when such person retains wrongfully, as well as when such person acquires wrongfully. A person is said to lose wrongfully when such person is wrongfully kept out of any property, as well as when such person is wrongfully deprived of property.

Summary
Acts penalized (1) dishonestly or fraudulently accessing
or securing access to a computer,
computer system, computer network or
computer resource without the
permission of the owner or person in-charge;
(2) dishonestly or fraudulently downloading, copying or extracting any data, computer data base or information from a computer, computer system or computer network or removable storage medium without the permission of the owner or person in-charge;
(3) dishonestly or fraudulently introducing or caused to be introduced any computer contaminant or computer virus into any computer, computer system or computer network without the permission of the owner or person in-charge;
dishonestly or fraudulently damaging or causing to be damaged any computer, computer system or computer network,
data, computer data base or any other programmes residing in such computer, computer system or computer network without the permission of the owner or person in-charge;
dishonestly or fraudulently disrupting or causing disruption of any computer, computer system or computer network;
dishonestly or fraudulently denying or causing the denial of access to any person authorised to access any computer, computer system or computer network by any means without the permission of the owner or person in-charge;
dishonestly or fraudulently providing any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder without the permission of the owner or person in-charge;
dishonestly or fraudulently charging the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system or computer network without the permission of the owner or person in-charge;
dishonestly or fraudulently destroying, deleting or altering any information residing in a computer resource or diminishing its value or utility or affecting it injuriously by any means without the permission of the owner or person in-charge;
dishonestly or fraudulently stealing, concealing, destroying or altering or causing any person to steal, conceal,
destroy or alter any computer source code used for a computer resource with an intention to cause damage without the permission of the owner or person in-charge;
Punishment Imprisonment upto 3 years and / or fine upto Rs 5 lakh
Whether cognizable?

Yes
Whether bailable?
Yes
Whether
Yes.

compoundable?
Relevant court
First apeeal lies to

However, it shall not be compounded if the crime affects the socio economic conditions of the country or has been committed against a child below the age of 18 years or against a woman.

Magistrate of the first class
Court of session Magistrate of the first class

14. Sec 66A – Sending offensive messages
The Supreme Court of India in Shreya Singhal vs U.O.I on 24 March, 2015 declared “Section 66A of the Information Technology Act, 2000 is struck down in its entirety being violative of Article 19(1)(a) and not saved under Article 19(2)”.

Section 66A of the Information Technology Act (IT Act) was much debated (and hated) primarily because it was seen as being against “freedom of speech” and also because it used “vague” words like grossly offensive, menacing character etc.

This section was not part of the original IT Act that came into force in 2000. It was added in 2009.

On 24th march, 2015, the supreme court, in a 122 page judgement, struck down section 66A in its entirely for violating the fundamental rights of sppech and expression.

15. Sec 66B – Dishonestly receiving stolen computer
Punishment for dishonestly receiving stolen computer resource or communication device is covered by section 66b of the Information Technology Act. This section states as under:
66B. Punishment for dishonestly receiving stolen computer resource or communi – cation device –
Whoever dishonestly receives or retains any stolen computer resource or communication device knowing or having reason to believe the same to be stolen computer resource or communication device, shall be punished with imprisonment of either description for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.

This section addresses the issue of dishonestly receiving stolen computer resource or communication device. This section applies to a person who dishonestly receives or retains
any stolen computer resource (computer, computer system, computer network, data, computer data base or software), or
any stolen communication device (cell phones, personal digital assistance or combination of both or any other device used to communicate, send or transmit any text, video, audio or image).

Illustration: Arun has been arrested several times in the past for offences relating to theft. One day, he approaches Mohit with 15 cell phones and offers to sell them for half their market value. Mohit buys the cell phones from Arun and then sells them in his shop for the full market value. Mohit would be liable under this section.

SUMMARY:
Acts penalized (1) dishonestly receiving any stolen
computer Resource or communication
device knowing or having reason to
believe the same to be stolen
(2) dishonestly retaining any stolen
computer Resource or communication
device knowing or having reason to
believe the same to be stolen
Punishment Imprisonment upto 3 years and / or fine
upto Rs 1 lakhWhether cognizable yes
Whether bailable yes
Relevent Court Magistrate of the first class
First appeal lies to Court of Session.
16. Sec 66C – Identity Theft
Identity theft is covered by section 66C of the Information Technology Act. This section states as under:
66C. Punishment for identity theft.

Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.

This section penalises identity theft. This section applies to cases where someone who dishonestly or fraudulently does the following: (1) makes use of the electronic signature of any other person, or (2) makes use of the password of any other person, or (3) makes use of any other unique identification feature of any other person.

