🖥️

Cyber Law - Compiled Notes

Module - 1 : Introduction to Cyberspace
📘 CYBER LAW: NEED AND SCOPE
📘 GROWING CONCERNS RELATING TO CYBERSPACE AND CYBER
TECHNOLOGY

📘 IMPORTANT DEFINITIONS UNDER THE INFORMATION TECHNOLOGY ACT,

2000

📘 THEORIES OF JURISDICTION IN CYBERSPACE

📘 CYBER LAW: NEED AND SCOPE
(As per IT Act, 2000 – Updated + Previous Year Questions + Reference Materials)

🔷 I. INTRODUCTION
Cyber Law, also called Internet Law or Information Technology Law, governs
legal issues related to cyberspace, the internet, electronic communication,
and digital data.

In India, the core legislation is the Information Technology Act, 2000 (IT Act,
2000).

It was enacted to provide legal recognition to electronic transactions,

prevent cybercrimes, and establish mechanisms for investigation and
adjudication.

🔷 II. NEED FOR CYBER LAW

(Frequent focus in PYQs: 2015, 2017, 2023)

Cyber Law - Compiled Notes 1

 Cyber law is needed due to the legal vacuum created by the fast-paced growth of
digital technologies and the internet.

1. Legal Recognition of Electronic Transactions

Traditional laws required paper-based documentation.

IT Act, 2000 ensures validity of electronic records and digital signatures.

✅ Section 4: Legal recognition of electronic records.

✅ Section 5: Legal recognition of electronic signatures.
2. Control Over Cyber Crimes
Rise in cyberstalking, identity theft, phishing, hacking, etc.

Cyber law provides for prosecution, investigation, and penalties.

✅ Sections 65–74: Define and punish cyber offences.

3. Need for Jurisdictional Clarity
Internet is borderless, leading to conflicts in jurisdiction.

Legal doctrines like “sliding scale theory” (Zippo test) and LICRA v.
Yahoo case are relevant.

4. Protection of Privacy and Data

With increasing data leaks (e.g., Aadhaar leaks), regulation is vital.

✅ Section 43A: Compensation for failure to protect data.

✅ Section 72 & 72A: Penal provisions for breach of confidentiality.
5. E-Governance and Paperless Economy
Encourages use of electronic filing, communication, and governance.

✅ Section 6: Use of e-records in government.

✅ Section 10A: Validity of e-contracts.
6. Regulation of Intermediaries and Platforms

Cyber Law - Compiled Notes 2

 Need to hold social media, ISPs, payment platforms accountable.

✅ Section 79: Exemption with due diligence obligations.

Key Case: Shreya Singhal v. Union of India, AIR 2015 SC 1523 (Intermediary
guidelines and Section 66A struck down).

7. Cyber Security & National Security

Prevention of cyber terrorism and critical infrastructure breaches.

✅ Section 66F: Cyber terrorism – punishable with life imprisonment.

8. Emergence of Digital Economy
With e-banking, crypto, NFTs, and e-commerce – regulation is essential for:

Digital evidence admissibility

Contract enforcement

Consumer protection

9. International Compliance
Harmonizes Indian law with UNCITRAL Model Law on E-Commerce (1996).

Complies with international best practices on e-signatures and data

regulation.

🔷 III. SCOPE OF CYBER LAW

(Frequently asked in concept or short note form)

Cyber Law in India covers multiple verticals:

1. Electronic Governance
Section 6–8, IT Act

Promotes use of electronic records in official transactions, licensing,

payments.

2. Recognition of Digital/Electronic Signatures

Cyber Law - Compiled Notes 3

 ✅ Sections 3 & 3A: Digital and Electronic Signatures
Ensures secure authentication of online documents.

3. Cybercrimes and Offences

Chapter XI (Sections 65–74) includes:

Hacking, virus attacks, identity theft, pornography

Obscenity (Sections 66E, 67, 67A, 67B)

4. Intermediary Liability
✅ Section 79: Intermediary safe harbor – conditional protection.
2011 Rules & 2021 Guidelines specify due diligence.

5. Data Protection and Privacy

Section 43A – Compensation for negligence in data protection.

Section 72A – Disclosure of personal info under contract = offence.

6. Adjudication and Compensation

✅ Sections 43–47 – Civil remedies for data breaches and cyber damage.
✅ Section 46 – Appointment of Adjudicating Officer.
7. Cyber Appellate Authority
✅ Section 48 (now merged with TDSAT) – Appeals against decisions.
8. Investigation and Confiscation
✅ Section 78 – Authorizes police officers to investigate cyber offences.
✅ Section 76 – Power of confiscation.
9. International Jurisdiction
✅ Section 75: Applies to offences committed outside India if it affects any
Indian computer system.

Cyber Law - Compiled Notes 4

 10. Encryption and Surveillance
✅ Sections 69, 69A, 69B: Interception, blocking, and traffic monitoring.
🔷 IV. RELEVANT CASE LAWS
Case Name Legal Principle

Struck down Section 66A – violation of Art.

Shreya Singhal v. UOI, AIR 2015 SC 1523
19(1)(a)

K.S. Puttaswamy v. UOI, (2017) 10 SCC 1 Declared right to privacy as fundamental right

Satyam Infoway Ltd. v. Sifynet, AIR 2004

Domain names enjoy trademark protection
SC 3540

Avnish Bajaj v. State (Bazee.com case) Intermediary liability under Section 79

Cross-border content regulation; jurisdictional

LICRA v. Yahoo (France)
challenges

Zippo Mfg. Co. v. Zippo Dot Com, Inc.

Sliding scale test for internet jurisdiction
(US)

🔷 V. EXAM-TUNED QUICK RECALL

Keyword Section Purpose

Legal validity of e-documents S. 4 & 5 Recognizes e-records & e-signatures

Digital Contracts S. 10A Electronic contracts are enforceable

Cybercrime penalties S. 66–74 Criminal liability for IT offences

Intermediary liability S. 79 Safe harbour with due diligence

Privacy protection S. 43A, 72, 72A Data breaches & confidentiality

Cross-border operation S. 75 Jurisdiction beyond Indian territory

📘ANDGROWING CONCERNS RELATING TO CYBERSPACE

CYBER TECHNOLOGY

🔷 I. INTRODUCTION
Cyber Law - Compiled Notes 5
 Cyberspace refers to the virtual environment of computer networks where
communication and data exchange occur.

With the expansion of the internet, AI, big data, social media, IoT, and cloud
computing, cyberspace has become a powerful tool—but also a source of
significant legal, ethical, and security concerns.

These concerns demand regulation, policy-making, and legal redress

mechanisms under Cyber Law.

🔷 II. CORE CONCERNS IN CYBERSPACE & TECHNOLOGY

🔹 1. Cybercrime and Digital Offences
Rapid digitization has led to increased online crimes, including:

Hacking (Sec. 66)

Phishing

Cyberstalking

Cyber terrorism (Sec. 66F)

Online defamation and trolling

The anonymity and global reach of the internet enable criminals to evade
jurisdiction.

✅ Relevant Provisions:
Sections 65 to 74 – Various offences under Chapter XI, IT Act

Case Law: Avnish Bajaj v. State (Bazee.com case) – Intermediary liability

under Sec. 79

🔹 2. Privacy and Data Breaches

Rise in personal data collection has exposed users to misuse, leaks, and
surveillance.

Examples:

Cambridge Analytica scandal

Cyber Law - Compiled Notes 6

 Aadhaar data breach

Users are often unaware of how their data is collected and used.

✅ Legal Protection:
Section 43A – Compensation for failure to protect data

Section 72 & 72A – Breach of confidentiality & disclosure in contract

K.S. Puttaswamy v. UOI, (2017) 10 SCC 1 – Right to privacy is a fundamental

right

🔹 3. Jurisdictional Challenges in Cyberspace

Internet transcends borders, creating conflict of laws and forum shopping.

Difficulties in:

Tracing IPs and evidence

Applying national laws to foreign servers

Legal doctrines developed:

Sliding Scale Test (Zippo Test)

Effects Doctrine

✅ Relevant Provisions:
Section 75 – Offences committed outside India affecting Indian systems

Case Laws:

LICRA v. Yahoo! (French court asserting jurisdiction over U.S.-based

Yahoo)

Zippo Mfg. Co. v. Zippo Dot Com, Inc. (U.S. case on interactive websites)

🔹 4. Cyber Terrorism and National Security

Cyberattacks now target critical infrastructure (defense, banking,
healthcare).

Cyber Law - Compiled Notes 7

 Nation-states and organized groups use malware, ransomware, and
espionage.

✅ Section 66F, IT Act – Cyber terrorism

Punishment: Imprisonment up to life

🔹 5. Obscenity, Pornography, and Harassment

Digital platforms are misused for circulating:

Obscene content (Sec. 67, 67A, 67B)

Revenge porn and deepfakes

Cyberbullying and sexual harassment

Threatens the mental health, reputation, and dignity of victims.

✅ Sections Involved:
Section 66E – Violation of privacy (images, videos)

Section 67, 67A, 67B – Obscene, sexually explicit material and child
pornography

✅ Case Example:
Ritu Kohli Case – First Indian case of cyberstalking

🔹 6. Lack of Digital Literacy and Awareness

Many users are unaware of:

Safe online practices

Reporting mechanisms

Privacy settings and cyber hygiene

Increases vulnerability to scams, frauds, and manipulation.

🔹 7. Misuse of AI, Deepfakes, and Automation

AI-generated fake content (deepfakes) are used for:

Cyber Law - Compiled Notes 8

 Defamation

Political misinformation

Fraudulent evidence

No specific law to regulate AI manipulation in India yet.

🔹 8. Fake News and Misinformation

Social media and messaging apps allow unfiltered dissemination of fake
news.

Leads to:

Public unrest

Mob violence

Electoral manipulation

Absence of a robust fact-checking regulation framework.

🔹 9. Corporate Espionage and IP Theft

Threat to trade secrets, industrial data, and source codes through:

Malware

Insider attacks

Unsecured databases

✅ Section 66 – Computer-related offences

✅ Section 43 – Unauthorized access and data theft
🔷 III. ROLE OF LAW AND REGULATION
✅ Information Technology Act, 2000 (Updated)
Primary legislation for cyberspace regulation.

Covers civil and criminal offences, investigation, data protection,

intermediary regulation, etc.

Cyber Law - Compiled Notes 9

 ✅ Supplementary Regulatory Frameworks
IT Rules 2021 – Due diligence obligations for intermediaries.

CERT-In Guidelines 2022 – Mandatory reporting of incidents.

Digital Personal Data Protection Act, 2023 – New framework for personal
data regulation (pending full implementation).

🔷 IV. EXAM-READY POINTS

Concern Law Section/Provision

Hacking, phishing IT Act Sec. 66

Cyber terrorism IT Act Sec. 66F

Data breach IT Act Sec. 43A, 72

Obscenity IT Act Sec. 67, 67A, 67B

Privacy violation IT Act Sec. 66E

Jurisdiction IT Act Sec. 75

Intermediary role IT Act Sec. 79

📘INFORMATION
IMPORTANT DEFINITIONS UNDER THE
TECHNOLOGY ACT, 2000
(As per Chapter I – Section 2 of the Act)

🔷 I. INTRODUCTION
Section 2 of the Information Technology Act, 2000 defines critical terms that
lay the foundation for the application and interpretation of the Act.

These definitions are essential for understanding the scope, liability, and
enforcement of cyber law provisions.

🔷 II. KEY DEFINITIONS – SECTION 2, IT ACT, 2000

Term Definition Section

Cyber Law - Compiled Notes 10

 🔹 1. Access
Gaining entry into, instructing, or communicating with the logical, arithmetical,
or memory function of a computer.

Sec. 2(1)(a)

🔹 2. Computer
Any electronic or data processing device that performs logical, arithmetic,
memory functions.

Includes all input/output devices, storage devices, and communication

facilities.

Sec. 2(1)(i)

🔹 3. Computer System
Device or combination of devices including software, that performs logic,
arithmetic, storage, retrieval.

Sec. 2(1)(l)

🔹 4. Computer Network
Interconnection of computers or devices through satellite, microwave, wire, or
other communication media.

Sec. 2(1)(j)

🔹 5. Computer Resource
Includes computer, computer system, computer network, data, database, or
software.

Sec. 2(1)(k)

🔹 6. Communication Device

Cyber Law - Compiled Notes 11

 Cell phones, PDAs, or any device used to send, transmit, or receive text,
video, audio, or images.

