CHAPTER - VII

COMPARATIVE STUDY OF CYBER CRIMES

7.1 Introduction

Cyber world is the combination of computers and other communication convergence.1

With the advent of internet, the whole world has become a global village. It has
created a virtual world with no boundaries, which gives people ample opportunities to
ameliorate both personal and professional relationships across borders. The socio-
economic and cultural facets of life have been tremendously affected owing to the rise
of globalization. The cyberspace has been a blessing to human civilization.2 The main
task of the Internet is to connect the people around the world with the desire to know
about the indispensable human nature which led to the unearthing of the cyber world.

In 21st Century, the societies are increasingly getting transformed into knowledge
Societies and their inhabitants into Knowledge Networkers who are more informed of
the events happening locally and globally. Their actions are based on the strong
foundation of knowledge which is universal, objective, timely and retrieved from
various sources.3 Due to this revolution peoples are becoming more conscious about
their rights and opportunities and all the credit for this revolutionary change goes to
computer, internet and information technology. In fact, due to the globalization in the
21st Century the way of the people to communicate and interact with each other all
over the globe has been changed and the communication of earlier times which was
paper based is being substituted by electronic communication.

Comparatively some organizations have identified organized cyber criminal networks

as its most potential cyber security threat and some are ready to defend such security
threats.4 The information technology is a double-edged sword, consistently presenting

1
M. Dasgupta, Cyber Crime in India- A Comparative Study, 2009, p. 1.
2
Tanaya Saha and Akanchs Srivastava, “Indian Women at Risk in the Cyber Space: A Conceptual
Model of Reasons of victimization, International Journal of Cyber Criminology, vol. 8 No. 1, Jan.-
June, 2014, pp. 57-58 available at: http://www.cybercrimejournal.com/ sahasrivasta
vatalijcc2014vol8issue1.pdf (visited on March 6, 2017).
3
Justice T. Ch. Surya Rao, “Cyber Laws- Challenges for the 21st Century,” Andhra Law Times, 2004,
p. 20.
4
Atul Bamara, Gajendra Singh, et.al., “Cyber Attacks and Defense Strategies in india: An Empirical
Assessment of Banking Sector”, International Journal of Cyber Criminology, vol. 7 No. 2, Jan.-
June, 2013, p. 49-50, available at : https://www.researchgate.net/publication/236682638_
Cyber_Attacks_and_Defense_Strategies_in_India_An_Empirical_Assessment_of_Banking_Sector
(visited on March 6, 2017).

208
us with benefits and disadvantages. The increasing opportunities for productivities,
efficiency and worldwide communications brought additional users in droves.5 The
new medium which has suddenly confronted humanity does not distinguish between
good and evil, between national and international, between just and unjust, but it only
provides a platform for the activities which take place in human society. Law as the
regulator of human behaviour has made an entry into the cyberspace and is trying to
cope with its manifold challenges.6

Safety and security has long been merely a question of protection against dangers
from the physical world. Late last century, ‘cyberspace’ arose alongside the old
world. This new world is increasingly intertwined with the traditional offline world
and therefore safety in cyberspace has become a prerequisite for a well-functioning
society. A secure cyberspace means a cyberspace where (and from where) no crime is
7
committed. There are various issues which need to be sort out in Cyber law for a
comprehensive and systematic comparative study.

7.2. Comparative Study in respect of various Cyber Crimes

Cyber crime has proliferated exponentially across the globe; those in the criminal
justice field have lacked suitable and updated knowledge concerning the pedestrian
reality of modern cyber crime. Popular media has created an image of cyber crime
that suggests a lone hacker breaking through seemingly impossible security measures
to access lucrative secret data. Crimes like these are very rare, but cyber crime is all
too common.8 The cyber criminals use the internet for the purpose of committing
fraud, harassment, download illegal pornography, or download stolen music far more
than they use the Internet with the bad intention to violate the security of countries
both at national and international level.

Study has shown that the United States of America and the United Kingdom are the
two traditional giants who are giving a tough defiance to the silicon onslaught. The

5
R.C. Mishra, Cyber Crime: Impact in The New Millennium, 2002, p. 53.
6
Justice T. Ch. Surya Rao, “Cyber Laws- Challenges for the 21st Century,” Andhra Law Times, 2004,
p. 24.
7
Rutger Leukfeldt, Sander Veenstra, et.al., “High Volume Cyber Crime and the Organization of the
Police: The Results of Two empirical Studies in the Netherlands”, International Journal of Cyber
Criminology, vol. 7 No. 1, Jan.- June, 2013, p. 1, available at: http://www.cybercrimejournal.com/
Leukfeldtetal2013janijcc.pdf (visited on Oct. 19, 2014).
8
Jose R. Agustina, “Exploring Internet Crimes and Criminal Behaviour”, Book Review of Cyber
Criminology, vol. 6 No. 2, July- Dec., 2012, p. 1044, available at: http://www.cybercrimejournal.
com/Augustinabookreview2012julyijcc.pdf (visited on March 7, 2013).

209
US bags the highest number of cyber specific legislation followed by the United
Kingdom which apart from having cyber laws, has at the same time applied traditional
laws to the knotty areas, though Judges in United Kingdom were reluctant to apply
the traditional laws to new computer situations and pressed the need to have a
technology specific legislation.9 That’s why these two countries legal systems have
been chosen as the parameters of comparison in almost studies.

Cyber crimes are of current origin and affect the whole world at large, all regional
organizations and State countries have called upon legislatures to draft laws dealing
with these crimes; as a result most of the countries started to do so. In this chapter an
attempt has been made to compare the Indian current status of cyber legislation with
the legislation of United States and United Kingdom for exploring the deficiencies
and inadequacies of Indian cyber laws. A comparative study is mentioned as under:

7.2.1 Definition of Cyber Crime

Laws of India, United States of America and United Kingdom have not defined the
term “cybercrimes” yet while the various authors in the respective countries have
attempted to define it. Strangely, the term ‘cyber crime, or ‘cyber offence’ is neither
defined nor this expression is used under the Information Technology Act, 2000
which was further amended in 2008. In fact, the Indian Penal Code, 1860 does not use
the term ‘cyber crime’ at any point even after its amendment by the Information
Technology (Amendment) Act, 2008.

According to United Nations Manual on the Prevention and Control of Computer

Related Crime that there has been a great deal of debate among experts on just what
constitute a computer crime or a computer-related crime. Even after several years,
there is no internationally recognized definition of those terms. Indeed throughout this
manual the terms computer crime and computer related crime will be used
interchangeably.10 The U.S Department of Justice, in its manual on computer crime,
defines such crimes as any violations of criminal law that involve a knowledge of
computer technology for their perpetration, investigation, or prosecution.11

9
Talat Fatima, Cyber Crimes, 2011, p. 453.
10
United Nations Manual on the Prevention and Control of Computer Related Crime, 1994, p. 5,
available at: http://216.55.97.163/wp-content/themes/bcb/bdf/int_regulations/un/CompCrims_
UN_Guide.pdf, (visited on March 15, 2017).
11
“Computer Crime Law and Legal Definition”, available at: https://definitions.uslegal. com/c/
computer-crime/, (visited on March 15, 2017).

210
7.2.2 Taxonomy of Cyber Crimes

United States of America is the birthplace of the Internet and experienced the first
computer facilitated crime in the year 1969.12 The United States of America has not
provided any statutory categorisation of cyber crimes. In United Kingdom, the
Computer Misuse Act, 1990 has categorised cybercrimes into three categories:

i. Offences against the confidentiality, integrity and availability of computer

data and systems
ii. Computer Related Offences
iii. Content Related Offences

While in India the cyber crimes are given under Chapter XI of the Information
Technology Act, 2000 under the heading of ‘Offences’ which deals with the various
types of offences which is done in the electronic form or concerning with computers,
computer systems, computer networks. Hereunder are mentioned those cyber crimes
which are punishable under the Information Technology Act, 2000 under separate
sections. These are as follows:

i. Tampering with computer source documents

ii. Computer related offences
iii. Sending offensive messages through communication service
iv. Dishonestly receiving stolen computer resource or communication device
v. Identity Theft
vi. Cheating by personation by using computer resource
vii. Violation of privacy
viii. Cyber terrorism against the government organization
ix. Publishing of information, which is obscene in electronic form
x. Publishing or Transmitting of Obscene Material in Electronic form
xi. Access protected system
xii. Breach of confidentiality and privacy
xiii. Disclosure of information in breach of lawful contract
xiv. Offences by Companies

12
Supra note 9. p. 454.

211
7.2.3 Hacking or Unauthorised Access

Hacking in cyberspace is not only national but also international legal challenge
which requires global standard security measures and controlling policy through
worldwide intensive study and research.13 It is the “least included offence” in
hierarchical series of crimes that become progressively more serious, as aggravating
harms and culpability states are added to the base offense. Penal provision is of vital
importance in protecting and preventing information technology from criminal
activity.14 Many countries have made the unauthorized access to data or information
as a punishable offence on recommendations of the OECD and the Council of Europe
Convention.