Illustration: Pankaj is a junior employee in a bank. He oversees his senior Jyoti typing her password into her official computer. One day, Pankaj logs into the banks system using Jyoti’s password and transfers some money into his account.He will be liable under this section.

Section 24 of Indian Penal Code states- Whoever does anything with the intention of causing wrongful gain to one person or wrongful loss to another person, is said to do that thing “dishonestly”.

Section 25 of Indian Penal Code states- A person is said to do a thing fraudulently if he does that thing with intent to defraud but not otherwise.

SUMMARY:
Acts penalized

(1) fraudulently making use of the electronic signature, password or any other unique identification feature of any other person
(2) dishonestly making use of the electronic signature, password or any other unique identification feature of any other person
Punishment

Imprisonment upto 3 years and fine upto Rs 1 lakhWhether cognizable?

Yes
Whether bailable?
Whether
Yes
Yes.

compoundable?
Relevant court
First appeal lies to

However, it shall not be compounded if the crime affects the socio economic conditions of the country or has been committed against a child below the age of 18 years or against a woman.

Magistrate of the first class
Court of Session
17. Sec 66D – Cheating by personationCheating by personation is covered by section 66D of the Information Technology Act. This section states as under:
66D. Punishment for cheating by personation by using computer resource –
Whoever, by means of any communication device or computer resource cheats by personation, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.The term “cheating” is defined in section 415 of the Indian Penal Code, which states:
Whoever, by deceiving any person, fraudulently or dishonestly induces the person so deceived to deliver any property to any person, or to consent that any person shall retain any property, or intentionally induces the person so deceived to do or omit to do anything which he would not do or omit if he were not so deceived, and which act or omission causes or is likely to cause damage or harm to that person in body, mind, reputation or property, is said to “cheat”.

Explanation- A dishonest concealment of facts is a deception within the meaning of this section.

The term “cheating by personation” is defined in section 416 of the Indian Penal Code, which states:
A person is said to “cheat by personation” if he cheats by pretending to be some other person, or by knowingly substituting one person for another, or representing that he or any other person is a person other than he or such other person really is.

Explanation- The offence is committed whether the individual personated is a real or imaginary person.

Illustration: Divya receives an email that appears to have been sent from her bank. The email urges her to click on the link in the email. When she does so, she is taken to “a secure page on the bank’s website”.

She believes the web page to be authentic and enters her username, password and other information. In reality, the website is a fake and Divya’s information is stolen and misused. The fake email and fake website had been created by Neeraj. He would be liable under this section.

Acts penalized (1) Cheating by personation using a
computer resource
(2) Cheating by personation using a cell
Punishment
SUMMARY:
1 Cheating by personation using a computer resource
2 Cheating by personation using a cell phone or other communication device

Imprisonment upto 3 years and fine uptoRs 1 lakhWhether cognizable
Whether bailable?
Whether
Yes
Yes.

Yes
compoundable?

However, it shall not be compounded if the crime affects the socio economic conditions of the country or has been committed against a child below the age of 18 years or against a woman
Relevant court
First appeal lies to

Magistrate of the first class
Court of Session18. Sec 66E – Violation of privacy
Violation of privacy is covered by section 66E of the Information Technology Act. This section states as under:
66E. Punishment for violation of privacy.Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both.

Explanation – For the purposes of this section –
“transmit” means to electronically send a visual image with the intent that it be viewed by a person or persons.

“capture”, with respect to an image, means to videotape, photograph, film or record by any means.

“private area” means the naked or undergarment clad genitals, public area, buttocks or female breast.

“publishes” means reproduction in the printed or electronic form and making it available for public.

“under circumstances violating privacy” means circumstances in which a person can have a reasonable expectation that–
he or she could disrobe in privacy, without being concerned that an image of his private area was being captured or
any part of his or her private area would not be visible to the public, regardless of whether that person is in a public or private place.

This section penalizes intentionally or knowingly doing the following in respect of the image of a private area of any person without consent: (1) capturing, or (2) publishing, or (3) transmitting. The above is penalized if it is done under circumstances violating the privacy of that person.

Illustration: Maya is trying out a new dress in the changing room of a clothing store. Sajal, an employee of the store has hidden a camera that records Maya while she is changing her clothes. Sajal will be liable under this section.

SUMMARY
Acts penalized

(1) Intentionally capturing, publishing or transmitting the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person
(2) Intentionally capturing, publishing or transmitting the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person
Punishment

Imprisonment upto 3 years and / or fine upto Rs 2- lakhWhether cognizable?