Sec. 2(1)(ha)

🔹 7. Cyber Café
Any facility offering internet access to the public in the ordinary course of
business.

Sec. 2(1)(na)

🔹 8. Cyber Security
Protection of information and systems from unauthorized access, disclosure,
disruption, or destruction.

Sec. 2(1)(nb)

🔹 9. Digital Signature
Authentication of any electronic record by a subscriber using electronic
method per Section 3.

Sec. 2(1)(p)

🔹 10. Electronic Signature

Authentication technique specified in Second Schedule of the Act; includes
digital signature.

Sec. 2(1)(ta)

🔹 11. Electronic Record

Data, image, sound stored, sent, or received in electronic form or microfilm.

Sec. 2(1)(t)

🔹 12. Data
Cyber Law - Compiled Notes 12
 Representation of information prepared or processed in a formalized manner.

Includes printouts, storage media, punched cards, etc.

Sec. 2(1)(o)

🔹 13. Intermediary
Any person who receives, stores, or transmits data on behalf of another, e.g.,
ISPs, web-hosts, payment gateways.

Sec. 2(1)(w)

🔹 14. Subscriber
Person in whose name the Electronic Signature Certificate is issued.

Sec. 2(1)(zg)

🔹 15. Private Key / Public Key

Private Key: Used to create a digital signature.

Public Key: Used to verify that signature.

Sec. 2(1)(zc) and 2(1)(zd)

🔹 16. Computer Virus

Any computer instruction or program that adversely affects the performance
or functioning of a system.

Explanation (iii), Sec. 43

🔹 17. Computer Contaminant

Set of instructions designed to modify, destroy, or transmit data to impair a
system’s function.

Explanation (i), Sec. 43

🔷 III. EXAM-READY TABLE (Quick Revision)

Cyber Law - Compiled Notes 13
 Concept Section Exam Note

Access Sec. 2(1)(a) Entry or instruction into computer

Computer System Sec. 2(1)(l) Hardware + software + memory

Network Sec. 2(1)(j) Devices interconnected

Electronic Record Sec. 2(1)(t) Data in digital form

Digital vs. Electronic Signature Sec. 2(1)(p) & (ta) Electronic is broader

Intermediary Sec. 2(1)(w) ISPs, hosts, payment portals

Cyber Security Sec. 2(1)(nb) Unauthorized access prevention

Virus/Contaminant Sec. 43 Explanation Affects computer systems

🔷 IV. PYQ-ORIENTED POINTERS

✅ Short Notes Frequently Asked (PYQs 2023, 2022, 2019):
Define Electronic Signature vs. Digital Signature

Define Intermediary and its liabilities

Define Cyber Security and Communication Device

✅ Application-Based Questions:
Explain intermediary role in offences (Bazee.com case)

Case of deepfake or hacked email—explain with Section 2 definitions

📘 THEORIES OF JURISDICTION IN CYBERSPACE

🔷 I. INTRODUCTION
Jurisdiction refers to a court’s legal authority to hear and decide cases.

In cyberspace, where activities occur across borders, establishing territorial

jurisdiction becomes complex due to:

No physical boundaries

Cyber Law - Compiled Notes 14

 Anonymous actors

Global reach of digital content

Theories of jurisdiction in cyberspace attempt to resolve which court can hear

a dispute involving online actions.

🔷 II. TYPES OF JURISDICTION

Type Meaning

Subject-Matter Authority to hear cases of a specific type (e.g., cybercrime,

Jurisdiction IP)

Personal Jurisdiction Authority over the parties involved

Territorial Jurisdiction Authority based on geographic boundaries

🔷 III. KEY THEORIES OF JURISDICTION IN CYBERSPACE

🔹 1. Territoriality Theory
Jurisdiction is based on the physical location where the offence occurred.

Applied traditionally in criminal and civil cases.

Problem: In cyberspace, the offence may be initiated in one country and

impact another.

📍 Example: A hacker in Russia stealing data from an Indian server.

🔹 2. Effects Doctrine
Jurisdiction can be claimed by a country where the effects of the cyber act
are felt, regardless of where the act originated.

✅ Case Reference:
Calder v. Jones, 465 U.S. 783 (1984) – U.S. Supreme Court upheld jurisdiction
where effects of defamatory content were felt.

📍 Indian Context: If a defamatory blog hosted abroad harms someone in India,

Indian courts may claim jurisdiction.

Cyber Law - Compiled Notes 15

 🔹 3. Minimum Contacts Doctrine
Jurisdiction exists where the defendant has sufficient contacts with the forum
state so that legal action is foreseeable.

✅ Case Reference:
International Shoe Co. v. Washington, 326 U.S. 310 (1945) – Introduced
"minimum contacts" standard.

📍 Application in cyberspace: A website actively targeting Indian users can trigger

Indian jurisdiction.

🔹 4. Sliding Scale Theory (Zippo Test)

Jurisdiction is determined based on the interactivity level of the website.

✅ Case Reference:
Zippo Manufacturing Co. v. Zippo Dot Com, Inc., 952 F. Supp. 1119 (W.D. Pa.
1997)

Websites are categorized as:

Passive: Just information – No jurisdiction

Interactive: Exchange of information – Possible jurisdiction

Active: Conducting business – Jurisdiction likely

📍 PYQ-Focus: Asked in 2023, 2021 – “Explain the Sliding Scale theory with
relevant case laws.”

🔹 5. Purposeful Availment Doctrine

A person/entity who purposefully avails themselves of conducting activities
in a particular jurisdiction can be held liable there.

✅ Example: Running an e-commerce site that ships goods to India regularly.

🔹 6. Targeting Test
Jurisdiction is claimed if the defendant specifically targets users in a country.

Cyber Law - Compiled Notes 16

 Focuses on intent and direction of online activity.

📍 Used in cases of: Targeted advertisements, user base, transactions.

🔷 IV. INDIAN LEGAL POSITION ON CYBER JURISDICTION
✅ Section 75, IT Act, 2000
Extends applicability of the Act to:

“Any offence or contravention committed outside India by any

person, if the act involves a computer, computer system or
network located in India.”

✅ Section 3–4, IPC read with CrPC Section 179–180

Indian courts can take cognizance of offences committed partly in India and
partly abroad.

✅ Relevant Indian Case:

Sujata Films Exchange v. Rameshwar, AIR 1986 Del 382 – Location of harm is
a valid basis of jurisdiction.

🔷 V. EXAM-READY COMPARISON TABLE

Theory Core Idea Landmark Case

Territoriality Based on physical location Traditional concept

Based on place where harm

Effects Doctrine Calder v. Jones
occurs

Minimum Contacts Substantial interaction expected International Shoe Co.

Sliding Scale (Zippo Zippo Mfg. v. Zippo Dot

Passive vs Active websites
Test) Com

Targeting Test Intentional user targeting Emerging doctrine

Purposeful Availment Foreseeable legal consequence e-Commerce site scenario

🔷 VI. CHALLENGES IN APPLYING JURISDICTION ONLINE

Cyber Law - Compiled Notes 17
 Anonymity of actors (masking IP addresses)

Cloud hosting and foreign servers

Conflicting laws of different jurisdictions

Lack of harmonized international framework

Module - 2 : Recognition and

authentication of Electronic Records
📘 LEGAL RECOGNITION OF ELECTRONIC RECORDS UNDER THE IT ACT,
2000

📘 AUTHENTICATION BY USE OF ASYMMETRIC CRYPTOSYSTEM

📘 DIGITAL SIGNATURE AND ELECTRONIC SIGNATURE UNDER THE IT ACT,
2000

📘 PUBLIC KEY INFRASTRUCTURE (PKI)

📘 REGULATION OF CERTIFYING AUTHORITIES UNDER THE IT ACT, 2000
📘 VALIDITY OF DIGITAL CONTRACTS UNDER INDIAN LAW
📘UNDER
LEGAL RECOGNITION OF ELECTRONIC RECORDS
THE IT ACT, 2000
(As per Bare Act + Judicial Precedents + PYQ Trends)

🔷 I. INTRODUCTION
Traditionally, Indian laws recognized only paper-based, signed, and physical
documents.

The Information Technology Act, 2000 was enacted to legally validate

electronic records and digital communication to promote e-governance, e-
commerce, and digital transformation.

This recognition ensures that electronic documents have the same legal
validity as traditional paper-based documents.

Cyber Law - Compiled Notes 18

 🔷 II. DEFINITION OF ELECTRONIC RECORD
📖 Section 2(1)(t), IT Act, 2000:
"Electronic record" means data, record or data generated,
image or sound stored, received or sent in an electronic form
or microfilm or computer-generated microfiche.

🔷 III. LEGAL PROVISIONS UNDER THE IT ACT

✅ 1. Section 4: Legal Recognition of Electronic Records
Where any law requires information to be in writing,
typewritten, or printed form, such requirement is deemed
satisfied if it is:

(a) rendered or made available in an electronic form; and

(b) accessible so as to be usable for a subsequent reference.

🟩 Essence: Electronic documents are treated equivalent to physical documents

under Indian law.

✅ 2. Section 5: Legal Recognition of Electronic Signatures

Any requirement for a signature is deemed fulfilled if
authenticated via an electronic signature in the prescribed
manner.

Enables contractual documents and legal instruments to be authenticated

digitally.

✅Electronic
3. Section 10A: Validity of Contracts Formed Through
Means

Cyber Law - Compiled Notes 19

 A contract shall not be denied enforceability solely because it
is in electronic form.

🟩 Implication: Digital offers, acceptances, and agreements are legally

enforceable.

✅ 4. Section 6–8: Use in Government Functions

Recognizes filing, issue, or receipt of documents in electronic form in
interactions with government bodies.

✅ 5. Section 7: Retention of Electronic Records

If law requires retention of documents, this is satisfied if they
are:

Accessible for future reference

Preserved in original format

Contain origin, destination, time, and date

✅Act)6. Section 65B, Indian Evidence Act, 1872 (amended via IT

Lays down conditions for admissibility of electronic records in court
proceedings.

🟩 Case Law:
🔸 Anvar P.V. v. P.K. Basheer, (2014) 10 SCC 473
— SC clarified that Section 65B certificate is mandatory for electronic evidence.

🔷 IV. JUDICIAL PRONOUNCEMENTS

Case Name Key Holding

Cyber Law - Compiled Notes 20

 Section 65B certificate is mandatory for
Anvar P.V. v. P.K. Basheer, (2014)
e-evidence

Previously allowed secondary

State (NCT of Delhi) v. Navjot Sandhu, (2005)
evidence; overruled by Anvar

Twentieth Century Finance Corp. Ltd. v. State of Broader interpretation of "documents"

Maharashtra, AIR 2000 SC 2432 to include digital formats

🔷 V. SIGNIFICANCE
Promotes paperless economy

Facilitates e-commerce, e-governance, and online banking

Reduces costs, time, and effort in record maintenance

Strengthens digital India mission

🔷 VI. EXAM-READY POINTERS

Provision Content

Sec. 4 Legal validity of e-records

Sec. 5 E-signatures as substitute for handwritten ones

Sec. 6–8 Use of e-records in governance

Sec. 10A Enforceability of digital contracts

Sec. 7 Electronic record retention rules

Sec. 65B IEA Admissibility of e-evidence

📘CRYPTOSYSTEM
AUTHENTICATION BY USE OF ASYMMETRIC

(As per Section 3, Information Technology Act, 2000)

🔷 I. INTRODUCTION
Authentication is the process of verifying the identity of the sender of an
electronic record and ensuring that the content remains unaltered.

Cyber Law - Compiled Notes 21

 The IT Act, 2000 provides a statutory framework for authentication
through digital signatures, which are based on an asymmetric
cryptosystem and a hash function.

🔷 II. LEGAL BASIS UNDER THE IT ACT

✅ Section 3: Authentication of Electronic Records
Any subscriber may authenticate an electronic record by affixing their digital
signature using an asymmetric cryptosystem and a hash function.

🔷 III. DEFINITION: ASYMMETRIC CRYPTOSYSTEM

📖 Section 2(1)(f), IT Act:
Asymmetric cryptosystem means a system of a secure key pair
consisting of:

a private key used to create a digital signature, and

a public key used to verify the digital signature.

🔷 IV. TECHNICAL PROCESS – STEP-BY-STEP

1. Private Key Usage

The originator (sender) uses their private key to generate a digital

signature.

The private key is unique and must be securely stored by the subscriber.

2. Hash Function Application

The electronic record is passed through a hash function to generate a

fixed-length "hash result".