In India, before the amendment made by the Information Technology (Amendment)

Act, 2008, the offence covered under section 66 was ‘Hacking with Computer
System’. But now hacking is replaced by ‘Computer related offences’. Under section
66 hacking becomes an offence only when it is committed dishonestly or fraudulently.
If any person causes a computer resource to perform a function with dishonest or
fraudulent intent to secure access, knowing that the access he intends to secure is
unauthorized then that person is liable with imprisonment for a term which may
extend to three years or with fine which may extend to five lakh rupees or both.

In Sanjay Kumar v. State of Haryana15 case, the manager of Vijay Bank, NIT,
Faridabad, filed a complaint to police by stating that the petitioner was deputed by
M/S Virmati Software and Telecommunication Ltd. to maintain the software system
supplied by them to the Bank. But the petitioner has manipulated the interest entries
of computerized bank account and thereby cheated the complainant bank by forging
electronic record in order to cause wrongful loss to the bank. But the court found him
guilty and convicted him for an offence punishable under section 65 and 66 of IT Act
read with 420, 467, 468 and 471 of IPC and sentenced for rigorous imprisonment but
the petitioner filed an appeal against such order which was dismissed by the appellate
court and upheld the trial court judgment.

13
Supra note 1, p. 52.
14
Amita Verma, Cyber Crimes & Law, 2009, p. 67.
15
(2013) CRR 66 (O&M) 1.

212
In State of A.P v. Prabhakar Sampath16 case, the complainant M/S SIS Infotech Pvt.
Ltd., Hyderabad, carrying the business of research station, filed a complaint by stating
that somebody successfully hacked their server and downloaded their e-reports
through some free public sites. After investigation made by the police, the accused
was found guilty and charged under section 66 of IT Act for hacking content server of
complainant’s company.

In the United State of America Computer Fraud and Abuse Act, 1986 deals with the
offence of ‘Hacking’ which is per se illegal only with respect to computers used
exclusively by the Government of the United States. Hacking to all other computers,
for instance, those used non exclusively by the federal government, including
computers containing national security records, and those containing financial and
credit records require some further act or damage to occur in order for criminal
penalties to apply.17 Other Acts like Data Protection Act, 1998 has been passed to
control the use and storage of personal data or information relating to individuals
under § 1030 and the Spyware Control and Privacy Protection Act, 2000 is such an
Act to prevent and control hacking in the USA.18

In United States v. Harris19 case, the accused was charged and convicted by the court
under Computer Fraud and Abuse Act for unauthorized access to her employer’s
computer system and obtained the Social Security Numbers of several people in order
to target them in a fraudulent credit card scheme.

On December 2, 2015, the United States Department of Justice20 announced through

press release that a northern California man who operated the Internet’s best known
“revenge porn” website was sentenced to 30 months in federal prison for hiring
another man to hack into e-mail accounts to steal nude photos that were later posted
on his website.

16
(2015) Cr. Comp 489/2010, Hyderabad.
17
Tonya L. Putnam and David D. Elliott, “International Responses to Cyber Crime”, University of
Petroleum and Energy Studies Review 1, 1999, pp. 39-40, available at: http://www.
hoover.org/sites/default/files/uploads/documents/0817999825_35.pdf (visited on March 6, 2017)
18
Supra note 1, p. 74.
19
(2002) 302 F 3d 72 EDNY (2nd Cir Court).
20
United States Department of Justice, Dec. 2, 2015, available at: https://www.justice.gov/usao-
cdca/pr/operator-revenge-porn-website-sentenced-2-years-federal-prison-email-hacking-scheme
(visited on April 9, 2017).

213
On December 15, 2015, it was announced through press release by the United States
Attorney of Department of Justice21 that three men of Florida, New Jersey and
Maryland were arrested and charged for Hacking, Spamming Scheme and identity
theft scheme that have targeted personal information of 60 million people and
generated more than $ 2 million in illegal profits.

But in United Kingdom the term ‘Hacking’ is not used but it covered under
‘unauthorised access.’ Computer Misuse Act (CMA), 1990 has been passed in United
Kingdom which introduces three new criminal offences under sections 1 to 3; firstly,
unauthorized access to computer material means to use a computer without
permission is a punishable offence. Secondly, it is to be called more malicious
hacking or cracking if unauthorized access to computer material is done with intent to
commit or facilitate commission of further crimes. Thirdly, unauthorized modification
of computer material is also a punishable offence. After this, certain amendments has
been made in CMA relating to hacking by the part 2 of Serious Crime Act, 2015
which provides that if any unauthorized act results in serious damage to human
welfare or national security, than the person shall be liable upto the maximum
punishment of life imprisonment and if any unauthorized act results in serious damage
to economy or the environment than the maximum sentence is 14 years.

In DPP v. Bignell22case, the issue was raised before the court that whether a person
will be guilty of the unauthorized access where he is authorized to access computer
data but exceeds his authorization for unauthorized purposes. Here in the present case,
two police officers used the computer and took information from a police database
and used this information for their private purposes. The Divisional Court of Queen’s
Bench Division held that their conduct did not constitute unauthorized access because
they were very much authorized to control access to the material in question.

On October, 2013, the National Crime Agency of United Kingdom arrested a

Computer Science student named Lauri Love23, under Computer Misuse Act for

21
United States Department of Justice, District Court of New Jersey, Dec.15, 2015, available at:
https://www.justice.gov/usao-nj/pr/three-men-arrested-hacking-and-spamming-scheme-targeted-
personal-information-60-million (visited on April 9, 2017).
22
(1998) 1 Cr App R 1.
23
“Lauri Love the Student Accused of Hacking the US”, available at: http://www.
computerweekly.com/feature/Lauri-Love-the-student-accused-of-hacking-the-US (visited on April
10, 2017).

214
associated with a hacking group and charged with extraterritorially stealing data from
United States Government computers including the Federal Reserve, US Army,
Missile Defence Agency and NASA via Hacking. By a verdict of United Kingdom
Court, on September 2016, he was extradited to United States to face charges for
hacking. He could be sentenced upto 99 years of imprisonment if he found guilty by
the United States Court.

Now the Indian law is close to United States of America and United Kingdom in this
respect. Under United States law mens rea is not recognised but it is recognised both
under United Kingdom and India. Criminal liability is imputed under United
Kingdom and Indian laws but not in United States of America. In India it is imputed
only if it done with dishonest or fraudulent intention to cause wrongful gain or
wrongful loss.

7.2.4 Cyber Terrorism

In India, there was no specific section under the originally IT Act, 2000 under which
sending of threatening emails, which may cause harassment, anxiety nuisance and
terror or which may seek to promote instability, have been made a penal offence. But
now the Information Technology (Amendment) Act 2008 for the first time made
provision for cyber terrorism and defines it under section 66F with the imprisonment
of life which is considered as the highest punishment under this Act. Clause 1(A) of
section 66 F deals with cyber terrorism that directly affects or threatens to affects the
people with the purpose to threaten the unity and integrity or security of the nation
and to fill the terror into the mind of the peoples. Clause 1(B) of this section deals
with cyber terrorism that directly affects the State by unauthorized access to restricted
information, data or computer database. Section 124 A of Indian Penal Code can also
be applied because the damage is caused to national property and as integrity of the
nation is also jeopardised.

For example, in 2008, serial blasts in Ahmadabad, Delhi, Jaipur and Banglore are the
live examples of the cyber terrorism in India. In 2008 attack on Mumbai Taj Hotel
which is also known as 26/11 and the Varanasi blast in 2010 had the trails of cyber
terrorism.24 The main purpose of the cyber terrorist is to gather the restricted

24
Jyoti Rattan, Cyber Laws & Information Technology, 2014, p. 261.

215
information and to spread terror by cyber communications method for disruption of
national security, unity, integrity and peace etc.