Yes
Whether bailable?
Whether
Yes
Yes.

compoundable?
Relevant court
However, it shall not be compounded if the crime affects the socio economic conditions of the country or has been committed against a child below the age of 18 years or against a woman

Magistrate of first class
19. Sec 66F – Cyber Terrorism
Cyber Terrorism is covered by section 66F of the Information Technology Act. This section states as under:
66F. Punishment for cyber terrorism.(1) Whoever, –
with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by –
denying or cause the denial of access to any person authorised to access computer resource; or
attempting to penetrate or access a computer resource without authorisation or exceeding authorised access; or
introducing or causing to introduce any computer contaminant, and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information infrastructure specified under section 70 or
knowingly or intentionally penetrates or accesses a computer resource without authorisation or exceeding authorised access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons of the security of the State or foreign relations; or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism.

Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life.

SUMMARY:
Acts penalized

(1) Doing the following with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people:
(i) causing denial of access to computer resource;
attempting to unauthorizedly penetrate or access a computer resource; or
introducing any computer contaminant,
Acts in (1) above are penalized if by means of such conduct, the accused causes or is likely to cause the following:
(i) death or injuries to persons, or (ii) damage to property, or
(iii) destruction of property, or
disruption of supplies or services essential to the life of the community, or
adverse affect to the critical information infrastructure specified under section 70.

Unauthorizedly and knowingly / intentionally penetrating or accessing a computer resource and obtaining access to:
information that is restricted for reasons of the security of the State or foreign relations;
restricted information, with reasons to believe that such information may be used to cause or likely to cause injury to: (a) the interests of the sovereignty and integrity of India (b) the security of the State (c) friendly relations with foreign States (d) public order, decency or morality,
restricted information, with reasons to believe that such information may be used: (a) in relation to contempt of court
(b) defamation (c) incitement to an offence (d) to the advantage of any foreign
nation, group of individuals or otherwise.

Punishment

Imprisonment upto life imprisonment
Whether cognizable?
Whether bailable?
Whether
compoundable?
Yes
No
No.

Relevant court Court of Session First appeal lies to High Court 20. Sec 67 – Transmitting obscene electronic material
Transmitting obscene electronic material is covered by section 67 of the Information Technology Act. This section states as under:
Punishment for publishing or transmitting obscene material in electronic form.

Whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.

There is no settled definition of pornography or obscenity. What is considered simply sexually explicit but not obscene in USA may well be considered obscene in India. There have been many attempts to limit the availability of pornographic content on the Internet by governments and law enforcement bodies all around the world but with little effect.

This section explains what is considered to be obscene and also lists the acts in relation to such obscenity that are illegal. To understand what constitutes obscenity in the electronic form.

Illustration: Mohit launches a website that contains information on sex education. The website is targeted at higher secondary school students. Rina is one such student who is browsing the said website. Her illiterate young maid servant happens to see some explicit photographs on the website and is filled with lustful thoughts.

This website would not be considered obscene. This is because it is most likely to be seen by educated youngsters who appreciate the knowledge sought to be imparted through the photographs. It is under very rare circumstances that an illiterate person would see these explicit images.

To understand the acts that are punishable in respect of obscenity in the electronic form, let us analyse the relevant terms.

Publishes means “to make known to others”. It is essential that at least one natural person (man, woman or child) becomes aware or understands the information that is published. Simply putting up a website that is never visited by any person does not amount to publishing.

Illustration: Arun has just hosted a website containing his articles written in English. Arun has not published the articles. An automated software released by an Internet search engine indexes Arun’s website. Arun has still not published the articles. A Chinese man, who does not understand a word of English, accidentally visits Arun’s website. Arun has still not published the articles. Barkha, who understands English, visits Arun’s website and reads some of his articles. Now, Arun has published his articles.

Transmits means to pass along, convey or spread. It is not necessary that the “transmitter” actually understands the information being transmitted.

Illustration: Jay has just hosted a website containing his articles. Ruhi uses an Internet connection provided by Noodle Ltd to visit Jay’s website. Abc Ltd has transmitted Jay’s articles to Ruhi. However, Abc employees are not actually aware of the information being transmitted by their computers.

Causes to be published means “to bring about the publishing of something”. It is essential that the actual publishing must take place.

Illustration: Rahul has just hosted a website containing his articles. An automated software released by Abc Internet search engine indexes Rahul’s website. But no human being has still used that index to read these articles. Abc has not caused Rahul’s articles to be published. Based upon the index created by Abc, Mahi reaches Rahul’s website and reads some of his articles. Now, Abc has caused Rahul’s articles to be published.

Information in the electronic form includes websites, songs on a CD, movies on a DVD, jokes on a cell phone, photo sent as an email attachment etc.

SUMMARY:
Acts penalized

(1) Publishing or transmitting obscene electronic material
(2) Causing to be published transmitted obscene electronic material

orPunishment

On first conviction: Imprisonment of either description upto 3 years and fine upto Rs 5 lakhOn subsequent conviction: Imprisonment of either description upto 5 years and fine upto Rs 10 lakhWhether cognizable?

