“Cyber” is a prefix used to describe a person, thing, or idea as part of the computer and information age. Taken from kybernetes, Greek word for “steersman” or “governor,” it was first used in cybernetics, a word coined by Norbert Wiener and his colleagues. The virtual world of internet is known as cyberspace and the laws governing this area are known as Cyber laws and all the netizens of this space come under the ambit of these laws as it carries a kind of universal jurisdiction. Cyber law can also be described as that branch of law that deals with legal issues related to use of inter-networked information technology. In short, cyber law is the law governing computers and the internet.

The growth of Electronic Commerce has propelled the need for vibrant and effective regulatory mechanisms which would further strengthen the legal infrastructure, so crucial to the success of Electronic Commerce. All these regulatory mechanisms and legal infrastructures come within the domain of Cyber law.

Cyber law is important because it touches almost all aspects of transactions and activities on and involving the internet, World Wide Web and cyberspace. Every action and reaction in cyberspace has some legal and cyber legal perspectives.

Cyber law encompasses laws relating to –

• Cyber crimes
• Electronic and digital signatures
• Intellectual property
• Data protection and privacy

The Internet is a global system of interconnected computer networks that use the standardized Internet Protocol Suite (TCP/IP). It is a network of networks that consists of millions of private and public, academic, business, and government networks of local to global scope that are linked by copper wires, fiber-optic cables, wireless connections, and other technologies. The Internet carries a vast array of information resources and services, most notably the inter-linked hypertext documents of the World Wide Web (WWW) and the infrastructure to support electronic mail, in addition to popular services such as online chat, file transfer and file sharing, online gaming, and Voice over Internet Protocol (VoIP) person-to-person communication via voice and video.

The origins of the Internet dates back to the 1960s when the United States funded research projects of its military agencies to build robust, fault-tolerant and distributed computer networks. This research and a period of civilian funding of a new U.S. backbone by the National Science Foundation spawned worldwide participation in the development of new networking technologies and led to the commercialization of an international network in the mid 1990s, and resulted in the following popularization of countless applications in virtually every aspect of modern human life.

The terms Internet and World Wide Web are often used in everyday speech without much distinction. However, the Internet and the World Wide Web are not one and the same. The Internet is a global data communications system. It is a hardware and software infrastructure that provides connectivity between computers. In contrast, the Web is one of the services communicated via the Internet. It is a collection of interconnected documents and other resources, linked by hyperlinks and Uniform Resource Locator [URLs].

The World Wide Web was invented in 1989 by the English physicist Tim Berners-Lee, now the Director of the World Wide Web Consortium, and later assisted by Robert Cailliau, a Belgian computer scientist, while both were working at CERN in Geneva, Switzerland. In 1990, they proposed building a “web of nodes” storing “hypertext pages” viewed by “browsers” on a network and released that web in December.

Overall Internet usage has seen tremendous growth. From 2000 to 2009, the number of Internet users globally rose from 394 million to 1.858 billion. By 2010, 22 percent of the world’s population had access to computers with 1 billion Google searches every day, 300 million Internet users reading blogs, and 2 billion videos viewed daily on YouTube.

After English (27%), the most requested languages on the World Wide Web are Chinese (23%), Spanish (8%), Japanese (5%), Portuguese and German (4% each), Arabic, French and Russian (3% each), and Korean (2%). By region, 42% of the world’s Internet users are based in Asia, 24% in Europe, 14% in North America, 10% in Latin America and the Caribbean taken together, 6% in Africa, 3% in the Middle East and 1% in Australia/Oceania.

In today’s techno-savvy environment, the world is becoming more and more digitally sophisticated and so are the crimes. Internet was initially developed as a research and information sharing tool and was in an unregulated manner. As the time passed by it became more transactional with e-business, e-commerce, e-governance and e-procurement etc. All legal issues related to internet crime are dealt with through cyber laws. As the number of internet users is on the rise, the need for cyber laws and their application has also gathered great momentum.

In today’s highly digitalized world, almost everyone is affected by cyber law. For example:

• Almost all transactions in shares are in demat form.
• Almost all companies extensively depend upon their computer networks and keep their valuable data in electronic form.
• Government forms including income tax returns, company law forms etc. are now filled in electronic form.
• Consumers are increasingly using credit cards for shopping.
• Most people are using email, cell phones and SMS messages for communication.
• Even in “non-cyber crime” cases, important evidence is found in computers / cell phones e.g. in cases of divorce, murder, kidnapping, tax evasion, organized crime, terrorist operations, counterfeit currency etc.
• Cyber crime cases such as online banking frauds, online share trading fraud, source code theft, credit card fraud, tax evasion, virus attacks, cyber sabotage, phishing attacks, email hijacking, denial of service, hacking, pornography etc are becoming common.
• Digital signatures and e-contracts are fast replacing conventional methods of transacting business.