This ensures data integrity and tamper detection.

3. Digital Signature Creation

The hash result is encrypted using the sender’s private key, creating the
digital signature.

Cyber Law - Compiled Notes 22

 4. Verification

The recipient uses the sender's public key to decrypt the signature and
match it with the hash of the received message.

If the two hashes match, the message is authentic and unaltered.

🔷 V. ESSENTIAL FEATURES OF SECTION 3

Feature Description

Voluntary Authentication is optional under law unless mandated

Authenticated e-records hold same legal force as signed physical

Legal Validity
documents

Hash Function Creates a unique, fixed-size representation of original data

Key Pair The integrity of the digital signature depends on private-public key pair

Tamper-Proof Any change in the content leads to authentication failure

🔷 VI. EXPLANATION OF HASH FUNCTION

📌 As per Section 3(2), IT Act:
A hash function transforms the original record into a smaller string (hash
result) such that:

It is computationally infeasible to derive the original record from the hash.

No two electronic records produce the same hash result.

🔷 VII. JUDICIAL RECOGNITION

🧾 Anvar P.V. v. P.K. Basheer, (2014) 10 SCC 473
Supreme Court mandated the use of Section 65B certificates for admissibility
of electronic records authenticated by digital signatures.

🔷 VIII. SIGNIFICANCE OF ASYMMETRIC CRYPTOSYSTEM

Enables secure e-governance, online contracts, and banking

Cyber Law - Compiled Notes 23

 Supports confidentiality, integrity, non-repudiation

Widely used in:

Income Tax e-filing

GST portal

Aadhaar-based authentication

Corporate filings on MCA21 portal

🔷 IX. COMPARATIVE NOTE (EXAM-USEFUL)

Concept Public Key Private Key

Use Verification Signature Creation

Shared? Publicly available Confidential to subscriber

Purpose Authenticates message Creates message hash

Tampering Detectable Message becomes invalid

📘UNDER
DIGITAL SIGNATURE AND ELECTRONIC SIGNATURE
THE IT ACT, 2000
(As per Sections 3, 3A, and relevant definitions in Section 2)

🔷 I. INTRODUCTION
Authentication of electronic records is essential for their legal recognition.

The Information Technology Act, 2000 initially recognized only digital

signatures.

After the 2008 Amendment, the Act introduced a broader category –

electronic signatures, to encompass multiple technologies.

🔷 II. DEFINITIONS UNDER THE IT ACT

✅ Digital Signature – Section 2(1)(p)
Cyber Law - Compiled Notes 24
 Means authentication of an electronic record by a subscriber
by means of an electronic method or procedure in accordance
with Section 3.

✅ Electronic Signature – Section 2(1)(ta)

Means authentication of an electronic record by a subscriber
using the technique specified in the Second Schedule and
includes digital signature.

🔹 So, every digital signature is an electronic signature, but not vice versa.
🔷 III. PROVISIONS UNDER THE ACT
🔹 1. Section 3 – Digital Signature
Allows a subscriber to authenticate an electronic record
using asymmetric crypto system and hash function.

Uses a key pair:

Private Key – to sign

Public Key – to verify

🔹 2. Section 3A – Electronic Signature

Broader provision allowing authentication using any reliable
electronic technique (not limited to asymmetric encryption).

Requires that the method:

Is uniquely linked to the signatory

Is under the control of the signatory

Detects post-signature alterations

Cyber Law - Compiled Notes 25

 Complies with Central Government norms (as notified)

🔷 IV. KEY DIFFERENCES: DIGITAL VS ELECTRONIC SIGNATURE

Basis Digital Signature Electronic Signature

Section Section 3 Section 3A

Narrow – based on asymmetric Broad – includes all electronic

Definition
crypto system authentication methods

Hash function + Private/Public

Technology Any government-recognized method
key

DSC for MCA, GST, Aadhaar e- OTP-based Aadhaar eSign,

Example
sign (DSC-based) biometrics, retinal scan

Recognition Introduced in 2000 Introduced in 2008 (via Amendment)

More flexible & adaptive to emerging

Flexibility Limited to crypto system
technologies

🔷 V. GOVERNMENT RULES & INFRASTRUCTURE

Certifying Authorities (CAs) issue Digital Signature Certificates under:

Section 35, IT Act

Regulated by the Controller of Certifying Authorities (CCA)

Second Schedule of the IT Act:

Lists valid electronic authentication techniques.

Electronic Signatures Rules, 2015:

Recognizes e-authentication via Aadhaar e-KYC + OTP + Biometrics

🔷 VI. LEGAL VALIDITY & ADMISSIBILITY

Provision Explanation

Electronic signatures are legally recognized like

Section 5
handwritten ones

Cyber Law - Compiled Notes 26

 Section 65B, Indian Evidence Mandates certificate for admissibility of electronic
Act records

Anvar P.V. v. P.K. SC: Only e-records backed with 65B certificate are
Basheer (2014) admissible

🔷 VII. PRACTICAL APPLICATIONS

Digital Signature Electronic Signature

Income Tax Filing Aadhaar OTP signing

MCA21 Portal Online voter verification

DGFT Licensing E-signing employment contracts

GST Filing Banking e-KYC verification

🔷 VIII. EXAM-READY SUMMARY

Concept Key Section Use

Digital Signature Sec. 3 Cryptographic authentication

Electronic Signature Sec. 3A All recognized electronic methods

Validity Sec. 5 Same as handwritten signatures

Evidence Sec. 65B IEA Mandatory for admissibility

📘 PUBLIC KEY INFRASTRUCTURE (PKI)

🔷 I. INTRODUCTION
Public Key Infrastructure (PKI) is a system of digital security
mechanisms that uses cryptographic key pairs(public and private keys) for
secure authentication, confidentiality, and integrity of data in electronic
transactions.

It enables trusted communication over the internet by verifying the identity

of users and securing electronic records and digital signatures.

Cyber Law - Compiled Notes 27

 🔷 II. LEGAL FRAMEWORK UNDER THE IT ACT, 2000
Provision Description

Section 2(1)(f) Defines asymmetric crypto system used in PKI

Section 2(1)(zg) Defines subscriber as holder of a digital certificate

Section 17–34 Regulate Certifying Authorities and their powers

Section 35 Certifying Authority issues the Digital Signature Certificate (DSC)

Section 36–39 Regulate issuance, suspension, and revocation of certificates

Section 40–42 Duties of subscribers in protecting private keys

🔷 III. COMPONENTS OF PKI

Component Function

🔐 Private Key Secret key used by subscriber to create a digital

signature

🔓 Public Key Shared key used to verify the signature created

using private key

🏢 Certifying Authority (CA) Trusted entity that issues Digital Signature

Certificates

🧾 Digital Signature Certificate Authenticates the identity of the subscriber

(DSC)

📜 Controller of Certifying Regulates CAs; ensures compliance (Sec. 17, 18)

Authorities (CCA)

📑 Certificate Revocation List (CRL) List of certificates that are suspended/revoked

🛠 Repository Public database of certificates and CRLs (Sec. 20 –

now omitted)

🔷 IV. HOW PKI WORKS – STEP-BY-STEP

1. Key Pair Generation

Subscriber generates a pair: Private key (confidential) and Public

key (shared).

2. Certificate Request & Issuance

Cyber Law - Compiled Notes 28

 Subscriber applies to a CA with identity proof.

CA verifies and issues a Digital Signature Certificate linking identity to

public key.

3. Digital Signing

Subscriber signs a message/document using their private key.

Creates a digital signature via hash + encryption.

4. Verification

Receiver uses the public key to verify the digital signature.

Confirms authenticity and integrity.

🔷 V. DIGITAL SIGNATURE CERTIFICATE (DSC)

✅ Issued under:
Section 35, IT Act, 2000

✅ Certifies:
The public key of the subscriber

Identity of the holder

Validity period, usage, and CA's digital signature

✅ Levels in India:
Class 1 – Email, name (basic)

Class 2 – Company registration, ITR (identity-based)

Class 3 – High security (MCA21, DGFT, e-tendering)

🔷 VI. REGULATORY FRAMEWORK

Role Authority

Controller of Certifying Authorities

Appointed under Sec. 17 by Govt. of India
(CCA)

Cyber Law - Compiled Notes 29

 Licensed Certifying Authorities eMudhra, NIC, TCS, Sify, NSDL, etc.

Governed by CCA (Digital Signature

Regulations
Regulations)

📝 CCA maintains:
Repository of licensed CAs

Policies and audit guidelines

Standards for secure key management

🔷 VII. CASE REFERENCE

🧾 Anvar P.V. v. P.K. Basheer, (2014) 10 SCC 473
Supreme Court emphasized the need for certificate-based authentication for
admissibility of electronic records.

🧾SCSatyam
3540
Infoway Ltd. v. Sifynet Solutions Pvt. Ltd., AIR 2004

Validated legal importance of internet domain identity and authentication

systems.

🔷 VIII. IMPORTANCE OF PKI

Ensures non-repudiation – signer cannot deny signature

Enables secure e-commerce, e-governance, and e-contracts

Provides legal recognition to digital communications

Supports Aadhaar e-KYC, GST filings, MCA21, banking, etc.

🔷 IX. EXAM-READY POINTERS

Concept Section Relevance

Key Pair Sec. 2(1)(f), (zc), (zd) Asymmetric cryptosystem

DSC Sec. 35–39 Issuance, suspension, revocation

Cyber Law - Compiled Notes 30

 Certifying Authority Sec. 21–34 Powers, license, compliance

Subscriber Duties Sec. 40–42 Key protection, acceptance, control

CCA Sec. 17–18 Regulatory oversight

📘THEREGULATION OF CERTIFYING AUTHORITIES UNDER

IT ACT, 2000

🔷 I. INTRODUCTION
A Certifying Authority (CA) is a trusted entity that issues Digital Signature
Certificates (DSCs) to users.

The Information Technology Act, 2000 lays down a comprehensive legal

framework for the licensing, operation, regulation, and oversight of
Certifying Authorities (CAs).

The objective is to establish a Public Key Infrastructure (PKI) that

ensures secure electronic authentication.

🔷 II. DEFINITION
✅ Section 2(1)(g) – Certifying Authority means a person who has been granted a
license to issue a Digital Signature Certificate under Section 24.

🔷 III. REGULATORY FRAMEWORK

Provision Subject Summary

Controller of Certifying Authorities Appointed by Central Govt. to

Section 17
(CCA) regulate CAs

Supervisory, compliance,
Section 18 Functions of CCA coordination, maintenance of
repository

CCA can recognize foreign

Section 19 Recognition of foreign CAs
certifying authorities

Cyber Law - Compiled Notes 31

 Section [Repository provisions now replaced
20(Omitted) by CCA’s online repository]

CAs must obtain license from

Section 21 License to issue DSCs
CCA

Format and conditions

Section 22 Application for License
prescribed by rules

CAs can cross-certify each

Section 23 Cross-certification
other under CCA rules

Based on compliance with

Section 24 Issuance of License
prescribed rules

Grounds include fraud,

Section 25–27 Suspension/Revocation of License
malpractice, public interest

Section 28 Notice to CA before action Opportunity of being heard

CCA must make licensing info

Section 29 Publication of Licenses
public

Ensure secure operations,

Section 30 Certifying Authority’s Duties
maintain infrastructure

Annual audits, confidentiality,

Section 31–34 Audit, Disclosure, and Regulation
and adherence to regulations

🔷 IV. CONTROLLER OF CERTIFYING AUTHORITIES (CCA)

✅ Appointed under Section 17
Authority responsible for regulation of all CAs in India

Established under the Ministry of Electronics & IT (MeitY)

✅ Functions under Section 18

Licensing and regulating Certifying Authorities

Setting security standards and audit protocols

Supervising the National Repository of Digital Certificates

Recognizing or rejecting foreign CAs

Maintaining trustworthiness of Digital Signature infrastructure

Cyber Law - Compiled Notes 32

 🔷 V. LICENSING PROCEDURE FOR CERTIFYING AUTHORITIES
Step Provision Description

1️⃣ Sec. 21 Apply for license in prescribed form

2️⃣ Sec. 22 Application submitted to CCA with fee

3️⃣ Sec. 24 License granted upon compliance

4️⃣ Sec. 25–26 Can be suspended or revoked

5️⃣ Sec. 28 Due process to be followed

6️⃣ Sec. 29 License must be made publicly available

🔷 VI. CERTIFYING AUTHORITIES' DUTIES

✅ Under Section 30 & Section 31, a CA must:
Use secure hardware and software systems

Ensure confidentiality of subscriber information

Maintain standards of operation and verification

Keep records of:

DSCs issued/suspended/revoked

Key pair usage logs

Conduct annual audits (Sec. 30–31)

🔷 VII. REVOCATION & SUSPENSION

Ground Section Details

Fraud or misrepresentation Sec. 25 License can be suspended

Public interest Sec. 26 Revocation possible

Non-compliance Sec. 27 Breach of Act or rules

Right to be heard Sec. 28 CA must be given notice and opportunity

🔷 VIII. SUPPLEMENTARY REGULATIONS

Cyber Law - Compiled Notes 33
 Certifying Authority Rules, 2000:

Prescribe forms, audit norms, security policies.