Yes
Whether bailable?
Whether
Yes
On first conviction: Yes
compoundable?
Relevant court
Firast appeal lies to

However, it shall not be compounded if the crime affects the socio economic conditions of the country or has been committed against a child below the age of 18 years or against a woman
On subsequent conviction: No
Magistrate of the first class
Court of Session

21. Sec 67A – Electronic material containing sexually explicit act
Punishment for publishing or transmitting of material containing sexually explicit act, etc., in electronic form is covered by section 67A of the Information Technology Act. This section states as under:
67A. Punishment for publishing or transmitting of material containing sexually explicit act, etc., in electronic form.

Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.

This section penalises publishing or transmitting of material containing sexually explicit act in the electronic form.

Illustration: Pooja and Sameer are engaged in the act of sexual intercourse in their hotel room. Rakesh, an employee of the hotel uses a hidden video camera to record this act. He then copies this video recording onto a CD and gives a copy to his friend. Rakesh is liable under this section.

This section does not apply to material justified as being for the public good (e.g. in the interest of science, literature, art, learning etc) or which is kept or used for bona fide heritage or religious purposes.

SUMMARY:
Acts penalized

(1) Publishing or transmitting electronic material containing sexually explicit act or conduct
(2) Causing to be published or transmitted electronic material containing sexually explicit act or conduct
Punishment

On first conviction: Imprisonment of either description upto 5 years and fine upto Rs 10 lakhOn subsequent conviction: Imprisonment of either description upto 7 years and fine upto Rs 10 lakh.

Whether cognizable?
Whether bailable?
Whether compoundable?

Yes
No
No

Relevant court
First appeal lies to

Magistrate of the first class
Court of Session
22. Sec 67B – Child Pornography
Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc., in electronic form is covered by section 67B of the Information Technology Act. This section states as under:
67B. Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc., in electronic form.

Whoever, –
publishes or transmits or causes to be published or transmitted material in any electronic form which depicts children engaged in sexually explicit act or conduct; or
creates text or digital images, collects, seeks, browses, downloads, advertises, promotes, exchanges or distributes material in any electronic form depicting children in obscene or indecent or sexually explicit manner; or
cultivates, entices or induces children to online relationship with one or more children for and on sexually explicit act or in a manner that may offend a reasonable adult on the computer resource; or
facilitates abusing children online; or
records in any electronic form own abuse or that of others pertaining to sexually explicit act with children,
shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees:
Provided that provisions of section 67, section 67A and this section does not extend to any book, pamphlet, paper, writing, drawing, painting representation or figure in electronic form –
the publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper, writing, drawing, painting representation or figure is in the interest of science, literature, art or learning or other objects of general concern or
which is kept or used for bona fide heritage or religious purposes.

Explanation – For the purposes of this section, “children” means a person who has not completed the age of 18 years.

This section penalises acts relating to obscene electronic material involving persons below the age of 18 years. The following acts are punishable under this section:
Publishing or transmitting electronic material which depicts children engaged in sexually explicit act or conduct.

Causing to be published or transmitted electronic material which depicts children engaged in sexually explicit act or conduct.

Creating text or digital images depicting children in obscene or indecent or sexually explicit manner.

Collecting,seeking,browsing,downloading, advertising, promoting, exchanging or distributing electronic material depicting children in obscene or indecent or sexually explicit manner.

Enticing or inducing children for online relationships for sexually explicit acts;
Facilitating the online abuse of children;
Recording in any electronic form sexually explicit acts with children.

This section does not apply to material justified as being for the public good (e.g. in the interest of science, literature, art, learning etc) or which is kept or used for bona fide heritage or religious purposes.

SUMMARY:
Acts penalized (1) Publishing or transmitting electronic
material which depicts children engaged
in sexually explicit act or conduct
(2) Causing to be published or
Transmitted electronic material which
depicts children engaged in sexually
explicit act or conduct (3) Creating text or digital images
depicting children in obscene or indecent
or sexually explicit manner (4) Collecting, seeking, browsing,
downloading, advertising, promoting,
exchanging Or distributing electronic
material depicting children in obscene or
indecent or sexually explicit manner
(5) Cultivating, enticing or inducing
children to online relationship with one or
more children for sexually explicit act
(6) Cultivating, enticing or inducing
children to online relationship with one or
more children in a manner that may
offend a reasonable adult (7) Facilitating abusing children online
(8) Recording in any electronic form
abuse pertaining to sexually explicit act
with children Punishment On first conviction: Imprisonment of
either description upto 5 years and fine
upto Rs 10 lakhOn subsequent conviction: Imprisonment of either description upto 7 years and fine
upto Rs 10 lakh.

Whether cognizable?
Whether bailable?
Whether compoundable?