Technology per se is never a disputed issue but for whom and at what cost has been the issue in the ambit of governance. The cyber revolution holds the promise of quickly reaching the masses as opposed to the earlier technologies, which had a trickledown effect. Such a promise and potential can only be realized with an appropriate legal regime based on a given socio-economic matrix.

• As per the cyber crime data maintained by the National Crime Records Bureau (NCRB), a total of 217, 288, 420 and 966 Cyber Crime cases were registered under the Information Technology Act, 2000 during 2007, 2008, 2009 and 2010 respectively. Also, a total of 328, 176, 276 and 356 cases were registered under Cyber Crime related Sections of Indian Penal Code (IPC) during 2007, 2008, 2009 and 2010 respectively. A total of 154, 178, 288 and 799 persons were arrested under Information Technology Act 2000 during 2007-2010. A total number of 429, 195, 263 and 294 persons were arrested under Cyber Crime related Sections of Indian Penal Code (IPC) during 2007-2010.

• As per 2011 NCRB figures, there were 1,791 cases registered under the IT Act during the year 2011 as compared to 966 cases during the previous year (2010) thereby reporting an increase of 85.4% in 2011 over 2010.

• Of this, 19.5% cases (349 out of 1,791 cases) were reported from Andhra Pradesh followed by Maharashtra (306), Kerala (227), Karnataka (151) and Rajasthan (122). And 46.1% (826 cases) of the total 1,791 cases registered under IT Act, 2000 were related to loss/damage to computer resource/utility reported under hacking with computer systems.

• According to NCRB, the police have recorded less than 5,000—only 4,829 cases and made fewer arrests (3,187) between 2007 and 2011, under both the Information Technology (IT) Act as well as the Indian Penal Code (IPC).

• And convictions remain in single digits, according to lawyers. Only 487 persons were arrested for committing such offences during the year 2011. There were 496 cases of obscene publications/transmission in electronic form during the year 2011 wherein 443 persons were arrested.

• Out of total 157 cases relating to hacking under Sec. 66(2), most of the cases (23 cases) were reported from Karnataka followed by Kerala (22 ) and Andhra Pradesh (20 cases). And 20.4% of the 1184 persons arrested in cases relating to IT Act, 2000 were from Andhra Pradesh (242) followed by Maharashtra (226).

• The age-wise profile of persons arrested in cyber crime cases under the IT Act, 2000 showed that 58.6% of the offenders were in the age group 18–30 years (695 out of 1184) and 31.7% of the offenders were in the age group 30-45 years (376 out of 1184). Madhya Pradesh (10), Maharashtra (4), Kerala (3) and Delhi (2) reported offenders whose age was below 18 years.

• Meanwhile, a total of 422 cases were registered under the Indian Penal Code or IPC Sections during the year 2011 as compared to 356 such cases during 2010 thereby reporting an increase of 18.5%. Maharashtra reported maximum number of such cases (87 out of 422 cases i.e. 20.6%) followed by Chhattisgarh 18.0% (76 cases) and Delhi 11.6% (49 Cases).

• Majority of the crimes out of total 422 cases registered under IPC fall under 2 categories–forgery (259) and Criminal Breach of Trust or fraud (118). Although such offences fall under the traditional IPC crimes, these cases had the cyber overtones wherein computer, Internet or its enabled services were present in the crime and hence they were categorised as Cyber Crimes under IPC.

• Crime head-wise and age-wise profile of the offenders arrested under Cyber Crimes (IPC) for the year 2011 reveals that offenders involved in forgery cases were more in the age-group of 18-30 (46.5%) (129 out of 277). 50.4% of the persons arrested under Criminal Breach of Trust/Cyber Fraud offences were in the age group 30-45 years (65 out of 129).

• Meanwhile 9 out of 88 mega cities did not report any case of cyber crime i.e., neither under the IT Act nor under IPC Sections during the year 2011.

• And 53 mega cities have reported 858 cases under IT Act and 200 cases under various sections of IPC. There was an increase of 147.3% (from 347 cases in 2009 to 858 cases in 2011) in cases under IT Act as compared to previous year (2010), and an increase of 33.3% (from 150 cases in 2010 to 200 cases in 2011) of cases registered under various sections of IPC.

• Bangalore (117), Vishakhapatnam (107), Pune (83), Jaipur (76), Hyderabad (67) and Delhi (City) (50) have reported high incidence of cases (500 out of 858 cases) registered under IT Act, accounting for more than half of the cases (58.3%) reported under the IT Act. Delhi City has reported the highest incidence (49 out of 200) of cases reported under IPC sections accounting for 24.5% followed by Mumbai (25 or 12.5%).