Digital Signature (End Entity) Rules, 2015:

Standardize user-level practices for private key protection.

Electronic Signature Rules, 2015:

Enable authentication via Aadhaar-based OTP systems, biometrics.

🔷 IX. CURRENT LICENSED CERTIFYING AUTHORITIES IN INDIA

CA Name Type

eMudhra Ltd. Private

Sify Technologies Private

NIC Government

IDRBT Banking sector

NSDL e-Gov Semi-government

[Updated list available on official CCA website: https://cca.gov.in]

🔷 X. EXAM-READY SNAPSHOT
Section Content

Sec. 17–18 CCA & its powers

Sec. 21–24 CA Licensing

Sec. 25–28 Suspension & revocation

Sec. 30–31 Duties & audit of CA

Sec. 19 Recognition of foreign CAs

📘LAWVALIDITY OF DIGITAL CONTRACTS UNDER INDIAN

🔷 I. INTRODUCTION
Cyber Law - Compiled Notes 34
 In the digital age, contracts are increasingly formed electronically via emails,
websites, mobile apps, and e-commerce portals.

The Information Technology Act, 2000 and the Indian Contract Act,
1872 together provide a legal foundation for the validity and enforceability of
such digital contracts.

🔷 II. LEGAL RECOGNITION OF DIGITAL CONTRACTS

✅ Section 10A – IT Act, 2000
“Where in a contract formation, the communication of
proposals, the acceptance of proposals, the revocation of
proposals and acceptances... are expressed in electronic form
or by means of an electronic record, such contract shall not be
deemed to be unenforceable solely on the ground that such
electronic form or means was used for that purpose.”

🟩 Effect: Digital contracts are legally valid and enforceable as long as they
comply with the essential requirements under the Indian Contract Act.

🔷LAWIII. REQUIREMENTS FOR A VALID CONTRACT UNDER INDIAN

As per Section 10, Indian Contract Act, 1872, a valid contract must have:

Element Applicability to Digital Contracts

Offer & Acceptance Email offers, online checkout processes, app agreements

Lawful Consideration Digital payments, online subscriptions, services

Competent Parties Verified identities, e-KYC

Free Consent Clickwrap agreements with “I Agree” checkboxes

Lawful Object No violation of law or public policy

Not Declared Void Must not fall in void categories (e.g., wagering)

Cyber Law - Compiled Notes 35

 🔷 IV. MODES OF DIGITAL CONTRACT FORMATION
Mode Examples

Email Contract Offers and acceptance exchanged over email

Clickwrap Agreement User clicks “I Agree” before using a service

Shrinkwrap Agreement Terms included in packaging/software installation

Browsewrap Agreement Terms hyperlinked on a website

Smart Contracts (Blockchain) Self-executing contracts with coded conditions

🔷 V. EVIDENTIARY VALUE
✅ Section 65B, Indian Evidence Act, 1872
Electronic contracts are admissible in court if they comply with procedural
requirements, including a Section 65B certificate.

✅ Anvar P.V. v. P.K. Basheer, (2014) 10 SCC 473

Reinforced the need for electronic evidence certification for enforceability.

🔷 VI. DIGITAL SIGNATURES AND CONTRACT ENFORCEMENT

Section 5, IT Act: Legally recognizes electronic signatures in contracts.

Valid digital contracts often use:

Aadhaar e-KYC OTP authentication

DSCs (Digital Signature Certificates)

🔷FORM
VII. EXCEPTIONS – DOCUMENTS NOT VALID IN ELECTRONIC

As per First Schedule, IT Act, the following cannot be executed digitally:

Instrument Reason

Negotiable Instruments (except cheques) Must be in writing

Powers of Attorney Must be stamped and signed

Cyber Law - Compiled Notes 36

 Trust Deeds Physical execution required

Wills Personal authentication needed

Contracts under Personal Law Marriage, divorce, adoption, etc.

🔷 VIII. KEY CASE LAWS

Case Principle

Trimex International FZE v. Vedanta Email exchanges can result in a valid and
Aluminium Ltd., (2010) 3 SCC 1 binding contract

Contract enforceability applies even in

ONGC v. Saw Pipes Ltd., (2003) 5 SCC 705
digital form if parties consent

Valid acceptance must be communicated –

Lalman Shukla v. Gauri Dutt, (1913)
applies digitally too

🔷 IX. EXAM-READY POINTS

Provision Content

Sec. 10A, IT Act Digital contracts are enforceable

Sec. 65B, IEA E-contracts need certificate for admissibility

Sec. 10, Contract Act Basic contract formation elements

First Schedule, IT Act Exceptions to digital enforceability

Module - 3 : Civil liabilities and adjudication

under Information Technology Act 2000
📘 CYBER TORTS AND CONTRAVENTIONS UNDER INDIAN LAW
📘 ADJUDICATION UNDER THE INFORMATION TECHNOLOGY ACT, 2000
📘INDIAN
CYBER TORTS AND CONTRAVENTIONS UNDER
LAW

Cyber Law - Compiled Notes 37

 🔷 I. INTRODUCTION
Cyber torts are civil wrongs committed in cyberspace that violate legal rights
or cause harm but may not amount to criminal offences.

Contraventions under the IT Act, 2000 refer to non-criminal

violations punishable by civil penalties, fines, or compensation, not
imprisonment.

Both concepts deal with wrongful acts in the digital realm that lead to liability
and legal remedies.

🔷 II. MEANING & DIFFERENCE

Basis Cyber Torts Contraventions

Civil wrong (common law +

Nature Statutory violation under IT Act
statute)

Remedy Compensation, injunction Fine, penalty, damages

Defamation, trespass to data, Unauthorized access, data damage,

Examples
invasion of privacy non-compliance with data norms

Adjudicating Officer / Appellate Tribunal

Forum Civil Court or High Court
under IT Act

🔷 III. CYBER TORTS – ILLUSTRATIVE EXAMPLES

Type Description Relevant Law

Cyber Publishing false content harming Law of Torts + Sec. 66A (struck
Defamation reputation online down), IPC 500

Unauthorized access or interference

Cyber Trespass Sec. 43(a) IT Act
with computer system

Invasion of Use/disclosure of personal data

Sec. 43A, 72, 72A IT Act
Privacy without consent

Repeated unwarranted online activity

Cyber Nuisance General tort principle
causing annoyance

Cyberstalking, threats, obscene

Harassment IPC + IT Act Sec. 66E, 67
messages

Cyber Law - Compiled Notes 38

 Fraudulent use of another’s identity
Impersonation Sec. 66C IT Act
(email, profile)

🔷 IV. CONTRAVENTIONS UNDER THE IT ACT, 2000

✅ Covered under Chapter IX – Sections 43 to 47
Section Nature of Contravention Penalty

Unauthorized access, virus introduction, Compensation to

Sec. 43
denial of service, data theft affected party

Compensation for
Sec. 43A Failure to protect sensitive personal data
negligence

Fines from ₹1.5 lakh to

Sec. 44 Failure to furnish information to authorities
₹5 lakh

Sec. 45 Residual penalty for other violations Up to ₹25,000 or more

Up to 2 years + ₹1 lakh
Sec. 72 Breach of confidentiality by officials
fine

Up to 3 years + ₹5 lakh
Sec. 72A Disclosure of information under contract
fine

✅ Authorities under the Act:

Section 46: Adjudicating Officer for contraventions (claims up to ₹5 crore)

Section 48: Appellate Tribunal (now merged with TDSAT)

🔷 V. RELEVANT CASE LAWS

Case Principle

K.S. Puttaswamy v. UOI, (2017) Recognized privacy as a fundamental right – forms basis
10 SCC 1 for tort of data misuse

Avnish Bajaj v. State Platform liability for obscene content – Sec. 79

(Bazee.com case) protections

Shreya Singhal v. UOI, AIR 2015

Struck down Section 66A – free speech vs online abuse
SC 1523

Cyber Law - Compiled Notes 39

 🔷 VI. EXAM-READY COMPARISON TABLE
Concept Cyber Torts Contraventions

Source Torts + IT Act IT Act only

Nature Civil wrong Civil breach/statutory default

Penalty Compensation/damages Fine + damages (no jail)

Example Defamation, privacy breach Data theft, access without permission

Remedy Forum Civil Courts, High Court Adjudicating Officers, Appellate Tribunal

🔷 VII. RELEVANCE IN CONTEMPORARY CONTEXT

Increase in:

Online defamation (tweets, memes, blogs)

Data misuse by apps and websites

Workplace harassment via email/Zoom

Unauthorized surveillance and spyware

Cyber torts fill the gap between criminal prosecution and complete inaction,
especially where harm is civil in nature.

📘TECHNOLOGY
ADJUDICATION UNDER THE INFORMATION
ACT, 2000

🔷 I. INTRODUCTION
The IT Act, 2000 provides for adjudication of cyber disputes and
contraventions through quasi-judicial authorities rather than traditional
courts.

It is primarily concerned with civil liability, such as compensation for damage

to computer systems, data theft, failure to protect data, etc.

The process is summary, time-bound, and technical in nature.

Cyber Law - Compiled Notes 40

 🔷 II. LEGAL BASIS: SECTIONS 46–47, IT ACT, 2000
Section Subject

Section 46 Appointment of Adjudicating Officers (AOs)

Section 47 Criteria for determining the amount of compensation

🔷 III. ADJUDICATING OFFICER (AO)

✅ Appointed under Section 46(1)
Central Government appoints officers not below the rank of Joint Secretary.

AO has jurisdiction to inquire into contraventions under Sections 43, 43A,

44, 45, etc., where the claim for injury does not exceed ₹5 crore.

✅ Powers of AO:
Summon and enforce attendance

Examine under oath

Order production of documents

Receive evidence on affidavits

Issue commission for examination

Award compensation and penalties

✅ Limitation:
If claim exceeds ₹5 crore, jurisdiction shifts to civil court.

🔷 IV. APPELLATE MECHANISM

Forum Provision Remarks

Appellate Previously Cyber Appellate Tribunal (now merged

Section 48
Tribunal with TDSAT)

Further Appeal Section 62 Appeal lies to High Court within 60 days

Cyber Law - Compiled Notes 41

 📝 Important Update: As per the Finance Act, 2017, the Cyber Appellate Tribunal
was merged with TDSAT(Telecom Disputes Settlement and Appellate Tribunal).

🔷 V. CRITERIA FOR COMPENSATION – SECTION 47

While determining the quantum of compensation or penalty, the AO considers:

1. Amount of unfair gain made by the defaulting party

2. Extent of loss caused to the victim

3. Repetitive nature of the default

4. Level of intent or negligence involved

🔷 VI. SCOPE OF ADJUDICATION

Section Contravention

43 Unauthorized access, virus injection, data theft

43A Failure to protect sensitive personal data

44 Failure to furnish required documents

45 Residual contraventions not specified elsewhere

✅ Penalty: Monetary compensation, which can go up to ₹5 crore before AO.

🔷 VII. PROCEDURE
1. Complaint filed before AO with supporting documents.

2. AO issues notice to respondent.

3. Both parties may submit affidavits, documentary proof, and witness

statements.