Yes
No
No

Relevant court Magistrate of the first class
First appeal lies to Court of Session
23. Sec 67C – Preservation and retention of information by intermediaries
Preservation and retention of information by intermediaries is covered by section 67C of the Information Technology Act. This section states as under:
67C. Preservation and retention of information by intermediaries
Intermediary shall preserve and retain such information as may be specified for such duration and in such manner and format as the Central Government may prescribe.

Any intermediary who intentionally or knowingly contravenes the provisions of sub-section (1) shall be punished with an imprisonment for a term which may extend to three years and shall also be liable to fine.SUMMARY:
Acts penalized

(1) Intentionally or knowingly failing to preserve and retain information specified by the Central Government
(2) Intentionally or knowingly failing to preserve and retain such information for such duration and in such manner and format as prescribed.

Punishment
Imprisonment upto 3 years and fine
Whether cognizable?

Yes
Whether bailable?
Whether compoundable?
Relevant court
First appeal lies to
Yes
Yes
However, it shall not be compounded if the crime affects the socio economic conditions of the country or has been committed against a child below the age of 18 years or against a woman.

Magistrate of first class
Court of Session.

Sec 68 – Power of the Controller to give directions
Power of the Controller to give directions are covered by section 68 of the Information Technology Act. This section states as under:
68. Power of the Controller to give directions.

The Controller may, by order, direct a Certifying Authority or any employee of such Authority to take such measures or cease carrying on such activities as specified in the order if those are necessary to ensure compliance with the provisions of this Act, rules or any regulations made thereunder.

Any person who intentionally or knowingly fails to comply with any order under sub-section (1) shall be guilty of an offence and shall be liable on conviction to imprisonment for a term not exceeding two years or a fine not exceeding one lakh rupees or with both.

This is a simple section that empowers the Controller to order a Certifying Authority and its employees to comply with the Information Technology Act and allied laws. If they do not comply with the order to take suitable measures or cease certain activities, then they are liable for punishment under this section.

Illustration: Abc Certifying Authority is making statements in the media against other Certifying Authorities. Such statements are affecting the public confidence in the use of digital signatures and e-governance. The Controller orders Mohan, a director of Abc Certifying Authority to stop making such statements. If Mohan does not stop such activities, he will be liable under this section.

SUMMARY:
Acts penalized

Intentionally or knowingly failing comply with the order of the Controller

toPunishmentImprisonment upto 2 years and / or fine
upto Rs 1 lakhWhether cognizable? No
Whether bailable?Yes
WhetherYes.

compoundable?
However, it shall not be compounded if the crime affects the socio economic
conditions of the country or has been committed against a child below the age of
18 years or against a woman
Relevant court First
First appeal lies to
Magistrate of the first class
Court of Session

25. Sec 69 – Interception or monitoring or decryption of any information
Power to issue directions for interception or monitoring or decryption of any information through any computer resource are covered by section 69 of the Information Technology Act. This section states as under:
Power to issue directions for interception or monitoring or decryption of any information through any computer resource.

Where the Central Government or a State Government or any of its officers specially authorised by the Central Government or the State Government, as the case may be, in this behalf may, if satisfied that it is necessary or expedient so to do, in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate
Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource.

The procedure and safeguards subject to which such interception or monitoring or decryption may be carried out, shall be such as may be prescribed.

The subscriber or intermediary or any person in-charge of the computer resource shall, when called upon by any agency referred to in sub-section (1), extend all facilities and technical assistance to–
provide access to or secure access to the computer resource generating, transmitting, receiving or storing such information or
intercept, monitor, or decrypt the information, as the case may be or
provide information stored in computer resource.

The subscriber or intermediary or any person who fails to assist the agency referred to in sub-section (3) shall be punished with imprisonment for a term which may extend to seven years and shall also be liable to fine.

Section 69 is a very important section that gives wide powers to the Government to intercept, monitor and decrypt information under special circumstances. The outline of this section is:
The Government can direct any agency (e.g. police, CBI etc) to intercept, monitor or decrypt information generated, transmitted, received or stored in any computer resource.

The reasons for this order are to be recorded in writing.

The Government must be satisfied that this order is necessary: (a) in the interest of the sovereignty or integrity or defence of India, or (b) in the interest of the security of the State, or (c) in the interest of friendly relations with foreign States, or (d) in the interest of public order, or (d) for preventing incitement to the commission of any cognizable offence relating to the above, or (e) for investigation of any offence.

The Government agency can call upon any person for assistance to monitor, provide access to, intercept or decrypt information.

If such a person does not provide such assistance then he is liable for imprisonment up to 7 years and fine.

Illustration: It is suspected that some terrorists are using the Abc Ltd email services to plan a terrorist attack in India. The Government directs the police to intercept these emails.