A major programme has been initiated on development of cyber forensics specifically cyber forensic tools, setting up of infrastructure for investigation and training of the users, particularly police and judicial officers in use of this tool to collect and analyze the digital evidence and present them in Court.

Indian Computer Emergency Response Team (CERT-In) and Centre for Development of Advanced Computing (CDAC) are involved in providing basic and advanced training of Law Enforcement Agencies, Forensic labs and judiciary on the procedures and methodology of collecting, analyzing and presenting digital evidence.

Cyber forensic training lab has been set up at Training Academy of Central Bureau of Investigation (CBI) to impart basic and advanced training in Cyber Forensics and Investigation of Cyber Crimes to Police Officers associated with CBI. In addition, Government has set up cyber forensic training and investigation labs in Kerala, Assam, Mizoram, Nagaland, Arunachal Pradesh, Tripura, Meghalaya, Manipur and Jammu & Kashmir.

In collaboration with Data Security Council of India (DSCI), NASSCOM, Cyber Forensic Labs have been set up at Mumbai, Bengaluru, Pune and Kolkata. DSCI has organized 112 training programmes on Cyber Crime Investigation and awareness and a total of 3680 Police officials, judiciary and Public prosecutors have been trained through these programmes.

Indian Computer Emergency Response Team (CERT-In) issues alerts, advisories and guidelines regarding cyber security threats and measures to be taken to prevent cyber incidents and enhance security of Information Technology systems.

“Access” with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network. (Sec.2(1)(a) of IT Act, 2000)

“Addressee” means a person who is intended by the originator to receive the electronic record but does not include any intermediary. (Sec.2(1)(b) of IT Act, 2000)

“Affixing Electronic Signature” with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of Electronic Signature. (Sec.2(1)(d) of IT Act, 2000)

“Asymmetric Crypto System” means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature. (Sec.2(1)(f) of IT Act, 2000)

“Certifying Authority” means a person who has been granted a license to issue a Electronic Signature Certificate under section 24. (Sec.2(1)(g) of IT Act, 2000)

“Communication Device” means Cell Phones, Personal Digital Assistance (Sic), or combination of both or any other device used to communicate, send or transmit any text, video, audio, or image. (Sec.2(1)(ha) of IT Act, 2000)

“Computer” means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network (Sec.2(1)(i) of IT Act, 2000)

“Computer Network” means the interconnection of one or more Computers or Computer systems or Communication device through-

1. the use of satellite, microwave, terrestrial line, wire, wireless or other communication media; and
2. terminals or a complex consisting of two or more interconnected computers or communication device whether or not the interconnection is continuously maintained. (Sec.2(1)(j) of IT Act, 2000)

“Computer Resource” means computer, communication device, computer system, computer network, data, computer database or software. (Sec.2(1)(k) of IT Act, 2000)

“Computer System” means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data, and output data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions. (Sec.2(1)(l) of IT Act, 2000)

“Cyber cafe” means any facility from where access to the Internet is offered by any person in the ordinary course of business to the members of the public. (Sec.2(1)(na) of IT Act, 2000)

“Cyber Security” means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction. (Sec.2(1)(nb) of IT Act, 2000)

1. “Data” means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer. (Sec.2(1)(o) of IT Act, 2000)
2. “Digital Signature” means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3. (Sec.2(1)(p) of IT Act, 2000)

“Electronic Form” with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device. (Sec.2(1)® of IT Act, 2000)

“Electronic Record” means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche. (Sec.2(1)(t) of IT Act, 2000)

“Electronic signature” means authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature. (Sec.2(1)(ta) of IT Act, 2000)

“Function”, in relation to a computer, includes logic, control, arithmetical process, deletion, storage and retrieval and communication or telecommunication from or within a computer. (Sec.2(1)(u) of IT Act, 2000)

“Information” includes data, message, text, images, sound, voice, codes, computer programmes, software and databases or micro film or computer generated micro fiche. (Sec.2(1)(v) of IT Act, 2000)

“Intermediary” with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes. (Sec.2(1)(w) of IT Act, 2000)

“Key Pair”, in an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key. (Sec.2(1)(x) of IT Act, 2000)

“Originator” means a person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary. (Sec.2(1)(za) of IT Act, 2000)

“Private Key” means the key of a key pair used to create a digital signature. (Sec.2(1)(zc) of IT Act, 2000)

“Public Key” means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate. (Sec.2(1)(zd) of IT Act, 2000)

“Secure System” means computer hardware, software, and procedure that -:

1. are reasonably secure from unauthorized access and misuse;
2. provide a reasonable level of reliability and correct operation;
3. are reasonably suited to performing the intended functions; and
4. adhere to generally accepted security procedures. (Sec.2(1)(ze) of IT Act, 2000)

“Subscriber” means a person in whose name the Electronic Signature Certificate is issued. (Sec.2(1)(zg) of IT Act, 2000)