4. Hearing conducted; decision delivered with reasoned order.

5. Appeal (if any) to TDSAT, then to High Court.

🔷 VIII. RELEVANT CASE EXAMPLES

Case Takeaway

Cyber Law - Compiled Notes 42

 Rajesh Garg v. State of
AO awarded damages for email hacking under Sec. 43
Haryana

ICICI Bank Phishing Case AO directed compensation for failure to secure customer
(Delhi) data

Compensation under Section 43A for data breach by

PayPal Data Theft (Mumbai)
insider

🔷 IX. ADVANTAGES OF ADJUDICATION PROCESS

Specialized officers with technical expertise

Time-bound redressal

Cost-effective compared to civil suits

Ensures enforcement of privacy and data protection rights

🔷 X. EXAM-READY SUMMARY TABLE

Element Provision Key Point

AO Appointment Sec. 46 Joint Secretary rank officer

Jurisdiction Limit Sec. 46(1A) Up to ₹5 crore

Criteria for Compensation Sec. 47 Gain, loss, repetition, intent

Appellate Body Sec. 48 & 62 TDSAT → High Court

Scope Sec. 43, 43A, 44 Civil breaches & negligence

Module - 4 : Criminal Liability under the IT

Act
📘 INTRODUCTION TO CYBERCRIMES
📘 CYBER CRIMES VS CONEVENTIONAL CRIME
📘 CLASSIFICATION OF CYBER CRIMES
📘 CYBER CRIMES UNDER THE IT ACT
📘 PROSECUTION OF CYBER CRIME UNDER THE IT ACT
Cyber Law - Compiled Notes 43
 📘 INTRODUCTION TO CYBERCRIMES
(Based on IT Act, 2000 – Sections 65–74, IPC, and recent trends)

🔷 I. WHAT IS CYBERCRIME?
Cybercrime refers to any criminal activity involving a computer, networked
device, or a digital ecosystem.

It includes offences where:

1. The computer is the target, or

2. The computer is used as a tool to commit the offence.

The Information Technology Act, 2000, along with relevant provisions of

the Indian Penal Code, governs cybercrimes in India.

🔷 II. DEFINITION
🟩 Although the IT Act does not define “cybercrime” explicitly, it provides penal
provisions for offences committed using computer systems or networks.
✅ UN Definition (ITU):
“Cybercrime refers to any illegal behavior directed by means of
electronic operations that targets the security of computer
systems and the data they process.”

🔷 III. TYPES OF CYBERCRIMES – CLASSIFICATION

🔹 A. Crimes Against Individuals
Cyberstalking

Cyber defamation

Morphing and revenge porn

Identity theft

Cyber Law - Compiled Notes 44

 Phishing & spoofing

🔹 B. Crimes Against Property

Hacking and unauthorised access

Cyber extortion

Malware attacks / ransomware

Intellectual property theft (piracy, copyright violation)

🔹 C. Crimes Against Government or Society

Cyber terrorism – Sec. 66F

Hate speech and fake news

Obstruction of public websites

Hacking into government networks

🔷 IV. CYBERCRIMES UNDER THE IT ACT, 2000

(Chapter XI: Sections 65–74)

Section Offence Punishment

Sec. 65 Tampering with computer source code Up to 3 years + ₹2 lakh

Sec. 66 Hacking & unauthorized access Up to 3 years + ₹5 lakh

Sec. 66B Dishonest receipt of stolen computer resources Up to 3 years + ₹1 lakh

Sec. 66C Identity theft (e.g., password, signature misuse) Up to 3 years + ₹1 lakh

Sec. 66D Cheating by impersonation using computer Up to 3 years + ₹1 lakh

Sec. 66E Privacy violation (publishing private images) Up to 3 years + ₹2 lakh

Sec. 66F Cyber terrorism Life imprisonment

Up to 3–5 years + ₹5–

Sec. 67 Obscene electronic content
10 lakh

Up to 5–7 years + ₹10

Sec. 67A Sexually explicit content
lakh

Up to 5–7 years + ₹10

Sec. 67B Child pornography
lakh

Cyber Law - Compiled Notes 45

 Miscellaneous (orders, false certification,
Sec. 68–74 Varies
breach of confidentiality, etc.)

🔷 V. RELEVANT IPC SECTIONS

Sec. 419–420 IPC – Online fraud and cheating

Sec. 463–471 IPC – Digital forgery and falsification of documents

Sec. 499–500 IPC – Online defamation

Sec. 354D IPC – Cyberstalking

Sec. 507 IPC – Criminal intimidation by anonymous communication

🔷 VI. IMPORTANT CASE LAWS

Case Legal Principle

Avnish Bajaj v. State (Bazee.com

Intermediary liability under Sec. 67
case)

Shreya Singhal v. UOI, AIR 2015

Struck down Sec. 66A – vague and unconstitutional
SC 1523

M/S Silk v. M/S Minit India Ltd.

Recognized email phishing as a cognizable offence
(2021)

Right to privacy as a constitutional protection – data

K.S. Puttaswamy v. UOI, (2017)
misuse actionable

🔷 VII. CHALLENGES IN CYBERCRIME LAW ENFORCEMENT

Anonymity of cybercriminals

Cross-border jurisdictional issues

Lack of digital evidence handling capacity

Delayed or non-specialized investigation

🔷 VIII. ENFORCEMENT FRAMEWORK

Authority Role

Cyber Law - Compiled Notes 46

 Cyber Crime Police Cells State-based specialized cybercrime units

CERT-In Technical assistance for threat monitoring

Adjudicating Officers (Sec. 46) Compensation for contraventions

TDSAT (Appellate) Appeals under the IT Act

Indian Cyber Crime Coordination

National-level policy and training support
Centre (I4C)

Public grievance redressal

Cyber Crime Portal
(https://cybercrime.gov.in/)

🔷 IX. EXAM-READY POINTS

Topic Reference

Cybercrime classification IT Act + IPC

Major offences Sec. 65–74, IT Act

Identity theft Sec. 66C

Cheating by impersonation Sec. 66D

Cyber terrorism Sec. 66F

Obscenity online Sec. 67–67B

Judicial stance on Sec. 66A Shreya Singhal v. UOI – Struck down

📘 CYBER CRIMES VS. CONVENTIONAL CRIMES

🔷 I. INTRODUCTION
Conventional Crimes involve criminal acts committed physically, affecting
tangible persons or property.

Cyber Crimes are offences committed using computers, networks, or digital

devices, often affecting virtual assets, data, or digital identities.

While both may involve fraud, theft, or defamation, the means, medium,
jurisdiction, and enforcement challenges differ.

Cyber Law - Compiled Notes 47

 🔷 II. DEFINITIONS
✅ Cyber Crime
“Any criminal activity that uses a computer, digital device, or
network as a tool, target, or means of committing an offence.”

— (No explicit definition in IT Act, but covered under Sections

65–74)

✅ Conventional Crime
A physical or traditional criminal act defined and penalized
under statutes like the Indian Penal Code (IPC), 1860, involving
human involvement in the real (non-digital) world.

🔷CONVENTIONAL
III. KEY DIFFERENCES BETWEEN CYBER CRIMES AND
CRIMES

Basis Cyber Crime Conventional Crime

Virtual/digital (internet, computer,

Medium Physical environment
network)

Computers, phones, software, Weapons, force, or physical

Tool/Instrument
networks means

Can be committed remotely, cross- Localized; tied to specific

Location
border physical place

Digital evidence (logs, metadata, Physical evidence (witnesses,

Evidence
emails) fingerprints)

High – criminals may conceal Low – physical presence

Anonymity
identity via VPNs, fake accounts usually traceable

Jurisdiction Complex, may involve multiple Usually governed by

Issues countries local/state laws

Investigation Technical expertise (forensics, IP

Traditional policing skills
Needs tracing)

Cyber Law - Compiled Notes 48

 Common Hacking, phishing, cyberstalking,
Murder, theft, assault, robbery
Offences ransomware

Speed of Instant, automated (e.g., mass email Requires time and physical
Commission scams) effort

Replication of Generally affects limited

Can affect millions simultaneously
Crime victims at once

IPC + CrPC + Special Laws

Applicable Laws IT Act, 2000 + IPC
(e.g., NDPS, Arms Act)

🔷 IV. EXAMPLES
🖥️ Cyber Crimes
Phishing: Fake emails tricking users into revealing credentials.

Hacking: Unauthorized access to someone’s system.

Cyberstalking: Persistent harassment via digital means.

Online Defamation: Posting harmful content to damage reputation.

🧍‍♂️ Conventional Crimes

Theft: Stealing physical property.

Assault: Physical harm or threat.

Murder: Unlawful killing of a person.

Defamation: Oral or written harm through print or speech.

🔷 V. OVERLAPPING AREAS
Some crimes exist in both realms:

Crime Conventional Form Cyber Variant

Defamation Oral/written in print media Blog, tweet, post

Fraud Cheating with false documents Email scams, e-fraud

Stalking Following in person Tracking via social media, GPS

Identity Theft Forgery of ID cards Hacking digital identities

Cyber Law - Compiled Notes 49

 🔷 VI. CASE LAW REFERENCES
Case Legal Significance

Avnish Bajaj v. State (Bazee.com case) Liability of intermediaries under IT Act

Shreya Singhal v. Union of India, AIR 2015 Declared Sec. 66A unconstitutional for being
SC 1523 vague

Recognized right to privacy, important for

K.S. Puttaswamy v. Union of India, (2017)
cybercrime laws

State of Maharashtra v. Trivedi (Fake e- Digital impersonation and cyber fraud

commerce website case) recognised under IPC + IT Act

🔷 VII. RELEVANCE & IMPLICATIONS

Cyber crimes require evolving legal and technical mechanisms, often
beyond the capacity of conventional policing.

Need for:

Digital forensics

Cyber police cells

Cross-border cooperation

Legislative updates

📘 CLASSIFICATION OF CYBERCRIMES
(As per Indian legal framework & international best practices)

🔷 I. INTRODUCTION
Cybercrime refers to any illegal activity conducted through or
targeting computers, digital systems, or the internet.

It can be classified based on:

Target of the crime (person, property, government),

Motive (financial, revenge, political),

Cyber Law - Compiled Notes 50

 Nature (civil, criminal, organized).

🔷 II. MAJOR CLASSIFICATIONS OF CYBERCRIME

🔹 A. BASED ON TARGET
1. Crimes Against Individuals
Offence Description Relevant Law

Repeated harassment via IPC Sec. 354D, IT Act Sec. 66A

Cyberstalking
emails, social media (struck down), 66E

Publishing defamatory content

Cyber Defamation IPC Sec. 499–500
online

Morphing / Revenge Altering images, posting

IT Act Sec. 66E, 67A
Porn explicit content

Sending forged emails to

Email Spoofing IT Act Sec. 66C
deceive recipient

Online Fraud through fake

IT Act Sec. 66D
Fraud/Phishing emails/websites

2. Crimes Against Property

Offence Description Relevant Law

Unauthorized access to
Hacking IT Act Sec. 66
data/networks

Attacking systems to make them

Denial of Service (DoS) IT Act Sec. 43(f)
unavailable

Using malicious code to steal/destroy

Malware Attacks Sec. 43(c), (d), (g)
data

Intellectual Property Piracy, copyright violation, software

Copyright Act, IT Act
Theft cloning

Covered under Sec. 66,

Ransomware Locking systems until payment made
43A

Cyber Law - Compiled Notes 51

 3. Crimes Against Government / Society
Offence Description Relevant Law

Targeting govt. systems, spreading

Cyber Terrorism IT Act Sec. 66F
panic

Hacking into Government Espionage or disruption of public

IT Act Sec. 66, 69
Websites data

Spreading Fake News / Hate Misuse of platforms to incite IPC Sec. 153A,
Speech violence 505

Recruitment through extremist

Online Radicalization UAPA + IT Act
propaganda

Obstruction of Public
Targeting utilities (power, transport) IT Act + IPC
Infrastructure

🔹 B. BASED ON MOTIVE OR INTENT

Type Examples

Financial Crime Online banking fraud, phishing, crypto scams

Reputational Harm Cyber defamation, deepfake

Ideological Crime Cyber terrorism, digital activism

Personal Revenge Revenge porn, stalking, impersonation

Corporate Espionage Insider data theft, surveillance malware

🔹 C. BASED ON NATURE OF OFFENCE

1. Civil Cyber Wrongs (Cyber Torts)
Violation of privacy, defamation, data misuse

Covered under: Sec. 43, 43A, 72, 72A of IT Act

2. Criminal Cyber Offences

Identity theft, hacking, child pornography, terrorism

Covered under: Sec. 65–74 of IT Act, IPC, POCSO Act

Cyber Law - Compiled Notes 52

 3. Organized Cybercrimes
Committed by cyber syndicates, often cross-border

Examples: Cyber extortion gangs, darknet drug trafficking, crypto laundering

🔹 D. BASED ON PLATFORM/TECH USED

Platform Common Offences

Email Spoofing, phishing, extortion

Social Media Harassment, impersonation, hate speech

Mobile Apps OTP frauds, data harvesting

E-commerce Fake products, refund scams

Dark Web Trafficking, fake ID sales, hacking services

🔷 III. CASE LAW REFERENCES

Case Relevance

Avnish Bajaj v. State (Bazee.com case) First major obscenity case under IT Act

Shreya Singhal v. UOI, AIR 2015 SC

Section 66A struck down – Free speech online
1523

Ritu Kohli Case First cyberstalking case in India

Recognized bank’s duty to secure digital

ICICI Phishing Case (Delhi)
platforms

🔷 IV. CLASSIFICATION AS PER CERT-IN (2022)

1. Website intrusions & defacements

2. Virus/malicious code attacks

3. Identity theft

4. DoS/DDoS attacks

5. Scams through mobile and UPI apps

6. Critical infrastructure targeting

Cyber Law - Compiled Notes 53

 🔷 V. EXAM-READY SUMMARY TABLE
Basis Categories

Target Individual, Property, Government

Nature Civil (torts), Criminal, Organized

Motive Financial, Reputational, Revenge, Political

Platform Social media, Email, Mobile apps, E-commerce

📘TECHNOLOGY
CYBERCRIMES UNDER THE INFORMATION
ACT, 2000
(Chapter XI: Offences – Sections 65 to 74)

🔷 I. INTRODUCTION
The IT Act, 2000, through Chapter XI, criminalizes specific cyber activities.