The police request Aman, the Director of Noodle Ltd for assistance in obtaining these emails. Aman refuses to cooperate. He would be liable under this section.

SUMMARY:
Acts penalized

(1) Not providing access to the relevant computer resource
(2) Not providing assistance to intercept, monitor, or decrypt the relevant information
(3) Not providing assistance to provide relevant information
Punishment
Whether cognizable?
Whether bailable?
Whether compoundable?

Imprisonment upto 7 years and fine
Yes
No
No
Relevant court
First appeal lies to
Magistrate of the first class
Court of Session
Sec 69A – Blocking of information for public access
Power to issue directions for blocking for public access of any information through any computer resource is covered by section 69A of the Information Technology Act. This section states as under:
69A. Power to issue directions for blocking for public access of any information through any computer resource.Where the Central Government or any of its officers specially authorised by it in this behalf is satisfied that it is necessary or expedient so to do, in the interest of sovereignty and integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above, it may subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the Government or intermediary to block for access by the public or cause to be blocked for access by the public any information generated, transmitted, received, stored or hosted in any computer resource.

The procedure and safeguards subject to which such blocking for access by the public may be carried out, shall be such as may be prescribed.

The intermediary who fails to comply with the direction issued under sub-section (1) shall be punished with an imprisonment for a term which may extend to seven years and shall also be liable to fine.

Section 69A gives powers to the Government to block access to information under special circumstances. The outline of this section is:
The Government can direct any Government agency or intermediary to block for access by the public any information generated, transmitted, received, stored or hosted in any computer resource.

The reasons for this order are to be recorded in writing.

The Government must be satisfied that this order is necessary: (a) in the interest of the sovereignty or integrity or defence of India, or (b) in the interest of the security of the State, or (c) in the interest of friendly relations with foreign States, or (d) in the interest of public order, or (e) for preventing incitement to the commission of any cognizable offence relating to the above.

If the intermediary does not comply, it will be liable for imprisonment up to 7 years and fine.

SUMMARY:
Acts penalized
Punishment
Whether cognizable?
Whether bailable?
Whether compoundable?

Not blocking for access, by the public, specified information.

Imprisonment upto 7 years and fine
Yes
No
No
Relevant court
First appeal lies to
Magistrate of the first class
Court of Session
27. Sec 69B – Monitoring and collecting traffic data
Power to authorise to monitor and collect traffic data or information through any computer resource for cyber security is covered by section 67A of the Information Technology Act. This section states as under:
69B. Power to authorise to monitor and collect traffic data or information through any computer resource for cyber security.The Central Government may, to enhance cyber security and for identification, analysis and prevention of intrusion or spread of computer contaminant in the country, by notification in the Official Gazette, authorise any agency of the Government to monitor and collect traffic data or information generated, transmitted, received or stored in any computer resource.

The intermediary or any person in-charge or the computer resource shall, when called upon by the agency which has been authorised under sub-section(1), provide technical assistance and extend all facilities to such agency to enable online access or to secure and provide online access to the computer resource generating, transmitting, receiving or storing such traffic data or information.

The procedure and safeguards for monitoring and collecting traffic data or information, shall be such as may be prescribed.

Any intermediary who intentionally or knowingly contravenes the provisions of sub-section (2) shall be punished with an imprisonment for a term which any extend to three years and shall also be liable to fine.

Section 69B gives powers to the Government to monitor and collect traffic data or information for cyber security. The outline of this section is:
The Central Government can authorise any Government agency to monitor and collect traffic data or other electronic information.

Such an authorization can be made under the following circumstances: (a) to enhance cyber security in the country (b) for identification, analysis and prevention of intrusion in the country, or (c) for identification, analysis and prevention of spread of computer contaminant in the country.

Such an authorization must be made by a notification in the Official Gazette.

SUMMARY:
Acts penalized

(1) Not providing technical assistance to the authorized agency
(2) Not extending all relevant facilities to the authorized agency
Punishment
Punishment for
Imprisonment upto 3 years and fine
Imprisonment upto 18 months and fine
attemptPunishment for abetment

Imprisonment upto 3 years and fine
Whether cognizable?
Whether bailable?
Whether
compoundableInvestigation
authoritiesRelevant court
First appeal lies to

Yes
Yes
Yes.

However, it shall not be compounded if
the crime affects the socio economic
conditions of the country or has been
committed against a child below the age
of 18 years or against a woman
(1) Police officer not below the rank of
Inspector
(2) Controller
(3) Officer authorised by Controller under
section 28 of Information Technology Act
Magistrate of the first class
Court of Session
28. Sec 70 – Protected System
Protected Systems are covered by section 70 of the Information Technology Act. This section states as under:
70. Protected system.