In December, 2010 the website of Central Bureau of Investigation (CBI) was hacked
by programmers identifying themselves as “Pakistani Cyber Army”. From January to
June, 2011 a total of 117 government websites had been defaced.25 At that time some
other important websites of National Investigation Agency were also affected.

On December, 2014, Mehndi Masroor Biswas26, a prominent supporter of the Islamic

State, on Twitter was charged under section 66 F of Information Technology Act,
2000 for cyber terrorism and under the Unlawful Activities (Prevention) Act, 1967 for
advocating terrorism, facilitating recruitment for terrorist and for supporting a terrorist
organisation and under Indian Penal Code for waging war against India and sedition.
A special terrorism court in Bangalore has ruled that the police have sufficient
evidence for prosecuting him as reported by the Indian Express.

In the United States of America, the Computer Fraud and Abuse Act, 1986 has been
passed which was further amended in 1994 and 1996. But after Sep. 11, 2001, an
attack on World Trade Centre and Pentagon, the United States of America passed the
Patriot Act, 2001 and recognised hacking as cyber terrorism and for the first time
defines the term “cyber terrorism”. It provides that if any person who causes
unauthorized damage to a protected computer by either knowingly causing the
transmission of a program, information, code, or command, or intentionally and
unauthorizedly accessing a protected computer shall be liable to punishment.

In United States v. William Sutcliffe27 case, the defendant was sentenced for making
interstate threats to cause injury, killing and posting thousands of social security
numbers on websites. The United States District Judge imposed restrictions that after
his release he cannot access computer and must not communicate with victims and
witnesses.

On January 12, 2015, CyberCaliphate hacking group obtained access to the Twitter
and You Tube accounts for U.S. Central Command and utilized the accounts to send

25
Ibid.
26
“In a first, Pro-Islamic State Twitter Activist to Face Cyber Terrorism Charges”, (Last Modified on
May 13, 2016), available at: http://www.firstpost.com/india/in-a-first-pro-islamic-state-twitter-
activist-to-face-cyber-terrorism-charges-2779982.html (visited on April 10, 2017).
27
US Department of Justice (2007).

216
the message “American soldiers, we are coming, watch your back, ISIS.” On
February 10, 2015, Cyber Caliphate hacking group hacked the Twitter accounts of
Newsweek and Latin Times, and the mobile message provider for WBOC News.
Then they tweeted from the Newsweek Twitter account “Bloody Valentine’s Day, #
Michelle Obama! We’re watching you, your girls, and your husband!”28

As compare to India and United States of America, the United Kingdom has enacted
the Data Protection Act, 1984 before the Terrorism Act, 2000 and in the year 1990 to
prevent and control cyber terrorism which defines the term “Terrorism” as including
the use or threat of action that is designed seriously to interfere with or seriously to
disrupt an electronic system designed; to influence the government or to intimidate
the public or a section of the public, and made for the purpose of advancing a
political, religious or ideological cause. Serious Crime Act, 2015 provides that if any
unauthorized act results in serious damage to human welfare or national security, than
the person shall be liable upto the maximum punishment of life imprisonment.

In April 2005, one Algerian named Kamel Boungass had allegedly links with Al-
Quida was convicted for poison attack against the United Kingdom.29 But in modern
time period apart from these methods the modern terrorists are trying to access to
computer, computer system, computer network of government unauthorizedly by
violating the provisions of the computer Misuse Act, 1990 and the Data Protection
Act, 1984.

7.2.5 Cyber Pornography

In India, section 292 to 294 of IPC contained the Indian law of obscenity. However,
the IT Act, 2000 was deficient in dealing with obscenity before amendment by IT
Amendment Act, 2008. It has reformed the Indian law of obscenity to a greater extent.
Now, the Information Technology Act, 2000 after amendment states that storing or
private viewing of pornography is legal as it does not specifically restrict it. On the
other hand transmitting or publishing the pornographic material is illegal. There are
some sections of Information Technology Act, 2000 which prohibit cyber
pornography with certain exceptions to Section 67 & 67A. The combined effect of

28
Central Bureau of Investigation, United States, available at: http://c.ymcdn.com/sites/
www.issa.org/resource/resmgr/2015_April_CISO_Forum/Cyber_Espionage_and_Cyberter.pdf
(visited on April 10, 2017).
29
Supra note 1, p. 206.

217
sections 66 E, 67, 67A and 67 B is to differentiates between cyber pornography, child
pornography and mainstream pornography and to bring the online pornography within
the legal regime. For offence under section 67 the person shall be punished on first
conviction with imprisonment which may extend to three years and with fine which
may extend to five lakh rupees and in the event of a second or subsequent conviction
with imprisonment which may extend to five years and with fine which may extend to
ten lakh rupees.

Under section 67 A if any person whoever publishes or transmits or cause to be

published or transmitted in the electronic form any material which contains sexually
explicit act or conduct shall be punished on first conviction with imprisonment of
either description for a term which may extend to five years and with fine which may
extend to ten lakh rupees and in the event of second or subsequent conviction with
imprisonment of either description for a term which may extend to seven years and
also with fine which may extend to ten lakh rupees. For the offence of child
pornography under section 67 B, the person shall be punished on first conviction with
imprisonment of either description for a term which may extend to five years and with
a fine which may extend to ten lakh rupees and in the event of second or subsequent
conviction with imprisonment of either description for a term which may extend to
seven years and also with fine which may extend to ten lakh rupees.

As regards the Cyber pornography, most of the reported Indian Cases are disposed of
in the lower court at the magisterial level. However, the case of State of Tamil Nadu v.
Suhas Katti30 deserves a special mention in this context because this case was
disposed of within a record period of seven months from the date of filing of the FIR
by the expeditious investigation made by the Chennai Cyber Crime Cell (CCC). This
is a landmark case which is considered to be the first case of conviction under section
67 of Information Technology Act in India which makes this section is of the
historical importance. In this case, some defamatory, obscene and annoying messages
were posted about the victim on a yahoo messaging group which resulted in annoying
phone calls to her. She filed the FIR and the accused was found guilty under the
investigation and was convicted under section 469, 509 of IPC and section 67 of
Information Technology Act.

30
(2004) Cr. Comp 4680, Egmore, available at: http://lawnn.com/tamil-nadu-vs-suhas-kutti/ (visited
on April 5, 2017).

218
In Mohammed v. State31 case the Gujarat High Court analyzed section 67 of IT Act
and held that it is not applicable to the cases of threatening email received by the
Chief Minister of Gujarat.

In United States of America, there are two child pornography laws i.e. The Child
Pornography Prevention Act, 1996 and the Child Online Protection Act, 1998. The
former Act prohibits the use of computer technology to knowingly produce child
pornography, that is, depictions of sexually explicit conduct involving or appearing to
involve minors. The latter Act requires commercial site operators who offer material
deemed to harmful to minors to use bonafide methods to establish the identity of
visitors to their site. The Communication Decency Act, 1996 has been passed to
protect minors from pornography. The CDA states that any person, who knowingly
transports obscene material for sale or distribution either in foreign or interstate
commerce or through the use of an interactive computer service, shall be liable to
imprisonment upto five years for a first offence and up to ten years for each
subsequent offence.

In State v. Maxwell32 case, the defendant was charged for act of bringing child
pornography into the State where both the defendant and the victim were the residents
of the State of Ohio while the service provider’s servers were located in Virginia.
According to the Ohio statute knowledge on the part of the defendant was required,
although the defendant was seemed to be ignorant of the fact the disputed
transmission crossed the State lines yet. The Hon’ble Supreme Court of Ohio upheld
the conviction by applying the strict liability standard concerning transmission.

On December 2, 2015, it was announced through press release by the United States
Department of Justice33 that a northern California man who operated the Internet’s
best known “revenge porn” website was sentenced to 30 months in federal prison for
hiring another man to hack into e-mail accounts to steal nude photos that were later
posted on his website.

