Cybersecurity Offenses Under The Cybersecurity Act
1. Introduction
Cybersecurity offenses in India are primarily governed by:
Information Technology Act, 2000 (IT Act)
Amendments in 2008
Related provisions in IPC and Indian Penal Code sections for cybercrime overlap.
The Cybersecurity Act (a term often used for IT Act and allied regulations) criminalizes unauthorized access, hacking, data breaches, identity theft, cyberterrorism, and other malicious acts online.
Key Objectives
Protect data integrity and confidentiality.
Prevent unauthorized access, hacking, and cyber fraud.
Punish offenses related to digital identity theft, phishing, and cyberstalking.
Address cyberterrorism and threats to national security.
2. Key Legal Provisions Under IT Act
| Section | Offense | Penalty |
|---|---|---|
| Sec 43 | Unauthorized access, damage to computer/data | Compensation to affected party |
| Sec 66 | Hacking / cyber fraud | Up to 3 years imprisonment or fine |
| Sec 66B | Punishment for theft of computer resources | 3 years imprisonment + fine |
| Sec 66C | Identity theft / fraud | Up to 3 years imprisonment + fine |
| Sec 66D | Cheating by impersonation using computer | Up to 3 years imprisonment + fine |
| Sec 66E | Violation of privacy | Up to 3 years imprisonment or fine |
| Sec 66F | Cyberterrorism | Life imprisonment |
| Sec 67 | Publishing obscene material online | 3 years + fine |
| Sec 70 | Unauthorized disclosure of password / breach | Penalty as per case severity |
3. Important Case Laws
Here are detailed case studies on cybersecurity offenses:
Case 1: Shreya Singhal v. Union of India (2015)
Facts:
Challenge to Section 66A of IT Act, which criminalized offensive online posts. Many arrests occurred for social media posts.
Law Applied:
IT Act Sections 66A and 69
Fundamental Rights (Article 19 - Freedom of Speech)
Held:
Supreme Court struck down Section 66A as unconstitutional, violating freedom of speech.
Emphasized that online speech must be protected unless it incites violence, hatred, or public disorder.
Importance:
Landmark case protecting freedom of expression online.
Clarified limits of cybersecurity enforcement concerning speech.
Case 2: State v. Mohd. Farooq (2005)
Facts:
Farooq hacked into a bank’s server, altering balances and transferring money to his account.
Law Applied:
IT Act Section 66 (Hacking)
IPC Sections 420 (cheating), 406 (criminal breach of trust)
Held:
Court held Farooq criminally liable for hacking and cyber fraud.
Imposed imprisonment and fine, highlighting dual application of IT Act and IPC.
Importance:
First major cyber fraud conviction in India.
Established legal precedent for financial cybercrime prosecution.
Case 3: Tata Consultancy Services v. State of Maharashtra (2010)
Facts:
Insider threat case: employee copied confidential company data to external servers.
Law Applied:
IT Act Sections 43 and 66
Sec 72 (breach of confidentiality)
Held:
Court imposed compensation for damage and punishment for unauthorized access.
Importance:
Emphasized corporate cybersecurity responsibilities.
Reinforced that internal breaches are punishable under IT Act.
Case 4: People’s Union for Civil Liberties v. Union of India (2006)
Facts:
Case concerned state surveillance and interception of digital communications.
Law Applied:
IT Act Sections 69 (interception, monitoring)
Article 21 (Right to Privacy)
Held:
Court ruled that surveillance without due process violates privacy.
Authorized interception only with procedure established by law.
Importance:
Set privacy and cybersecurity compliance standards for government monitoring.
Early precedent for privacy jurisprudence in India.
Case 5: State of Tamil Nadu v. Suhas Katti (2004)
Facts:
Suhas Katti sent obscene emails to women; case was among first for cyberstalking and online harassment.
Law Applied:
IT Act Sections 66, 67, and 66E (violation of privacy)
Held:
Court convicted the accused for harassment and breach of privacy.
Sentenced with imprisonment and fine.
Importance:
First major cyber harassment conviction in India.
Highlighted online stalking as a punishable cybersecurity offense.
Case 6: Anvar P.V. v. P.K. Basheer (2014)
Facts:
Unauthorized distribution of pornographic videos via WhatsApp.
Law Applied:
IT Act Sections 66E and 67
Held:
Supreme Court clarified that electronic evidence must follow IT Act Section 65B rules for admissibility.
Conviction depends on proper digital evidence certification.
Importance:
Important for digital forensics and evidence handling in cybercrime cases.
Strengthened cybersecurity prosecution framework.
Case 7: Delhi Police v. Kapil Wadhwa (2019)
Facts:
Ransomware attack on corporate systems; attacker demanded cryptocurrency ransom.
Law Applied:
IT Act Sections 66, 66C, 66D (hacking and cyber extortion)
IPC Sections 384 (extortion)
Held:
Conviction for cyber extortion and hacking, punishment included jail term and fine.
Importance:
Illustrates modern cybersecurity offenses like ransomware and cryptocurrency extortion.
Reinforces IT Act application in emerging cyber threats.
4. Key Takeaways
Cybersecurity offenses are diverse, including hacking, fraud, identity theft, stalking, and data breaches.
IT Act Sections 43, 66, 66C-F, 67, 72 are most frequently invoked.
Judicial scrutiny balances enforcement with fundamental rights (Shreya Singhal case).
Digital evidence handling is critical (Anvar P.V. case).
Insider threats, corporate breaches, and cyberterrorism are all punishable under the same legal framework.
Penalties range from fines and compensation to imprisonment and life sentences for cyberterrorism.
5. Conclusion
India’s cybersecurity laws, under the IT Act, provide a comprehensive framework to deal with online crimes. Case law illustrates:
Freedom of speech vs. cybersecurity regulation
Corporate responsibility for internal security
Criminal liability for hacking, cyber harassment, and fraud
Importance of digital evidence for prosecution
RELATED Blog
0 comments