The appropriate Government may, by notification in the Official Gazette, declare any computer resource which directly or indirectly affects the facility of Critical Information Infrastructure, to be a protected system.

(2) The appropriate Government may, by order in writing, authorise the persons who are authorised to access protected systems notified under sub-section (1).

(3) Any person who secures access or attempts to secure access to a protected system in contravention of the provisions of this section shall be punished with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine.

(4) The Central Government shall prescribe the information security practices and procedures for such protected system.

There are three elements to this section-
Gazette notification by the appropriate Government for declaring a computer resource as a protected system.

Government order authorizing persons to access protected systems.

Punishment for securing access or attempting to secure access to protected systems by unauthorised persons.

Illustration: kabir runs a password cracking software to crack the password of a protected system. Irrespective of whether he succeeds in cracking the password, he is guilty of attempting to secure access.

As per Executive Order dated 12th September, 2002, issued by Ministry of Communications & Information Technology, details of every protected system should be provided to the Controller of Certifying Authorities.

SUMMARY:
Acts penalized
Punishment

(1) Securing access to a protected system
(2) Attempting to secure access to a

protected system
Imprisonment upto 10 years and fine
Whether cognizable?
Whether bailable?
Whether
compoundable?
Relevant court
First appeal lies to

Yes
No
No
Court of Session
High court

29.Sec 70B – Indian Computer Emergency Response Team
Section 70B of the Information Technology Act provides for the Indian Computer Emergency Response Team to serve as national agency for incident response. This section states as under:
70B. Indian Computer Emergency Response Team to serve as national agency for incident response
The Central Government shall, by notification in the Official Gazette, appoint an agency of the Government to be called the Indian Computer Emergency Response Team.

The Central Government shall provide the agency referred to in sub-section (1) with a Director-General and such other officers and employees as may be prescribed.

The salary and allowances and terms and conditions of the Director-General and other officers and employees shall be such as may be prescribed. The Indian Computer Emergency Response Team shall serve as the national agency for performing the following functions in the area of cyber security,-
collection, analysis and dissemination of information on cyber incidents,
forecast and alerts of cyber security incidents,
emergency measures for handling cyber security incidents,
coordination of cyber incidents response activities,
issue guidelines, advisories, vulnerability notes and whitepapers relating to information security practices, procedures, preventation, response and reporting of cyber incidents,
such other functions relating to cyber security as may be prescribed.

The manner of performing functions and duties of the agency referred to in sub-section (1) shall be such as may be prescribed.

For carrying out the provisions of sub-section (4), the agency referred to in sub-section (1) may call for information and give direction to the service providers, intermediaries, data centers, body corporate and any other person.

Any service provider, intermediaries, data centers, body corporate or person who fails to provide the information called for or comply with the direction under sub-section (6), shall be punishable with imprisonment for a term which may extend to one year or with fine which may extend to one lakh rupees or with both.

No court shall take cognizance of any offence under this section, except on a complaint made by an officer authorised in this behalf by the agency referred to in sub-section (1).

SUMMARY:
Acts penalized

(1) The accused did not provide the information called for by the Indian Computer Emergency Response Team
(2) The accused did not comply with a direction of Indian Computer Emergency Response Team
Punishment

Imprisonment upto 1 year and / or fine upto Rs 1 lakhWhether cognizable? No
Whether bailable?Yes
WhetherYes.

compoundable?
However, it shall not be compounded if the crime affects the socio economic
conditions of the country or has been committed against a child below the age of
18 years or against a woman
Relevant court First Magistrate of the first class

First appeal lies to Court of Session

30. Sec 71 – Penalty for misrepresentation
Punishment for publishing or transmitting of material containing sexually explicit act, etc., in electronic form is covered by section 71 of the Information Technology Act. This section states as under:
71. Penalty for misrepresentation.

Whoever makes any misrepresentation, to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any licence or Electronic Signature Certificate, as the case may be, shall be punished with imprisonment for a terms which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

This section applies to:
a person, who, for obtaining an electronic signature certificate
(a) makes a misrepresentation to the Certifying Authority or
(b) suppresses any material fact from the Certifying Authority. a person obtaining a license to operate as a Certifying Authority
(a) makes a misrepresentation to the Controller or
(b) suppresses any material fact from the Controller.

SUMMARY:
Acts penalized

(1) Misrepresentation to the Controller for obtaining any licence(2) Suppression of any material fact from the Controller for obtaining any licence(3) Misrepresentation to the Certifying Authority for obtaining any Electronic Signature Certificate
(4) Suppression of any material fact from the Certifying Authority for obtaining any Electronic Signature Certificate.