In United Kingdom legislation, traditionally, it is not an offence to possess obscene

material in private as long as there is no attempt to publish, distribute or show it to

31
2010 [SCR. A/1832/2009] Guj.
32
(2002) 95 Ohio St 3d 254 : 767 NE 2d 242.
33
Available at: https://www.justice.gov/usao-cdca/pr/operator-revenge-porn-website-sentenced-2-
years-federal-prison-email-hacking-scheme (visited on April 9, 2017).

219
others. But as regards, child pornography possession as well as circulation is
criminalised. Section 160 of the Criminal Justice Act, 1988 makes it an offence for a
person to have any indecent photograph of a child in his possession.34 In United
Kingdom, pornography has been divided into three parts, soft-core pornography,
hardcore pornography and extreme pornography. Extreme pornography is illegal to
even possess as on January 2009 and carries a three year imprisonment.35

Sections 63 to 67 of the Criminal Justice & Immigration Act, 2008 provides that it an
offence to possess pornographic images that depict acts which threaten a person’s life;
acts which result in or are likely to result in serious injury to a person’s anus, breasts
or genitals; bestiality; or necrophilia. This Act also excludes classified films etc. from
its purview and also provides for defences and the penalties for the commission of
such offences.

After this there are other Act’s which deals with obscenity including the Obscene
Publications Act, 1959 and 1964, Telecommunications Act, 1984 and Criminal
Justice Act, 1988. Criminal Justice Act, 1988 has been passed which explains under
section 160 as amended by section 84(4) of the Criminal Justice and Public Order Act
(CJPOA), 1994 that it is an offence for a person to have an indecent photograph or
pseudo-photograph of a child in his possession. This offence is now a serious arrest
able offence with a maximum imprisonment term not exceeding six months.

In R. v. Bowden36 case, the court held that downloading and printing images from the
internet fell within the concept of ‘making’ and held liable under the Act. Similar
issue came up before the court in R v. Westgarth and Jayson37 case. In this case the
prosecution was able to prove that the defendant was aware of the caching function
within his browser software and the court held that the mere act of voluntarily
downloading an indecent image from a webpage on to computer screen is an act of
‘making.’

34
Chris Reed, Computer Law, at 300 (2003).
35
“Cyber Pornography”, available at: http://www.lawyersclubindia.com/articles/Cyber-Pornography-
6396.asp (visited on April 12, 2016).
36
(2000) 1 Cri App R 438, 444.
37
(2002) EWCA Cri 683.

220
In 2014, FBI arrested Hunter Moore38, the operator of revenge pornography website
where sexually explicit photos were posted without subject’s consent, along with his
co-defendants Charles Evens who obtained the photos through hacking the email
accounts and charged both of them with conspiracy as well as seven counts
unauthorised access to a protected computer to obtain information and for identity
theft. Revenge porn was legislated against in the United Kingdom in Criminal Justice
and Courts Act, 2015 which hands down sentences for distributing a private sexual
image of someone without consent and with the intention of causing them distress.
Moore has been sentenced to two and a half years and Evens was sentenced to two
years and one month by the United Kingdom Court.

The Communication Decency Act, 1996 of United States of America and the Obscene
Publications Act, 1959 of United Kingdom both differentiates between mainstream
pornography and child pornography while in India no such difference exists under
section 292 of IPC though the IT Act after amendment in 2008 has regarded obscenity
as an offence but separately defined child pornography with punishment under section
67B. In United States of America possession of obscene material is not an offence but
publishing or transmission of obscene material is an offence while in United Kingdom
and India, mere possession of obscene material is not an offence. In United States of
America, child accessibility to porn sites is prohibited while in India browsing and
downloading child porn images are punishable offence.

7.2.6 Cyber Stalking

The legislation on cyber stalking are varies from country to country. In India, there
were no laws which directly regulate cyber stalking prior February 2013 it was
covered under section 66A,72 and 72 A of IT Act, 2000. In 2013, Indian parliament
made amendments in Indian Penal Code, 1860 by introducing cyber stalking as
criminal offence by passing Criminal Law (Amendment) Act, 2013. Cyber stalking is
not directly recognized cyber crimes in India under Section 66 A by the Information
Technology (Amendment) Act 2008 and under section 72, 72A. Section 66 A
provides punishment for sending offensive messages through communication service
etc and section 72 provides for breach of confidentiality and privacy.

38
“Hunter Moore gets 2.5 Years for Revenge Porn Hacking” , available at: https://www.
cmagazineuk.com/hunter-moore-gets-25-years-for-revenge-porn-hacking/article/535569/ (visited on
April 10, 2017).

221
The Hon’ble Supreme Court declared it as unconstitutional and against the freedom
of speech and expression and struck it down in Shreya Singhal and others v. Union of
India39. This section had been misused by police in various states to arrest the
innocent person for posting critical comments about social and political issues on
networking sites. Ritu Kohli’s case was the India’s first case of cyber stalking, which
was registered by Economic offences Wing of Delhi Police under section 509 IPC for
outraging the modesty of a woman. Section 503 0f IPC provides for stalking and also
harassment. Further, section 504 provides a remedy for use of abusive and insulting
language. This is another form in which cyber stalking takes place where abusive
words etc. are sent through e-mail.

In United States, cyber stalking is a criminal offense under American anti-stalking,

slander, and harassment laws. A conviction can result in a restraining order,
probation, or criminal penalties against assailant, including jail. Cyber stalking
specifically has been addressed in recent U.S. federal law. For example, the Violence
against Women Act passed in 2000, made cyber stalking a part of the federal
interstate stalking statute. Still, there remains a lack of federal legislation to
specifically address cyber stalking, leaving the majority of legislative at the state
level. A few states have both stalking and harassment statutes that criminalize
threatening and unwanted electronic communications.40 The first anti-stalking law
was enacted in California in 1990, and while all fifty states soon passed ant-stalking
laws, by 2009 only 14 of them had laws specifically addressing “high-tech stalking.41

In United States of America almost every state has laws dealing with cyber stalking.
US federal Code 18 under section 2261 A (2) states that whoever with the intent uses
the mail, any interactive computer service, or any facility of interstate of foreign
commerce to engage in a course of conduct that causes substantial emotional distress
to that person or places that person in reasonable fear of the death of, or serious bodily
injury shall be liable under section 2261 B (b) for a imprisonment which may extend
upto life imprisonment if the death of the victim results; for not more than 20 years if
permanent disfigurement or life threatening bodily injury to the victim results; for not
39
AIR 2015 SC 1523.
40
“Cyber Stalking”, available at: http://en.wikipedia.org/wiki/cyberstalking (visited on April 12,
2016).
41
Christa Miller, “High-Tech Stalking, Law Enforcement Technology”, available at: http://www.
officer.com/article/10233633/high-tech-stalking (visited on March 6, 2017).

222
more than 10 years, if serious bodily injury to the victim results or if the offender uses
a dangerous weapon during the offense.

New Jersey v. Dharun Ravi42, is a case of cyber stalking in which a college student
named Ravi secretly made a film of his roommate’s sexual intimation with another
man and then posted this online. By this act of Ravi, she committed suicide and Ravi
was convicted for bias intimidation and invasion of her privacy. In 2012, the judges
ruled that they believe Ravi was acted out of colossal insensitivity, not hatred and
sentenced him for 30 days in jail and also with fine.

On December 9, 2015, it was announced through press release by the United States
Department of Justice43 that a former United States Department employee pleaded
guilty and charged for internationally extensive cyber stalking, e-mail phishing,
computer hacking, and sextortion scheme against hundreds of victims in the United
States.

In United Kingdom, there are various laws which deal with stalking and cyber
stalking. The Protection of Freedoms Act, 2012 has been passed which created two
new offences of stalking by inserting sections 2A and 4A into the Protection from
Harassment Act (PHA), 1997. Section 2A creates a specific offence of stalking and a
person guilty of it shall be liable for a imprisonment not exceeding 51 weeks or with
fine not exceeding level 5 of standard scale or both. Section 4 A creates the offence of
stalking involving a fear of violence or serious alarm or distress and a person guilty of
it shall be liable for a imprisonment not exceeding 5 years or with fine or both on
indictment or a imprisonment not exceeding twelve month or fine not exceeding
statutory maximum or both on summary conviction. Under this Act, stalking element
is defined as those acts which include monitoring a person online, contacting a
person, loitering in a public or private place, interfering with property or spying. The
Malicious Communication Act, 1988 makes it illegal to send or deliver letters or other
articles for the purpose of causing distress or anxiety by electronic communication.
There are other Act’s which deals with stalking including the Offences against the

42
(March, 2012), SC New Jersey, available at: https://en.wikipedia.org/wiki/New_Jersey_v._
Dharun_Ravi (visited on April 10, 2017).
43
Available at: https://www.justice.gov/opa/pr/former-us-state-department-employee-pleads-guilty-
extensive-computer-hacking-cyberstalking (visited on April 9, 2017).