These offences involve the use or misuse of computers, networks, and

digital systems.

Punishments include imprisonment, fines, or both, and many offences

are cognizable and bailable unless otherwise specified.

🔷 II. SECTION-WISE CLASSIFICATION OF CYBERCRIMES

🔹 Section 65 – Tampering with Computer Source Documents
Whoever knowingly or intentionally conceals, destroys, or
alters any computer source code...

✅ Punishment:
Imprisonment up to 3 years, or

Fine up to ₹2 lakh, or both

📌 Example: Deleting/modifying source code to disrupt functioning of software.

Cyber Law - Compiled Notes 54
 🔹 Section 66 – Computer Related Offences
Covers dishonest or fraudulent acts as defined under Section
43.

✅ Punishment:
Imprisonment up to 3 years, and/or

Fine up to ₹5 lakh

📌 Includes: Hacking, data theft, denial of service, introducing malware.

🔹Resource
Section 66B – Dishonestly Receiving Stolen Computer

Receiving data or computer resources knowing they were

stolen.

✅ Punishment:
Up to 3 years, and/or

Fine up to ₹1 lakh

🔹 Section 66C – Identity Theft

Fraudulent use of another person’s electronic signature,
password, or unique identification.

✅ Punishment:
Up to 3 years, and/or

Fine up to ₹1 lakh

📌 Example: Using someone’s Aadhaar OTP, password, or login credentials.

Cyber Law - Compiled Notes 55

 🔹Resources
Section 66D – Cheating by Personation Using Computer

Impersonating someone digitally to cheat.

✅ Punishment:
Up to 3 years, and/or

Fine up to ₹1 lakh

📌 Example: Fake customer care calls, UPI fraud.

🔹 Section 66E – Violation of Privacy
Capturing, publishing, or transmitting images of a person’s
private area without consent.

✅ Punishment:
Up to 3 years, and/or

Fine up to ₹2 lakh

🔹 Section 66F – Cyber Terrorism

Intentionally threatening the integrity, sovereignty, or security
of India via cyber means.

✅ Punishment:
Imprisonment for life

📌 Example: Hacking nuclear command infrastructure or government servers.

🔹 Section 67 – Publishing or Transmitting Obscene Material
Electronic publication or transmission of obscene content.

Cyber Law - Compiled Notes 56

 ✅ Punishment:
First Conviction: 3 years + ₹5 lakh

Subsequent: 5 years + ₹10 lakh

🔹 Section 67A – Sexually Explicit Content

Covers digital transmission of sexually explicit material
(excluding children).

✅ Punishment:
First Conviction: 5 years + ₹10 lakh

Subsequent: 7 years + ₹10 lakh

🔹 Section 67B – Child Pornography

Covers use of child imagery in sexual content.

✅ Punishment:
First Conviction: 5 years + ₹10 lakh

Subsequent: 7 years + ₹10 lakh

📌 Example: Circulating child sexual abuse content via Telegram or WhatsApp.

🔹 Section 68 – Power of Controller to Issue Directions
Failure to comply with directions from the Controller of
Certifying Authorities.

✅ Punishment:
Up to 2 years, and/or

Fine up to ₹1 lakh

Cyber Law - Compiled Notes 57

 🔹 Section 69 – Power to Intercept or Decrypt Information
Authorises govt. to intercept in the interest of sovereignty,
security, or public order.

✅ Non-compliance Punishment:
Up to 7 years + fine

🔹 Section 70 – Protected System

Unauthorized access to government-declared protected
systems (like SCADA, defense systems).

✅ Punishment:
Up to 10 years, and/or

Fine

🔹 Section 71 – Penalty for Misrepresentation

Lying to CCA or CA to obtain digital certificates.

✅ Punishment:
Up to 2 years, and/or

Fine up to ₹1 lakh

🔹 Section 72 – Breach of Confidentiality and Privacy

Any person with access to electronic data discloses it without
consent.

✅ Punishment:
Up to 2 years, and/or

Cyber Law - Compiled Notes 58

 Fine up to ₹1 lakh

🔹Contract
Section 72A – Disclosure of Information in Breach of Lawful

Applies to service providers disclosing personal info received

under lawful contract.

✅ Punishment:
Up to 3 years, and/or

Fine up to ₹5 lakh

🔹 Section 73–74 – Fraudulent Digital Certificates

Publishing false DSCs or possessing DSCs for fraud.

✅ Punishment:
Up to 2 years and fine (varies)

🔷 III. QUICK REVISION TABLE (EXAM-FRIENDLY)

Section Offence Max Punishment

Sec. 65 Tampering source code 3 years + ₹2L

Sec. 66 Hacking, data theft 3 years + ₹5L

Sec. 66C Identity theft 3 years + ₹1L

Sec. 66D Impersonation 3 years + ₹1L

Sec. 66F Cyber terrorism Life imprisonment

Sec. 67 Obscenity 3–5 years + ₹10L

Sec. 67B Child porn 5–7 years + ₹10L

Sec. 72 Breach of confidentiality 2 years + ₹1L

Sec. 72A Info disclosure breach 3 years + ₹5L

📘
Cyber Law - Compiled Notes 59
 📘INFORMATION
PROSECUTION OF CYBERCRIME UNDER THE
TECHNOLOGY ACT, 2000

🔷 I. INTRODUCTION
The Information Technology Act, 2000 provides for criminal prosecution of
cyber offences under Chapter XI (Sections 65–74).

These offences are punishable by imprisonment, fine, or both.

Prosecution of cybercrime involves multiple agencies and a blend of IT Act,

IPC, CrPC, and specialised procedural laws.

🔷 II. WHO CAN INVESTIGATE CYBER OFFENCES?

✅ Section 78, IT Act, 2000:
“Only a police officer not below the rank of Inspector shall
investigate any offence under this Act.”

📌 In practice, cybercrime police stations are designated in every state and UT to

handle such cases.

🔷 III. WHO CAN PROSECUTE?

Public Prosecutors under the Code of Criminal Procedure (CrPC) prosecute
cyber offences in Magistrate or Sessions Courts, depending on severity.

Adjudicating Officers (AO) (under Sec. 46) handle civil contraventions (e.g.,
under Sec. 43, 43A).

Central Government may authorize agencies like CBI, CERT-In, or Special

Task Forces for major cyber threats.

🔷 IV. COURT JURISDICTION FOR CYBER OFFENCES

Category Court of Trial

Offences punishable ≤ 3 years Judicial Magistrate First Class

Cyber Law - Compiled Notes 60

 Offences punishable > 3 years or life Sessions Court

✅ Section 75, IT Act – Extra-territorial jurisdiction

IT Act applies to any offence or contravention
committed outside India if the system affected is located in
India.

🔷 V. PROCEDURAL LAW APPLICABLE

Code of Criminal Procedure, 1973 (CrPC) applies to cybercrime investigation,
arrest, bail, trial, and appeal.

Indian Evidence Act, 1872 governs the admissibility of electronic

records (Sec. 65B certificate is mandatory).

🧾 Key Case Law:

Anvar P.V. v. P.K. Basheer, (2014) 10 SCC 473
→ Sec. 65B certificate is essential for admitting electronic evidence in court.

🔷 VI. STEPS IN CYBERCRIME PROSECUTION

Stage Action

Victim files complaint at cybercrime cell or via

1. FIR Filing
cybercrime.gov.in

2. Investigation By Inspector-rank officer or above (Sec. 78 IT Act)

3.
As per CrPC + IT Act search & seizure powers
Arrest/Search/Seizure

4. Framing of Charges Court frames charges under IT Act + IPC

5. Trial & Evidence Digital evidence submitted with Sec. 65B certificate

6. Judgment Based on guilt/proof beyond reasonable doubt

7. Appeal Lies to higher court (Sessions/High Court)

🔷 VII. AUTHORITIES INVOLVED

Cyber Law - Compiled Notes 61
 Authority Role

Cybercrime Police Investigation, search, seizure

Judicial Magistrates / Sessions Judges Trial of cyber offences

Adjudicating Officer (Sec. 46) Civil penalty in contraventions

TDSAT Appeal against AO's order

CERT-In Cyber emergency response and monitoring

CCA Licensing and certifying DSCs (not investigative)

🔷 VIII. RELEVANT CASE LAWS

Case Legal Principle

Shreya Singhal v. UOI, AIR 2015 Struck down Sec. 66A; prosecution must meet Art.
SC 1523 19(2) threshold

Avnish Bajaj v. State (Bazee.com Criminal liability of intermediaries – Section 79

case) interpreted

Bank held liable under both IT Act and IPC for

ICICI Phishing Case (Delhi)
phishing loss

K.S. Puttaswamy v. UOI, (2017) 10 Set the foundation for prosecuting data privacy
SCC 1 violations

🔷 IX. CHALLENGES IN PROSECUTION

Jurisdictional complexity (cross-border data, global servers)

Lack of trained cybercrime police

Poor digital forensics and evidence chain

Delayed compliance from intermediaries

Anonymity of accused using VPNs or dark web

🔷SECTIONS)
X. PENALTIES AND PROSECUTABLE OFFENCES (IT ACT

Section Offence Punishment

Cyber Law - Compiled Notes 62

 65 Tampering with source code 3 years + ₹2 lakh

66C Identity theft 3 years + ₹1 lakh

66D Impersonation 3 years + ₹1 lakh

66F Cyber terrorism Life imprisonment

67B Child pornography 5–7 years + ₹10 lakh

MODULE -5: Data protection in

Cyberspace
Interception & Monitoring of Electronic Communication under IT Act

Privacy Issues in cyberspace – international and national perspective

Digital Data and its Protection (Data protection Bill 2019) & IT Act

Content liability in cyberspace

Information Technology (Intermediary Guidelines and Digital Media Ethics

Code) Rules,

IPR issues in cyberspace

📘COMMUNICATION
INTERCEPTION & MONITORING OF ELECTRONIC
UNDER THE IT ACT, 2000

🔷 I. INTRODUCTION
The IT Act, 2000 empowers the government to intercept, monitor, and
decrypt electronic communications in the interest of national security, public
order, and law enforcement.

This power must be exercised with procedural safeguards to balance state

security interests with individual privacy rights.

🔷 II. LEGAL FRAMEWORK UNDER THE IT ACT

Cyber Law - Compiled Notes 63

 🔹Information
Section 69 – Power to Intercept, Monitor, or Decrypt

Empowers the Central or State Government or authorized

agency to intercept, monitor, or decryptelectronic information
transmitted, received, or stored in any computer resource if
satisfied that it is necessary or expedient to do so in the
interest of:

Sovereignty or integrity of India

Defense or security of the state

Friendly relations with foreign states

Public order

Preventing incitement to the commission of any cognizable offence

Investigation of any offence

✅ Penalty for non-compliance:

Imprisonment up to 7 years and fine

🔹 Section 69B – Monitoring of Cybersecurity Data Traffic

Authorizes agencies to monitor, collect, and analyze traffic
data or information for:

Cybersecurity

Prevention of intrusion or spread of computer contaminant

Detection of identity theft, phishing, cyber terrorism

✅ Central Government may direct agencies to take action via written

authorization.