Punishment Imprisonment upto 2 years and / or fine upto ‘ Rs 1 lakhWhether cognizable? No
Whether bailable?Yes
WhetherYes.

compoundable?
However, it shall not be compounded if the crime affects the socio economic
conditions of the country or has been committed against a child below the age of
18 years or against a woman.Relevant court
First appeal lies to

Magistrate of the first class
Court of Session
31. Sec 72 – Breach of confidentiality and privacy
Penalty for breach of confidentiality and privacy is covered by section 72 of the Information Technology Act. This section states as under:
72. Penalty for breach of confidentiality and privacy.

Save as otherwise provided in this Act or any other law for the time being in force, if any person who, in pursuance of any of the powers conferred under this Act, rules or regulations made thereunder, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

The essential elements of this section are:
It applies to persons who have secured access to some information in pursuance of a power granted under the IT Act or its allied laws (e.g. police, adjudicating officers, Controller etc.).

Such persons must disclose this information to a third person without authorisation.

There must be no law which permits such disclosure of information.

SUMMARY
Acts penalized (1) Disclosure of records without consent
(2) Person who discloses records must
have obtained the same in pursuance of
powers conferred under the Information
Technology Act or allied rules, regulations
Etc
Punishment Imprisonment upto 2 years and / or fine
upto Rs 1 lakhWhether cognizable? No
Whether bailable? Yes
Whether Yes.

compoundable? However, it shall not be compounded if
the crime affects the socio economic
conditions of the country or has been
committed against a child below the age
of 18 years or against a woman
Relevant court Magistrate of the first class
First appeal lies to Court of Session
Sec 72A – Disclosure of information in breach of lawful contract
Punishment for disclosure of information in breach of lawful contract. is covered by section 72A of the Information Technology Act. This section states as under:
72A. Punishment for disclosure of information in breach of lawful contract.Save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be punished with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh rupees, or with both.

This section applies to: any person (including an intermediary) who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person. This person will be penalised if he discloses such material:
without the consent of the person concerned, or in breach of a lawful contract, and
with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain.

SUMMARY:
Acts penalized

(1) Disclosure of personal information about some other person
(2) The disclosure must either be without consent or in breach of contract
(3) There must be intention to cause wrongful loss or wrongful gain or knowledge that wrongful loss or wrongful gain may be caused
Punishment

Imprisonment upto 3 years and / or fine upto Rs 5 lakhWhether cognizable?

Yes
Whether bailable?
Whether
Yes
Yes.

compoundable?

However, it shall not be compounded if the crime affects the socio economic conditions of the country or has been committed against a child below the age of 18 years or against a woman
Relevant court
First appeal lies to

Magistrate of the first class
Court of Session
33.Sec 73 – Publishing false Electronic Signature Certificate
Penalty for publishing Electronic Signature Certificate false in certain particulars is covered by section 73 of the Information Technology Act. This section states as under:
Penalty for publishing Electronic Signature Certificate false in certain particulars.

No person shall publish a Electronic Signature Certificate or otherwise make it available to any other person with the knowledge that –
the Certifying Authority listed in the certificate has not issued it or
the subscriber listed in the certificate has not accepted it or
the certificate has been revoked or suspended,
unless such publication is for the purposes of verifying a digital signature created prior to such suspension or revocation.(2) Any person who contravenes the provisions of sub-section (1) shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

SUMMARY:
Acts penalized

(1) Publishing an Electronic Signature Certificate with the knowledge that the Certifying Authority listed in it has not issued it
(2) Publishing an Electronic Signature Certificate with the knowledge that the subscriber listed in it has not accepted it
(3) Publishing an Electronic Signature Certificate with the knowledge that the certificate has been revoked or suspended
Punishment
Whether cognizable?

Imprisonment upto 2 years and / or fine upto Rs 1 lakhYes
Whether bailable?
Whether
Yes
Yes.

compoundable?

However, it shall not be compounded if the crime affects the socio economic conditions of the country or has been committed against a child below the age of 18 years or against a woman
Relevant court
First appeal lies to

Magistrate of the first class
Court of Session

34.Sec 74 – Publication for fraudulent purpose
Publication for fraudulent purpose.

Whoever knowingly creates, publishes or otherwise makes available a Electronic Signature Certificate for any fraudulent or unlawful purpose shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

SUMMARY:
Acts penalized
Punishment
Whether cognizable?

Knowingly creating, publishing or making available an Electronic Signature Certificate for any fraudulent or unlawful purpose.

Imprisonment upto 2 years and / or fine upto Rs 1 lakhNo
Whether bailable?
Whether
Yes
Yes.

compoundable?

However, it shall not be compounded if the crime affects the socio economic conditions of the country or has been committed against a child below the age of 18 years or against a woman.

Relevant court
First appeal lies to

Magistrate of the first class
Court of Session

Post Author: admin