223
Persons Act, 1861, Criminal Justice and Public Order Act, 1994, Wireless Telegraphy
Act, 2006.

In R v. Curtis44 case, the Hon’ble Court held that it is necessary to prove that the
conduct is unacceptable to a degree which would sustain criminal liability, and also it
must be oppressive in nature. The court earlier held in the case of C v. CPS45 that it is
important to note that matters to constitute the course of conduct amounting to
harassment must be properly particularized in the information laid or in the
indictment. However, the Hon’ble court has earlier ruled that the incident could be
accepted only when it amounting to a course of conduct as laid down in Pratt v.
DPP46 case.

7.2.7 Cyber defamation

In India, the term ‘cyber defamation’ is not specially used and defined under section
66A of the IT Act, 2000 but it makes punishable the act of sending grossly offensive
material for causing insult, annoyance or criminal intimidation . Indian Penal Code
contains the menace of cyber defamation under section 499 which was got extended
to ‘speech’ and ‘documents’ in electronic form by the IT Act, 2000. The offence of
defamation under section 499 provides for making a publishing of an imputation
concerning a person such imputation have been made with intent to harm a having
reason to believe that it will harm reputation of such persons. The defamatory matter
is published i.e. communicated to some person other than the person about whom it is
addressed. In India, an e-mail making allegations against the person to whom it is sent
would not quality as a defamatory state so long as it a not sent to a third person.
Statements on mailing lists and the World Wide Web world are defamatory as they
would be available to persons other than the person to whom they refer.

On January 30, 2017, the Hon’ble Metropolitan Magistrate Court issued summons to
Delhi Chief Minister Arvind Kejriwal and suspended BJP Parliament Kirti Azad in a
defamation complaint filed by the Vice President of Delhi and District Cricket
Association by alleging them of defaming the cricket association by passing
“scandalous” remarks. The Hon’ble court said “it is prima facie clear that Chief

44
(2010) EWCA 123.
45
(2008) EWHC 148.
46
(2001) EWHC 483.

224
Minister, Kejriwal has made a serious defamatory remark only on the basis of hearsay
information received from his friend”. The court observed that “such a drastic
statement and that too from the Chief Minister, may have negative impact and leave
an adverse impression in the mind of cricketers, officials and public at large,
impacting reputation of Delhi and District Cricket Association, its organisational
functioning and the transparency of the selection process.”47 The court also noted that
the above mentioned statement was broadcast by a private news channel and widely
published in all national dailies as well as carried on internat.

In United States of America, the Communications Decency Act (CDA), 1996 is one
of the most valuable tools for protecting freedom of expression and innovation on the
internet. Section 223 of the Act lays down that any person who puts the information
on the web which is obscene, lewd, lascivious, filthy or indecent with intent to annoy,
abuse, threaten or harass another person will be punished either with imprisonment or
with fine. Section 230 of the Act provides for protection for private blocking and
screening of offensive material. The section says that no provider or user of an
interactive computer service shall be considered as the publisher or speaker of any
information provided by any other information content provider.

The Hon’ble court ruled in Obsidian Finance Group, LIC v. Cox48 case that liability
for a defamatory blog post involving a matter of public concern cannot be imposed
without proof of fault and actual damages. Bloggers saying libellous things about
private citizens concerning public matters can only be sued if they are negligent. In
Firth v. State of New York case49, the plaintiff claimed that publication of an alleged
libel on the internet was continuous publication, which would extend the statute of
limitations. The court held that the statue would run from the date of material was first
posted not from the continuity. And the decision was also affirmed by the New York
Appellate Division Court.

In United Kingdom, Malicious Communication Act, 1988 regulates the electronic

communication with serious consequences through controlling technology if it is

47
“Court Summons Kejriwal, Azad in DDCA Defamation Case”, Sportz Wiki, Jan. 30, 2017,
available at: http://sportzwiki.com/cricket/court-summons-kejriwal-azad-ddca-defamation-case/
(visited on April 10, 2017).
48
(2011) CV- 11- 57- HZ.
49
(2000) N.Y. Court of Claims.

225
abused or used to intimidate, threaten or harass other people. It also deals with online
abuse but now this Act considered as outdated and needs to be reformed. In United
Kingdom, the Defamation Act, 1996 was intended to clarify the defence of innocent
dissemination for internet service providers. Section 1 (1) and 1(3) of the Defamation
Act, 1996 states that whoever is not the editor, publisher or author of the material may
have a defence to a defamation action. The provider in the United Kingdom must
show that it had no reason to suspect that it was publishing defamatory material after
taking all reasonable care. The liability against overseas publishers is still exists. The
Defamation Act, 2013 enhancing the scope existing defence for website operator,
public interest and privileged publications. This Act governs the processes which the
website operator must follow when informed about alleged defamatory comments on
their site to avoid of becoming liable for that material themselves. Under this Act, a
statement can be said to be defamatory if its publication caused or is likely to cause
serious harms to individuals or business reputation. Under the current legal measures,
any person who threaten and offend others on social media shall be liable to a
maximum sentence of prison of six month and a fine of 5,000 pounds or both.

In Bunt v. Tilley and Others50 case, the claimant filed a suit for libel against the
defendants for posting the defamatory statements on websites. But the defendants
pleaded for the dismissal of the claims on the summary basis. In this case, the issue
was raised before the court that whether an internet service provider could be liable in
respect of the material which was simply communicated via the services they
provided. In this case the court held that an internet service provider could not be
deemed to be a publisher at common law because they performed no more than a
passive role in facilitating postings on the internet.

7.2.8 Phishing

In India, the term ‘Phishing’ is not used anywhere in this section as given under IT
Act, 2000 before or after amended by the amendment Act, 2008. But now it is a
punishable offence under section 66, 66A, 66C, 66 D of IT Act, 2000 and under
Indian Penal Code. Section 66 A of Information Technology Act provides punishment
for sending offensive messages through communication service etc. Section 66 C of
Information Technology Act, 2000 which is inserted by Amendment Act, 2008
50
(2006) 3 All ER 336.

226
provides punishment for Identity Theft if any person whoever fraudulently or
dishonestly make use of the electronic signature, password or any other unique
identification features of any other person. Section 66 D is applied to any case of
cheating by personation which is committed by using a computer resource or a
communication device which can be used for phishing but not directly.

In United States of America, on January 26, 2004 the United States Federal Trade
Commission filed the first lawsuit against a suspected phisher. The defendant, a
Californian teenager, allegedly created a webpage designed to look like the America
Online website, and used it to steal credit card information.51 After this, Senator
Patrick Leahy introduced the Anti-Phishing Act in Congress on March, 2005 which
would punish and fined those cyber criminals who created the fake websites and sent
bogus e-mails with the purpose of defrauding consumers. But it did not pass. In Jan.
2007, Jeffrey Brett Goodin of California was become the first convicted cyber
criminal by a jury under the CAN- SPAM Act, 2003 for sending thousands of e-mails
to America Online users which prompted customers to submit personal credit card
information. In United States of America, the CAN- SPAM Act, 2003 is the direct
response of the growing number of complaint over spam e-mails and is also the first
United States of America cyber law which establishes national standards for sending
of commercial e-mail. It controlled the assault of non-solicited pornography and
market. A person or a business engaging in commercial emails can be fined upto $
11000 for each and every violation of the Act.

In United Kingdom, a new Anti Fraud Act has been passed in 2006 for England,
Wales and Northern Ireland which is known as The Fraud Act, 2006. It came into
effect on Jan. 15, 2007. This Act banned the using of phishing kits for sending and
creating bogus e-mails by millions. Before this, there was no proper law which deals
with phishing. This Act punishes fraud by false representation, fraud by failing to
disclose information and fraud by abusing position. It provides that a person found
guilty of fraud was liable to fine or imprisonment upto twelve months on summary
conviction or fine or imprisonment upto ten years on summary indictment.