🔷 III. PROCEDURAL SAFEGUARDS

Cyber Law - Compiled Notes 64
 👨‍⚖️ Rules:
Information Technology (Procedure and Safeguards for Interception,
Monitoring, and Decryption) Rules, 2009

Information Technology (Procedure and Safeguards for Monitoring and

Collecting Traffic Data or Information), Rules, 2009

✅ Safeguards under Rules:

Only authorized officers not below Joint Secretary level can approve
requests.

Written order is mandatory, valid for 60 days (extendable up to 180 days).

A Review Committee (chaired by Cabinet Secretary/Home Secretary) must

review orders within 7 working days.

Service providers must maintain confidentiality and cooperate with

decryption requests.

🔷 IV. RELEVANT CONSTITUTIONAL & JUDICIAL GUIDELINES

✅ Article 21 – Right to Privacy
Enshrined as a Fundamental Right in:

Justice K.S. Puttaswamy v. Union of India, (2017) 10 SCC 1

➤ Held that interception powers must be proportionate, legal, and
justified.

✅ PUCL v. Union of India, (1997) 1 SCC 301

➤ Laid down procedural safeguards for telephone tapping:

Interception must be based on written authorization.

There must be justifiable grounds.

Oversight mechanism must be in place.

✅ These principles are applicable to electronic surveillance as well.

Cyber Law - Compiled Notes 65

 🔷 V. CHALLENGES & CONCERNS
Concern Description

Privacy Violation Potential for mass surveillance or political misuse

Orders for interception are secret and not subject to public

Lack of Transparency
review

Review committees are executive-led, no judicial review at

Weak Oversight
initiation

Absence of Judicial Pre- Unlike some countries (e.g., USA's FISA court), India does not
Approval mandate prior judicial scrutiny

🔷 VI. COMPARATIVE PERSPECTIVE

Country Oversight Model

USA Judicial pre-approval via FISA Court

UK Independent Judicial Commissioner under Investigatory Powers Act

India Executive oversight with Review Committees (no judiciary involvement)

🔷 VII. EXAM-READY POINTERS

Provision Subject Authority

Interception, decryption,
Sec. 69 Central/State Government
monitoring

Cybersecurity traffic data

Sec. 69B Central Government only
monitoring

Written orders, time limits, Review

Rules, 2009 Safeguards for interception
Committee

Penalty Non-compliance Up to 7 years imprisonment + fine

📘INTERNATIONAL
PRIVACY ISSUES IN CYBERSPACE –
& NATIONAL PERSPECTIVE

🔷 I. INTRODUCTION
Cyber Law - Compiled Notes 66
 In the digital age, privacy is no longer confined to physical spaces—it now
includes data privacy, informational autonomy, and protection from digital
surveillance.

With the increasing use of internet platforms, cloud storage, social media,
biometrics, AI, and IoT, cyberspace raises new and complex privacy
concerns.

Both international conventions and national legal frameworks seek

to protect individuals from unlawful surveillance, profiling, and data misuse.

🔷 II. PRIVACY ISSUES IN CYBERSPACE

Concern Description

Data Harvesting Mass collection of user data by corporations & governments

Profiling & Tracking Behavioral tracking via cookies, browsing history

Surveillance State surveillance programs (e.g., Pegasus, PRISM)

Data Breaches Hacking, unauthorized disclosures

Consent Fatigue Complex and unclear terms of use policies

Cross-border Data
Lack of clarity on how data is used/stored in other jurisdictions
Flow

AI/Algorithmic Use of AI for facial recognition, predictive policing, emotion

Intrusion reading

🔷 III. NATIONAL PERSPECTIVE: INDIA

✅ 1. Constitutional Protection
K.S. Puttaswamy v. Union of India, (2017) 10 SCC 1
➤ Held Right to Privacy as a Fundamental Right under Article 21
➤ Established "Triple Test" for any restriction:

Legality

Necessity

Proportionality

Cyber Law - Compiled Notes 67

 ✅ 2. Statutory Framework
Law Provision

Information Technology Act,

Primary cyber law framework
2000

Compensation for failure to protect sensitive personal

Section 43A
data

Punishment for breach of confidentiality by authorized

Section 72
persons

Section 72A Disclosure of information in breach of lawful contract

🔹 No dedicated privacy law as of now (pending Data Protection law)

✅ 3. Judicial Precedents
Case Principle

Justice K.S. Puttaswamy v.

Privacy is intrinsic to right to life
UOI (2017)

Unconstitutional surveillance provisions (Sec. 66A) struck

Shreya Singhal v. UOI (2015)
down

Guidelines for lawful telephone tapping—applicable to

PUCL v. Union of India (1997)
electronic surveillance

✅ 4. Proposed Legislation
Digital Personal Data Protection Act, 2023 (DPDP Act) – Passed but not yet
fully operational
➤ Establishes user consent, purpose limitation, data fiduciaries
➤ Introduces Data Protection Board of India

🔷 IV. INTERNATIONAL PERSPECTIVE

✅ 1. Universal Declaration of Human Rights (UDHR), 1948
Cyber Law - Compiled Notes 68
 Article 12: "No one shall be subjected to arbitrary interference with his
privacy, family, home, or correspondence..."

✅19662. International Covenant on Civil and Political Rights (ICCPR),

Article 17: Protection against arbitrary or unlawful interference with privacy.

✅ 3. General Data Protection Regulation (GDPR), EU – 2018

Landmark law regulating personal data processing of EU residents.

Key principles:

Consent-based processing

Right to be forgotten

Data minimization

Purpose limitation

Applies extraterritorially to companies processing EU user data.

✅ 4. OECD Guidelines on Privacy, 1980 & 2013 Update

Core principles:

Collection limitation

Data quality

Purpose specification

Use limitation

Security safeguards

Individual participation

✅ 5. USA – Sectoral Approach

Law Focus

Cyber Law - Compiled Notes 69

 HIPAA Health Information Privacy

COPPA Children’s online data

FISA National surveillance (PRISM program criticized for overreach)

✅ 6. Other Countries
Country Law

Brazil LGPD (General Data Protection Law, 2020)

Canada PIPEDA

Japan Act on Protection of Personal Information

South Korea PIPA

🔷 V. COMPARATIVE SNAPSHOT
Criteria India EU (GDPR) USA

Privacy = Fundamental Statutory No general privacy

Status
Right fundamental right law

IT Act, 2000 + DPDP Sectoral (HIPAA,

Law GDPR
Act (2023) COPPA, etc.)

Data Protection Board Independent FTC + individual

Oversight
(proposed) national DPA regulators

Extra-territorial
Limited Strong Moderate
reach

🔷 VI. CHALLENGES AHEAD

Implementation of the DPDP Act

Surveillance reform under Section 69, IT Act

Cross-border data transfer norms

Corporate compliance & accountability

Balancing national security with individual rights

Cyber Law - Compiled Notes 70

 🔷 VII. EXAM-READY POINTS
Topic Provision/Case

Right to privacy K.S. Puttaswamy v. UOI (2017)

Data breach liability Sec. 43A, IT Act

International best practice GDPR

Cross-border protection Art. 17 ICCPR + GDPR

Surveillance powers Sec. 69 IT Act + PUCL Guidelines

📘PERSONAL
DIGITAL DATA AND ITS PROTECTION: IT ACT &
DATA PROTECTION BILL, 2019

🔷 I. INTRODUCTION
Digital Data Protection refers to legal and technical safeguards to ensure that
personal and sensitive data in cyberspace is collected, processed, stored,
and shared lawfully.

In India, data protection was primarily governed by the Information

Technology Act, 2000, but growing digitalization demanded
a comprehensive data protection law.

This led to the drafting of the Personal Data Protection Bill, 2019 (PDP Bill),
which eventually evolved into the Digital Personal Data Protection Act,
2023 (notified but not yet fully operational).

🔷 II. DATA PROTECTION UNDER THE IT ACT, 2000

The IT Act provides limited and sector-specific protection, primarily under:

✅ Section 43A – Compensation for Failure to Protect Data

Applicable to a body corporate handling sensitive personal
data or information (SPDI) that fails to implement reasonable
security practices and causes wrongful loss or gain.

Cyber Law - Compiled Notes 71

 📌 Compensation: Actual damages to the aggrieved person.
🔹 "Sensitive personal data" includes:
Passwords, financial information, health conditions, biometric data, etc.
(as per 2011 Rules)

✅ Section 72 – Breach of Confidentiality and Privacy

Punishes any person who, during the performance of official
duties under the Act, discloses personal datawithout consent.

📌 Punishment: Up to 2 years imprisonment, or ₹1 lakh fine, or both.

✅Contract
Section 72A – Disclosure of Information in Breach of Lawful

Applicable to service providers who disclose data without

consent obtained under a lawful contract.

📌 Punishment: Up to 3 years imprisonment, or ₹5 lakh fine, or both.

🔷 III. PERSONAL DATA PROTECTION BILL, 2019 – KEY FEATURES
Introduced following the Puttaswamy judgment (2017) and
Justice B.N. Srikrishna Committee Report.

✅ A. Definitions
Term Explanation

Data Principal Individual whose data is being processed

Data Fiduciary Entity that processes the data

Consent Free, informed, specific, clear, and revocable

Sensitive Personal Data Financial, health, biometric, sexual orientation, caste, etc.

Cyber Law - Compiled Notes 72

 Critical Personal Data To be stored and processed only in India (e.g., military data)

✅ B. Rights of the Data Principal

Right Description

Right to Confirmation and Access Know whether their data is being processed

Right to Correction Correct or update inaccurate data

Right to Data Portability Transfer data to another entity

Right to Be Forgotten Prevent disclosure after purpose is served

✅ C. Obligations of Data Fiduciary

Obtain valid consent before processing.

Use data only for specified purpose.

Maintain data quality and security standards.

Report data breaches.

✅ D. Regulatory Structure
Institution Role

Data Protection Authority (DPA) Enforces the law, investigates breaches, penalizes

Appellate Tribunal (TDSAT) Hears appeals from DPA orders

✅ E. Cross-border Data Transfer

Sensitive Personal Data: Can be transferred abroad with conditions
and storage copy in India.

Critical Data: Must be stored and processed in India only.

✅ F. Penalties under PDP Bill 2019

Violation Penalty

Failure to protect data ₹5 crore or 2% of global turnover

Cyber Law - Compiled Notes 73

 Significant non-compliance ₹15 crore or 4% of global turnover

🔷 IV. PDP BILL 2019 VS. IT ACT, 2000 – COMPARATIVE TABLE

Criteria IT Act, 2000 PDP Bill, 2019

Covers all personal + sensitive + critical

Scope Covers SPDI only
data

Not elaborately
Consent Central to processing
defined

Detailed rights (access, correction,

Rights of Individuals Not codified
forgotten)

No specialized
Enforcement Body DPA with investigative powers
regulator

Penalty Civil and criminal Civil, graded by severity

Cross-border
No framework Defined policy for sensitive/critical data
Transfer

Grounds for
Implicit under contract Explicit: consent, legal obligation, etc.
Processing

🔷 V. CONCLUSION
The IT Act offers basic safeguards, but in today’s data-centric economy, it
is inadequate.

The PDP Bill, 2019 aimed to create a comprehensive privacy regime aligned
with global standards like GDPR.

Although replaced by the Digital Personal Data Protection Act, 2023, the
2019 Bill remains critical for understanding the evolution of data protection
law in India and may still be asked in exams.

🔷 VI. EXAM-READY POINTERS

Topic Section/Provision

Compensation for data breach Sec. 43A, IT Act

Unlawful disclosure by officials Sec. 72

Cyber Law - Compiled Notes 74

 Unlawful contractual disclosure Sec. 72A

Individual privacy rights PDP Bill Clauses 3, 11–21

Landmark case K.S. Puttaswamy v. UOI (2017)

📘 CONTENT LIABILITY IN CYBERSPACE

(Focus: Intermediaries, Safe Harbour Doctrine, IT Act provisions, Judicial
Approach)

🔷 I. INTRODUCTION
Content liability in cyberspace refers to the legal responsibility of individuals
or platforms (intermediaries like YouTube, Facebook, WhatsApp, etc.)
for content that is hosted, published, or transmitted online.

In digital ecosystems, platforms do not create content but facilitate its

dissemination—raising questions of when and how they should be held
liable.

🔷 II. LEGAL FRAMEWORK UNDER THE IT ACT, 2000

✅ Section 79 – Exemption from Liability of Intermediaries
Provides "safe harbour" to intermediaries if:

The intermediary does not initiate, select the receiver, or modify the content.

The intermediary observes due diligence as prescribed by the rules.