51
Jeordan Legon, “Phishing scams reel in your identity”, CNN News, (Jan. 26, 2004), available at:
http://edition.cnn.com/2003/TECH/internet/07/21/phishing.scam/index.html?iref=newssearch
(visited on March 6, 2017).

227
7.2.9 Cyber Fraud

In India, the term ‘Fraud’ is neither defined in the Indian Penal Code, 1860 nor in the
IT Act. Section 66 D is inserted by the Amendment Act, 2008 for providing
punishment for cheating by personation by using computer resource which is also
used for cyber fraud but not directly. According to this section if any person who by
means of any communication device or computer resource cheats by personation,
shall be punished with imprisonment of either description for a term which may
extend to three years and shall also be liable to fine which may extend to one lakh
rupees.52 This offence is bailable, cognizable and triable by the court of Judicial
Magistrate of First Class.

The United States of America has enacted the Computer Fraud and Abuse Act, 1996
for prohibiting and punishing computer and internet fraud which was further amended
in the year 1994, 1996 and also amended by the Patriot Act, 2001 and in 2008 by the
Identity Theft Enforcement and Restitution Act. United States Criminal Code’s
provisions are also applicable on the cyber fraud and the violators can be prosecuted
under title 18 i.e. no. 1028 prohibits social security cards fraud and credit card frauds,
no. 1029 prohibits identity fraud including telemarketing fraud, no. 1341 prohibits
mail fraud, no. 1343 prohibits wire fraud etc. The Federal Statute title 18 U.S. Code s.
1030 also prohibits fraud and other related activities in connections with computers.

In United State v. Pirello53 case, the defendant Pirello placed four advertisements on
internet classified-ads websites for soliciting the buyers for computers with the
purpose of fraudulently selling it online. By doing this, he received three orders and
then he deposited the entire money received from the orders in his personal bank
account but he did not delivered computers to the buyers. The court determined the
issue that whether USSG 2F1.1 (b) (3), which instructs courts to enhance a sentence
by two levels if the offense was committed through “mass-marketing,” applied to
Pirello’s fraudulent internet advertisements. The court held that the use of the internet
website to solicit orders for non-existent computers violated the USSG and affirmed
the lower court’s enhancement of Pirello’s sentence.

52
Section 66 D (Inserted Vide Information Technology (Amendment) Act, 2008).
53
(2001) 255 F. 3d 728.

228
In United Kingdom, section 15 of the Theft Act, 1968 could not be successfully
applied to internet fraud. Then United Kingdom has passed the Computer Misuse Act,
1990 which provides that a person is guilty of an offence under section 1 if he
intentionally causes a computer to perform any function to secure access to any
computer; he intends to secure unauthorized access; and he knowingly causes the
computer to perform the function for these two above mentioned purposes. With
related to this, section 17 also provides that the access is considered as unauthorized
only if a person is not entitled to control access of the kind in question to the
programme or data and secondly, he does not have consent to access by him of the
kind in question to the programme or data from any person who is so entitled.

In R v. Thompson54 case, the accused, a computer programmer employed by a bank in

Kuwait made two plans to defraud the bank by devising a programme which
instructed the computer to transfer sums from these accounts to his newly opened
account. After transferring the amount, then he returned from Kuwait to England for
the purpose of minimizing the risks of detection and opened a number of accounts
with English banks and wrote request letter to the bank manager in Kuwait to arrange
to transfer his balance from Kuwait accounts English Bank accounts. Then he was
arrested by police on the charge of computer fraud by deception and the court made
him liable and was convicted for his act on cyber space.

7.2.10 Breach of Online Privacy

In India, Section 66 E is inserted in IT Act, 2000 after amendment in 2008 for

providing punishment for violation of privacy. This section applies to the violation of
the bodily privacy of any person by three stages i.e. capture, publication and
transmission. This section criminalizes any of these stages that are done without the
consent of the victim. Capturing include to capture an image by any means such as
videotaping, filming or recording by using any kind of technology like video
recorders, cameras, CCTVs, webcam in a PC or any other forms of electronic
surveillance like spy cameras or any kind of hidden cameras, smart phones etc.
Publication includes the creation of copies both in print i.e. magazines, books,
newspapers and in an electronic form i.e. on the websites or CDs. Transmission
means to deliberate or intentional electronic transfer of the image via emails, internet,
54
(1984) 1 WLR 962.

229
messaging, Bluetooth etc. with the purpose that it can be viewed instantly by other
persons. The offence is complete immediately on the sending of the mail. It is
irrelevant that whether the person to whom the mail is sent read the mail or not.

In United States of America, the Electronic Communication Privacy Act, 1986

(ECPA) a criminal wiretap statute which uses the word “anyone” who commits the
breach and on whom the liability can be fixed under section 2511 (1) (a). On the basis
of the recommendation of the Federal Trade Corporation, the Online Privacy
Protection Act, 2000 has been passed for providing protection to individual privacy.
In United Kingdom the CDA envisages the eight principles formulated by the
Organization for Economic Co-operation and Development for the protection of
personal data.

7.3. Jurisdictional Comparative Approach

In cyber world every state should have its national law having extraterritorial
jurisdiction to cover extraterritorial character of cyberspace activity as there is no
international instrument relating to cyber jurisdiction. Covering this aspect among
others, the UN commission on International Trade Law adopted a model law on E-
Commerce in 1996 which was adopted by the General Assembly by its Resolution.
The General assembly recommended that all states should give favourable
consideration to the said model law on commerce. India being the signatory to said
model law enacted The Information Technology Act, 2000 to make law in tune with
the said model law.55 Another attempt has been made to make the comparative study
on the current status of the legislations on jurisdiction issue at national level as well as
international level. The comparative study is mentioned as under:

In India, jurisdiction under the IT Act is prescribed under sections 1 (2) and 75, which
are to be read along with the relevant provisions under the IPC. Section 1(2) of the IT
Act, 2000 provides for the jurisdiction of Indian courts in cyber crimes only. It does
not talk about civil jurisdiction.56 IT Act is silent on the point of the State of Jammu
Kashmir, which means that the IT Act extends over the State of Jammu Kashmir. This
section provides the extra-territorial jurisdiction over offence or contraventions
committed outside India.

55
Supra note 24, p. 346.
56
D. Latha, Jurisdiction Issues in Cyber Crimes”, The Weekly Law Journal, vol. 4, 2008, p. 88.

230
According to Section 4 of the Indian Penal Code, 1860, the law is assuming
jurisdiction over violators of The Information Technology Act, 2000 outside the
territorial boundaries of India. This provision is explained perhaps by the unique
nature of cyberspace, which knows no boundaries. The Information Technology Act,
2000 specifically provides that unless otherwise provided in the Act, the Act also
applies to any offence or contravention there under committed outside India by any
person irrespective of his nationality.57 It is however clarified under Section 75 that
the Act shall apply to an offence or contravention committed outside India by any
person if the act or conduct constituting the offence or contravention, involves a
computer, computer system or computer network, located in India. It is also clear that
section 75 of the IT Act is restricted only to those offences or contraventions provided
therein and not to other offences under other laws such as the Indian Penal Code,
1860 etc.

In United States of America, a number of traditional principles relating to jurisdiction

are being interpreted in the light of borderless world of cyberspace, jurisdictional
problems remain a thorny issue and many lega experts are of opinion that mere
availability of a website is not enough to establish minimum contact to entrench the
cyber criminal.58 In rem, jurisdiction might apply to the assertion of claims for
jurisdiction based on e-mail storage box or stored file that is located on a computer
server in the forum jurisdiction.59 The rule of lex loci delicti, or the place in which the
injury occurred is the place of trying the case was followed in torts matters. But now
both in civil and criminal matters, the emerged boundaries of the internet have
exposed the cyber criminal under universal jurisdiction.

In United Kingdom, often the question of jurisdiction renders the court helpless due to
difference in various law provisions which are applicable to the defendant. In criminal
matters, the defendant is subject to a particular law only if he commits the criminal act
in the jurisdiction concerned. In the internet scenario, the situation is a complex one as
one criminal act may not clearly fall under a single jurisdiction.60 However, in the
event that the offence takes place outside of the United Kingdom, it shall still have

57
Section 1(2) of IT Act, 2000.
58
Supra note 9, p. 457.
59
Shaffer v. Heitner, (1997) 433 US 186: 53 L Ed 2d 683.
60
Supra note 9, p. 346

231
jurisdiction to try the perpetrator of the crime under the Computer Misuse Act, 1990.
The relevant provision are section 4 and 5 which states that it is not necessary for the
cyber crime to be committed within the territory of United Kingdom so long as the
offence is significantly linked to the United Kingdom. Thus, even the act committed
is not a crime in the place of commission but it is a crime in United Kingdom and it is
established that the offence is significantly linked to it, the Computer Misuse Act,
1990 may be applied for the purpose of prosecution.61

The Computer Misuse Act, 1990 is the relevant law that establishes jurisdiction on the
United Kingdom for the violation of cybercrime. The crimes covered by the law are
various acts of computer misuse which are defined under sections 1 to 3 which
includes unauthorized access with intent to commit or facilitate of further offence and
unauthorized modification of computer material. This Act was further amended by the
Police and Justice Act, 2006 which enhances the punishment under the Act for
committing the cybercrime.

7.4. Judicial Comparative Approach

Another attempt has been made to compare the role of judiciary in tackling the
emerging cyber crimes after having the related laws on cyber crime. The judiciary of
India, United States of America and United Kingdom are playing the important role of
dealing with such type of crime. Indian judiciary has followed the cyber authority of
cases of United States of America and United Kingdom for dealing with cyber crimes
in India because there is very less judicial response. The comparative study has been
discussed as under:

7.4.1 Judicial Response in India

Indian judiciary is playing a important role in dealing with cyber crimes although
there is less ligation. India enacted the Information Technology Act and became part
of a select group of countries to have put in place cyber laws. Because the Information
Technology Act, 2000 is primarily meant to be a legislation to promote e-commerce.
In Yahoo! Inc. v. Akash Arora and another62 case, the issue of domain name is

61
Adel Azzam Saqf Al Hait, “Jurisdiction in Cybercrimes: A Comparative Study”, Journal of Law,
Policy and Globalization, vol. 22, at 80 (2014), available at: http://www.iiste.org/Journals/
index.php/JLPG/article/viewFile/11050/11351 (visited on Nov. 30, 2016)
62
(1999) 19 PTC 210 Del.

232
entitled to equal protection as trademark which is considered as the first case where an
Indian Court delivered its judgment relating to domain names. In Rediff
Communications ltd. V. Cyberbooth63 case, the Yahoo judgment was once again
reiterated. Vishakha v. State of Rajasthan64 is the leading case law on harassment at
workplace in India. Before this case, there was no law referring to harassment at
workplace in India. However, the case of State of Tamil Nadu v. Suhas Katti65,
deserves a special mention. Further Shreya Singhal v. Union of India66 is the case in
the light of a series of arrests made under section 66A of the Information Technology
Act, 2000, this writ petition was filed in public interest under Article 32 of the
Constitution of India, Seeking to strike down Section 66A as unconstitutional.
Additionally, in S Khushboo v. Kanniammal67 and Common Cause v. Union of
India68, Supreme Court has said that in cases involving Freedom of Speech and
Expression, the proper course for Magistrates is to use their statutory powers to direct
an investigation into the allegations before taking cognizance of the offence alleged.

7.4.2 Judicial Response in United States of America

As compare to India, there have been a number of statutory provisions in the United
States Code to regulate the use of computers and computer technology for the purpose
of preventing and controlling cyber crimes. The United States Department of Justice
advises punishment of computer crime offenders by federal court judges in the same
manner as is advisement for all other federal crimes under the United States
Sentencing Guidelines (USSG).69 United States v. Morris70 case is one of the
landmark cases in the United States which deals with cyber fraud. In United State v.
Pirello71 case, the Ninth Circuit ruled on the application of the US Sentencing
Commission Guidelines (USSG) about a defendant fraudulently selling computers

63
AIR 2000 Bom 27.
64
(1997) 6 SCC 241.
65
(2004) Cr. Comp 4680, Egmore, available at: http://lawnn.com/tamil-nadu-vs-suhas-kutti/ (visited
on April 5, 2017).
66
AIR 2015 SC 1523: (2005) 5 SCC.
67
(2010) 4 SCALE 467.
68
(2013) W.P. Crl. No. 21.
69
Catherine D. Marcum, Goerge E. Higgins, et.al., “Doing Time for Cyber Crime: An Examination of
the Correlates of Sentence Length in the United States”, International Journal of Cyber
Criminology, vol.5, No.2, July.- Dec, 2011, p. 827, available at: http://www.cybercrimejournal.
com/marcumetal2011julyijcc.pdf (visited on April 30, 2015).
70
(1991) 504 F 2d.
71
(2001) 255 F. 3d 728 (9th Cir).

233
online. In United States v. Ivanov72 case, the Computer Fraud and Abuse Act was
discussed regarding its extraterritorial applicability. In this case the accused was
charged for illegally accessing the computer systems of a web hosting service under
the Computer Fraud and Abuse Act. He contended that he was in Russia at the time of
commission of offence that’s why he cannot be prosecuted under the above mentioned
Act. But the court rejected his contention and held that he can be prosecuted under the
interstate and foreign commerce of the Act. The Act applied not only within the
boundaries of America but also beyond it. In People v. Cochran73 case, the accused
allegedly posted pornographic material on several Internet newsgroup sites by
indicating also that he was intending to trade in the material. The Hon’ble Supreme
Court of California found him guilty and convicted for posting pornographic material
for commercial purpose.

In State v. Maxwell74 case, the defendant was charged for act of bringing child
pornography into the State where both the defendant and the victim were the residents
of the State of Ohio while the service provider’s servers were located in Virginia.
According to the Ohio statute knowledge on the part of the defendant was required,
although the defendant was seemed to be ignorant of the fact the disputed
transmission crossed the State lines yet. The Hon’ble Supreme Court of Ohio upheld
the conviction by applying the strict liability standard concerning transmission. In
United States v. William Sutcliffe75 case, the defendant was sentenced for making
interstate threats to cause injury, killing and posting thousands of social security
numbers on websites. The United States District Judge imposed restrictions that after
his release he cannot access computer and must not communicate with victims and
witnesses.

7.4.3 Judicial Response in United Kingdom

But, in the United Kingdom, the advent of the computer and internet has given rise to
the cyber crimes. The first recorded cyber crime was in 1960s and the case of R v.
Gold76is the first cybercrime matter heard in the UK court. After R. v. Gold77 case,

72
(2001) 175 F Supp 2d 367 (D. Conn).
73
(2002) 28 Cal 4th 396: 48 P 3d 1148.
74
(2002) 95 Ohio St 3d 254 : 767 NE 2d 242.
75
US Department of Justice (2007).
76
(1988) 1 AC 1063.

234
the UK enacted the specific law on Computer Misuse for the purpose of controlling
and preventing the commission of cyber terrorism on the recommendations and
suggestions of Law Commission. In R. v. Crop78 case, the court held that the
Computer Misuse Act, 1990 will be applicable only when one computer is used to
access another computer. R. v. Fellows79 case is the first of cyber pornography in the
UK. In R. v. Bowden80 case, the court held that downloading and printing images from
the internet fell within the concept of ‘making’ and held liable under the Act. Similar
issue came up before the court in R v. Westgarth and Jayson81 case. In the United
Kingdom, the Courts have gone far in extending the existing trademark law to the
cases of cyber-squatting.

The Hon’ble court has ruled in R v. Patel82 case that it is not just the number of
incidents which make up a course of conduct but whether those incidents could be
said to be so connected in type and context as to justify the conclusion that they could
amount to a course of conduct. The incident could be accepted by the court if it
amounting to a course of conduct as laid down by the court in Pratt v. DPP83 case. In
R v. Curtis84 case, the Hon’ble Court held that it is necessary to prove that the conduct
is unacceptable to a degree which would sustain criminal liability, and also it must be
oppressive in nature. The court earlier held in the case of C v. CPS85 that it is
important to note that matters to constitute the course of conduct amounting to
harassment must be properly particularized in the information laid or in the
indictment.