✅ Exemption not applicable if:

Intermediary conspires, abets, or aids in unlawful activity.

Does not act expeditiously upon receiving actual

knowledge or governmental notice.

📌 Safe Harbour Principle:

Cyber Law - Compiled Notes 75

 Intermediaries are not liable for third-party content provided they comply with
legal obligations.

✅ Section 69A – Power to Block Access

Government can direct any intermediary to block access to
content in the interest of:

National security

Sovereignty and integrity

Friendly relations with foreign states

Public order or prevention of offences

📌 Intermediaries must comply, or face up to 7 years imprisonment.

🔷 III. WHO IS AN INTERMEDIARY?
✅ Section 2(1)(w), IT Act:
Any person who receives, stores or transmits any electronic
message on behalf of another person.

🔹 Examples:
Social media platforms (Meta, X)

Web hosting providers (GoDaddy)

E-commerce portals (Amazon, Flipkart)

Internet service providers (Jio, Airtel)

🔷ETHICS
IV. IT (INTERMEDIARY GUIDELINES AND DIGITAL MEDIA
CODE) RULES, 2021

Key Obligations:
Grievance Redressal Officer (24-hour response, 15-day resolution)

Cyber Law - Compiled Notes 76

 Due Diligence in content moderation

Traceability obligation for significant social media intermediaries (WhatsApp,

Signal, etc.)

Notice and Takedown mechanism for objectionable content

Automated tools for filtering obscene/violent content

🔷 V. LANDMARK CASE LAWS ON CONTENT LIABILITY

Case Legal Holding

Shreya Singhal v. Union of India, AIR 2015 SC 1523

➤ Struck down Section 66A (unconstitutional)

➤ Clarified that intermediaries must act only upon a court/government

order

➤ Protected freedom of speech and intermediary rights

| Avnish Bajaj v. State (Bazee.com case) |

➤ Intermediary (Bazee.com CEO) was held liable for obscene content sale
➤ Led to tighter intermediary liability framework
| MySpace Inc. v. Super Cassettes Industries Ltd., (2017) |
➤ Delhi HC held that intermediaries are not required to proactively
monitor every content
➤ Need specific notice before takedown
| Facebook v. Union of India |
➤ Challenge to traceability provision (under pending review)
➤ Raised concerns on end-to-end encryption and user privacy

🔷 VI. TYPES OF CONTENT THAT MAY ATTRACT LIABILITY

Content Type Applicable Law

Obscenity/Pornography Sec. 67, 67A, 67B – IT Act

Child Sexual Abuse Material (CSAM) Sec. 67B – IT Act

Cyber Law - Compiled Notes 77

 Defamation Sec. 500 IPC + Civil Law

Fake News/Hate Speech IPC Sec. 153A, 295A, 505

Copyright Infringement Copyright Act, 1957

Religious Insults/Blasphemy IPC Sec. 295A

Sedition/Threat to National Security IPC Sec. 124A + IT Act Sec. 69A

🔷 VII. EXAM-READY SUMMARY TABLE

Aspect Provision/Principle

Intermediary Definition Sec. 2(1)(w), IT Act

Safe Harbour Protection Sec. 79

Blocking Powers Sec. 69A

Proactive Monitoring? Not mandatory (MySpace Case)

Liability if No Action Taken Yes, if no compliance with notice under Rules 2021

Landmark Case Shreya Singhal v. UOI (2015)

📘MEDIA
IT (INTERMEDIARY GUIDELINES AND DIGITAL
ETHICS CODE) RULES, 2021
(Notified under Section 87(2) of the IT Act, 2000)

🔷 I. INTRODUCTION
These Rules were notified on 25 February 2021 by the Ministry of Electronics
and Information Technology (MeitY).

Aim: To regulate intermediaries, ensure due diligence, and establish a

framework for online news and digital content governance.

Divided into two parts:

1. Part I & II – Intermediary Guidelines (under Section 79 of the IT Act)

2. Part III – Code of Ethics for Digital Media (under Section 69A)

Cyber Law - Compiled Notes 78

 🔷 II. LEGAL AUTHORITY
Empowered under:

Section 69A – Blocking of public access to information

Section 79 – Safe harbour provision for intermediaries

Section 87(2)(z) & (zg) – Power to frame rules for intermediary obligations

🔷 III. DEFINITIONS
Term Meaning

Any entity that stores or transmits user data (includes ISPs,

Intermediary
social media, e-commerce) – Sec. 2(1)(w), IT Act

Significant Social Media Platforms with >50 lakh registered Indian users (e.g.,
Intermediary (SSMI) Facebook, WhatsApp, Twitter)

Digital Media Includes online news publishers and OTT platforms

🔷 IV. KEY FEATURES OF THE 2021 RULES

🔹 A. Duties of Intermediaries (Applicable to all)
1. Grievance Redressal Mechanism

Appointment of Grievance Officer

Resolution within 15 days

Officer must acknowledge within 24 hours

2. Content Takedown Protocol

Remove content within 36 hours of government or court order

Voluntary removal of content violating platform’s own terms

3. Prohibition on Certain Content

Intermediaries must not host, display or share content which is:

Obscene, pornographic, defamatory

Threatens unity, integrity, or sovereignty of India

Cyber Law - Compiled Notes 79

 Incites criminal offences

🔹 B. Additional Due Diligence for SSMIs

1. Chief Compliance Officer

Person liable for ensuring compliance with the Act and Rules

2. Nodal Contact Person

Available 24x7 for coordination with law enforcement agencies

3. Resident Grievance Officer

Indian resident who handles user complaints

4. Traceability Requirement (Rule 4(2))

Messaging platforms (e.g., WhatsApp) must identify the “first

originator” of messages linked to serious offences

5. Automated Content Monitoring

Platforms must deploy AI-based filtering tools to detect rape, child

pornography, and morphed content

🔹 C. Digital Media Ethics Code (Part III)

Applies to:

Online curated content providers (OTT platforms like Netflix, Amazon Prime)

Digital news publishers

Obligations:
1. Self-classification of content (U, 7+, 13+, 16+, A)

2. Parental locks and age verification for mature content

3. Code of Ethics to align with Indian constitutional values

4. Grievance redressal system in three tiers:

Level 1: Self-regulation by publishers

Level 2: Self-regulatory bodies (independent)

Cyber Law - Compiled Notes 80

 Level 3: Oversight by Inter-Departmental Committee (IDC) under MeitY

🔷 V. CHALLENGES AND CRITICISM

Concern Description

Traceability Rule (4(2)) weakens end-to-end encryption (WhatsApp

Right to Privacy
has challenged this in Delhi High Court)

Freedom of Vague takedown provisions may have chilling effect on free

Speech expression

Executive
Lack of judicial oversight in blocking directions (under Sec. 69A)
Overreach

Compliance obligations are stringent, especially for global firms

Burden on SSMIs
operating in India

🔷 VI. IMPORTANT CASES & DEVELOPMENTS

Case Outcome

Sec. 66A struck down; court clarified intermediaries are

Shreya Singhal v. UOI (2015)
liable only after judicial/government notice

WhatsApp v. Union of India

Challenges traceability requirement under Rule 4(2)
(Pending, 2021)

LiveLaw v. Union of India Challenged Part III of the Rules – alleged overreach in
(2021) regulating digital news media

🔷 VII. PENALTIES FOR NON-COMPLIANCE

Loss of safe harbour under Section 79, meaning intermediaries
become directly liable for third-party content.

May lead to civil and criminal action, including fines and imprisonment
under IT Act and IPC.

🔷 VIII. EXAM-READY TABLE

Topic Rule/Section

Cyber Law - Compiled Notes 81

 Grievance Redressal Rule 3

Duties of SSMIs Rule 4

Traceability Rule 4(2)

Blocking Power Sec. 69A, IT Act

Content Classification (OTT) Part III, Rule 9

Safe Harbour Loss On failure to comply with Rule 3 & 4

📘CYBERSPACE
INTELLECTUAL PROPERTY RIGHTS (IPR) ISSUES IN

🔷 I. INTRODUCTION
Intellectual Property (IP) refers to creations of the human mind—such as
inventions, literary works, artistic designs, symbols, names, and images.

In the cyberspace era, these IPs are increasingly digitized, distributed, and
accessed globally, creating new infringement risks, ownership issues,
and jurisdictional complexities.

The digital environment facilitates easy copying, transmission, and misuse of

intellectual property, especially without adequate legal or technological
safeguards.

🔷 II. TYPES OF IPR ISSUES IN CYBERSPACE

🔹 A. Copyright Infringement
Digital content (videos, music, e-books, code) is easily copied and shared
without authorization.

Common cyber-infringements:

Illegal movie/music downloads (piracy)

Unauthorized sharing on YouTube or torrent sites

Plagiarism of software, academic materials

Cyber Law - Compiled Notes 82

 Meme or content reposting without attribution

✅ Relevant Law:
Copyright Act, 1957 (as amended)

Sections 51–63 deal with infringement, criminal remedies, civil remedies.

🧾 Case: Super Cassettes Industries Ltd. v. MySpace

Delhi HC held that intermediaries may be liable if they don’t act upon specific
takedown notices.

🔹 B. Trademark Infringement & Passing Off

Unauthorized use of registered marks online:

In website titles, meta-tags, social media handles

In deceptive domain names

Leads to confusion among consumers and dilution of brand identity.

✅ Relevant Law:
Trademarks Act, 1999

Online protection through “passing off” remedy if unregistered

🧾 Case: Yahoo Inc. v. Akash Arora (1999)

Delhi HC restrained the defendant from using the domain name “Yahoo India” —
held as passing off and deceptive similarity.

🔹 C. Domain Name Disputes

Cybersquatting: Registering well-known brand names as domain names to
sell them for profit.

Reverse domain hijacking: Big entities harassing genuine domain owners

through legal threats.

✅ Remedies:
INDRP (India): .in domain disputes handled by NIXI

UDRP (global): Uniform Domain Name Dispute Resolution Policy under ICANN

Cyber Law - Compiled Notes 83

 🧾 Case: Tata Sons v. Arno Palmen
Tata won against cybersquatter using tatainfotech.com domain name.

🔹 D. Software Piracy
Use of unauthorized copies of software, or distributing software without
license.

Includes cracking, reverse engineering, or using pirated keys/activators.

✅ Copyright Act + IT Act Section 66 + IPC Sections 420, 468

🔹 E. Patent Issues in Digital Innovation
Software patents are contentious:

India does not permit software per se as patentable under Section 3(k) of
the Patents Act, 1970.

But software with technical effect or hardware integration may be

allowed.

🔹 F. IPR Issues in User-Generated Content & Social Media

Platforms like Instagram, YouTube, Facebook host vast amounts of user
content:

Copyright issues over background music, memes

Trademark misuse in sponsored ads or handles

Moral rights violations

✅ Platforms rely on Section 79 (safe harbour) if they comply with notice-and-

takedown mechanisms.

🔷 III. RELEVANT LEGISLATIONS IN INDIA

Statute Cyber IPR Relevance

Copyright Act, 1957 Digital piracy, software rights

Cyber Law - Compiled Notes 84

 Trademarks Act,
Cybersquatting, domain name misuse
1999

Patents Act, 1970 Software with technical application

Enforces offences like source code tampering (Sec. 65), hacking

IT Act, 2000
(Sec. 66), breach of confidentiality (Sec. 72)

Cinematograph Act,
Illegal streaming/uploading of films
1952

🔷 IV. INTERNATIONAL FRAMEWORK

Treaty Relevance

WIPO Copyright Treaty (WCT), 1996 Extends copyright protection to digital works

TRIPS Agreement Sets global minimum IPR protection standards

Berne Convention Protection of literary and artistic works

UDRP (ICANN) Resolves global domain name disputes

🔷 V. TECHNO-LEGAL CHALLENGES
Global jurisdiction issues

Difficulty in enforcing digital rights

Anonymous infringement

Balancing fair use and copyright

Fake IPR takedown claims (DMCA abuse)

🔷 VI. EXAM-READY SUMMARY TABLE

Issue Law Landmark Case

Copyright piracy Copyright Act MySpace v. Super Cassettes

Trademark misuse Trademarks Act Yahoo v. Akash Arora

Domain name INDRP/UDRP Tata Sons v. Arno Palmen

Software piracy Copyright Act + Sec. 66 IT Act NA

Patentability of software Patents Act – Sec. 3(k) NA

Cyber Law - Compiled Notes 85

Cyber Law - Compiled Notes 86