In India, the basic law for the cyberspace transactions has emerged in the form of the
Information Technology Act, 2000 which was further amended in the year 2008. The
Information Technology Act amends some of the provisions of our existing laws i.e.
Indian Penal Code, 1860; the Indian Evidence Act, 1872; the Bankers Book Evidence

77
(1988) 1 AC 1060: (1987) 3 WLR 803.
78
R. v. Crop, (1992) 3 WLR 432.
79
(1997) 2 All ER 548 (CA).
80
(2000) 1 Cri App R 438, 444.
81
(2002) EWCA Cri 683.
82
(2005) 1 Cr. App. 27.
83
(2001) EWHC 483.
84
(2010) EWCA 123.
85
(2008) EWHC 148.

235
Act, 1891 and the Reserve Bank of India Act, 1934.86 But the problem is still as it was
though since 2000 the Information Technology Act is working in India for combating
cyber crimes. The reality is that the working of this statute is more on papers than on
execution because the police officers, lawyers, prosecutors and Judges feel
handicapped in understanding its highly technical terminology.

In India, there has been found the number of cases of cyber crimes like cyber
defamation, cyber stalking and cyber harassment etc. but there is no specific
definition under the Information Technology Act, 2000. It is found that a number of
these types of crimes are either not registered or are registered under the existing
provisions of Indian Penal Code, 1860 which are ineffective and do not cover the said
cyber crimes. The Information Technology Act, 2000 has undergone with some
amendments one of them is the recognition of electronic documents as evidence in a
court of law. Some market players believe that this will provide an encouragement to
electronic fund transfers and also help in promoting electronic commerce in the
country. But the result is not similar as it is. The cyber crime cells are doing training
programmes for its forces and plans to organize special courses for corporate to
combat cyber crime and use the Information Technology Act effectively.

Comparatively, there is no single text available which provides a coherent and

consistent exposition on the various categories of cyber crimes, their nature, scope,
features and essential ingredients. It is fascinating to study cyber offences like cyber
hacking, cyber fraud, cyber pornography, cyber terrorism, cyber stalking, cyber
ragging etc. and also the United States of America, United Kingdom and Indian
approaches towards these offences.87 Different countries have the different cyber laws
dealing with cyber hacking. United States of America prescribed the punishment for
hacking, United Kingdom prescribed the punishment for hacking under the name
“unauthorised access” while India replaced it under the computer related crimes or a
criminal offence only if it satisfy the prerequisites condition of dishonestly or
fraudulently. It is interesting to note that United Kingdom and United States of

86
Samiksha Godara, “Prevention and Control of Cyber Crimes in India: Problems, Issues and
Strategies”, A Thesis submitted to Maharishi Dayanand University, April 1, 2013, p. 2, available
at: http://shodhganga.inflibnet.ac.in/bitstream/10603/7829/12/12_chapter%203.pdf (visited on May
20, 2016).
87
“Cyber ragging Ki Line Kategi”, Navbharat Times, July 10, 2008, p. 7.

236
America specifically legislate to deal with cyber offence of hacking or unauthorised
access by avoiding the definite definition of it.

In the United States of America, the Computer Fraud and Misuse Act, 1986 as
amended twice in 1994 and 1996 and the Patriot Act, 2001 are very significant to
prevent and control cyber fraud. In the United Kingdom the Computer Misuse Act,
1990 and the Data Protection Act, 1984 provides world standard for data protection,
security system and to prevent and control cyber fraud. In India, there is a need to
follow the same standard.88 The computer related fraud or cyber fraud has become one
of the most pervasive form of white collar crime in United State, Canada, United
Kingdom., Europe, Australia, Singapore, India etc. The losses due to misuse of
computer or cyber or information technology or digitised technology have resulted in
to billions of dollars. With the development of global communications networks,
computer fraud as with other forms of computer related crime in increasingly adopting
global dimension.89

The United Kingdom Cyber Laws, however, is criticized for not including the
definition of computer but the Law Commission of United Kingdom found general
support for the view that to attempt such a definition would be so complex in an
endeavour to be all embracing, that they are likely to produce extensive argument.
However, the Indian law on the subject gives the definition of “computer” in its
general clauses definition in section 2(l) of the IT Act, 2000.90 All these three
countries i.e. United States of America, United Kingdom and India does not define the
term “cybercrimes” yet.

It can also be said that there is no uniformity around the world in treating the cyber
defamation cases. The major commonwealth countries are following the different
practice relating to cyber defamation cases. In United States of America, a cyber
defamation case is very difficult to prove because of the rigid nature of first
amendment in Constitution law. In United Kingdom, the defendant publisher has to
establish his innocence whereas in India, the specific cyber defamation law is yet to

88
Supra note 1, p. 131.
89
Supra note 14, p. 202.
90
Syed Mohd Uzair, “Cyber crime and cyber terrorism in India”, A Thesis submitted to Aligarh
Muslim University, 2013, pp. 126-127, available at: http://shodhganga.inflibnet.ac .in/bitstream/
10603/63591/9/09_chapter%202.pdf (visited on Feb. 13. 2017).

237
develop because under IT Act, 2008 a hope in this regard to tackle the defamatory
activities.

Further complicating cyber crime enforcement is the area of legal jurisdiction. Like
pollution control legislations, one country cannot by itself effectively enact laws that
comprehensively address the problem of internet crimes without cooperation from
other nations. While the major international organizations, like the OECD
(Organization for Economic and Cooperation and Development) and the G-8, are
seriously discussing cooperative schemes, but many countries do not share the
urgency to combat cyber crimes for many reasons, including different values
concerning piracy or espionage or the need to address more pressing social problems.
These countries, inadvertently or not, present the cyber criminal with a safe haven to
operate.91 The issue of jurisdiction in cyberspace is still a global issue which cannot
be settled spontaneously without continuous efforts.

When hackers store information in others computer or in any webpage for example, in
own e-mail address with false identity etc, the law is not clear in such a situation and
needs to be clarified and settled. Hacker’s culture, modes of hacking are almost
synonymous worldwide whether in Russia, United States of America, United
Kingdom, Canada, Australia, and India or anywhere in the globe.92 There is a need to
clarify again the jurisdiction point in the cyberspace.

There are a large number of cyber laws passed and amended in India as well as in
United States of America and United Kingdom. But instead of these laws the cyber
crimes are increasing day by day. For example, a total of 8, 045 cases were registered
under Information Technology Act during the year 2015 as compared to 7, 201 cases
during the previous year 2014 and 4,356 cases during 2013, showing an increase of
11.7% in 2015 over 2014 and an increase of 65.3% in 2014 over 2013.93 As compare
to India, in USA for the year 2015, Cost of Data Breach Study by IBM and the Pone
mom Institute revealed that the average total cost of a data breach increased from $
3.52 million in 2014 t0 $ 3.79 million.

91
Loknath Behera, “Investigating External Network Attacks”, The Indian Police Journal, Jan.- March,
2004, p. 27.
92
Supra note 1, p. 97.
93
National Crime Records Bureau, Ministry of Home Affairs, cyber Crimes in India, 2015, pp. 163-
164 , available at: http://ncrb.nic.in/StatPublications/CII/CII2015/FILES/Compendium-15.11.16.pdf
(visited on Nov. 11, 2016) .

238
Another study said that cyber crime will become a $ 2.1 trillion problem by 2019.94
The National Crime Agency (NCA) released a report on July 7, 2016 by highlighting
the need for stronger law enforcement and business partnership to fight cyber crime.
According to the NCA cyber crime emerged as the largest proportion of total crime in
the U.K. with “cyber enabled fraud” making up 36 % of all crime reported and
computer misuse accounting for 17%.95 The Office of National Statistics (ONS)
estimated that there were 2.46 million cyber incidents and 2.11 million victims of
cyber crime in the UK in 2015 and only 16, 349 cyber dependent and approximately
700, 000 cyber enabled incidents reported to Action Fraud over the same period.96

94
Limor Kissem, “2016 Cyber Crime Reloaded: Our Prediction for the Year Ahead”, (Last Modified
on Jan. 15, 2016), available at: https://securityintelligence.com/2016-cybercrime-reloaded-our-
predictions-for-the-year-ahead/ (visited on Dec. 2, 2016).
95
National Crime Agency (UK), Cyber Crime Assessment, 2016, available at: www.national
crimeagency.gov.uk/publications/709-cyber-crime-assessment-2016/file (visited on Nov. 11, 2016).
96
The Office of National Statistics(UK), Cyber Crime Assessment, at 5-6 (2015), available at:
www.nationalcrimeagency.gov.uk/publications/709-cyber-crime-assessment-2016/file (visited on
Nov. 11, 2016).

239