notes-shivam

Unit 3 - Cyber Law

4 min read

Cyber Law

  1. Cyber Law in India refers to the legal framework that governs activities involving the internet, computers, digital communications, and data.
  2. It is primarily enforced through the Information Technology Act, 2000 (IT Act, 2000), along with other relevant laws from the Indian Penal Code and various sector-specific regulation

1. Remedial and Mitigation Measures – Legal Perspective of Cyber Crime

Remedial Measures

Legal remedies available to victims of cyber crime:

  • Filing FIR: Victims can file complaints at local police stations or dedicated cyber crime cells.

  • Online Reporting: Cyber Crime Reporting Portal (www.cybercrime.gov.in) for complaints, especially related to women and children.

  • Civil Remedies: Compensation under Section 43 and 66 of IT Act (e.g., unauthorized access, data theft).

  • Injunctions: Victims may seek court orders to prevent further harm (e.g., takedown orders for defamatory content).

  • Defamation or Tort Claims: In cases of online defamation, defamation lawsuits under IPC or civil law.

Mitigation Measures

  • Incident Response Plans: Organizations should develop policies for breach management.
  • Digital Forensics: Identifying source and preserving evidence.
  • Awareness Campaigns: Training for users on social engineering, phishing, etc.
  • Encryption & Authentication: Mandatory for sensitive systems.
  • Regular Audits & Compliance: Ensuring systems follow IT Act and data protection laws.

2. Information Technology Act 2000 and Its Amendments

Overview of IT Act, 2000

India’s first legislation for legal recognition of electronic commerce and cyber crimes.

Key features:

  • Validates electronic contracts and digital signatures
  • Recognizes electronic records
  • Defines penalties and offences related to cyber crime

Amendments

IT Amendment Act, 2008

  • Introduced Section 66A-F, making cyber crime a punishable offense
  • Introduced digital evidence and data retention policies
  • Expanded government powers for surveillance and decryption
  • Recognized cyber terrorism as a major threat (Sec 66F)

3. Cyber Crime and Offences

Cyber offences are punishable under IT Act 2000 and IPC (Indian Penal Code). Examples:

TypeDescriptionRelevant Law
HackingUnauthorized access to computer/networkSec 66, IT Act
Identity TheftUse of someone’s personal info for fraudSec 66C, IT Act
Cyber TerrorismAttacks on critical infrastructureSec 66F, IT Act
Cyber DefamationPublishing defamatory contentSec 499, IPC
Online HarassmentStalking, threats via internetSec 354D, IPC + IT Act
Phishing/Online FraudDeceptive emails/websites to steal dataSec 420, IPC + Sec 66D
Obscene ContentCirculating adult content without consentSec 67, IT Act
Child PornographyPossession/distribution of child sexual materialPOCSO Act + Sec 67B, IT Act

4. Organizations Dealing with Cyber Crime in India

Government Bodies

  • CERT-In (Indian Computer Emergency Response Team):
    National nodal agency for handling cybersecurity threats.

  • NCIIPC (National Critical Information Infrastructure Protection Centre):
    Protects critical infrastructure like banking, power grids, etc.

  • Cyber Crime Cells:
    Set up in major cities under state police for cyber investigations.

  • National Cyber Coordination Centre (NCCC):
    Monitors internet traffic for potential threats and coordinates response.

  • C-DAC (Centre for Development of Advanced Computing):
    Develops cyber security tools and training programs.

Law Enforcement Training & Research

  • Cyber Forensics Labs under MHA
  • National Police Academy and CBI Academy: Cyber crime training
  • Digital Crime Units of private entities (like Microsoft, Google

5. Cyber Security in India

Current Framework

  • Governed by IT Act 2000, National Cyber Security Policy (NCSP) 2013, and sector-specific regulations (like RBI for banks).

Key Components

  • Data Protection: Pending Digital Personal Data Protection Act, 2023
  • Cyber Hygiene Campaigns: Awareness for public safety
  • Public-Private Partnerships: With IT companies and ethical hackers
  • Indigenous Cyber Tools: Like Trinetra (malware detection)

Challenges

  • Low cyber literacy
  • Insufficient law enforcement capacity
  • Rising ransomware and phishing attacks
  • Data breaches in telecom, e-commerce, and government

Future Plans

  • Cyber Swachhta Kendra: Botnet cleaning and malware analysis
  • Digital India Security Infrastructure
  • Upcoming National Cyber Security Strategy 2024

6. Case Studies

Case 1: Sony Pictures Hack (2014)

  • Type: Cyber terrorist
  • Details: Hacked by “Guardians of Peace” (allegedly North Korea), leak of confidential files.
  • Lesson: Need for strong encryption, threat modeling, and international cooperation.

Case 2: Aadhaar Data Leak (India, 2018)

  • Type: Data breach
  • Details: Millions of Aadhaar records were accessible online through API misconfiguration.
  • Lesson: Importance of data localization, API security, and regular audits.

Case 3: Wannacry Ransomware (2017)

  • Type: Ransomware attack
  • Impact: Affected over 150 countries, caused losses in healthhcare, finance.
  • Lesson: Keep systems updated; patch management is critical.

Case 4: Bharti Airtel Data Leak (2020)

  • Type: Vulnerability exploitation
  • Details: API flaw exposed 300M+ users’ data.
  • Lesson: API security, timely vulnerability scanning

Case 5: The Mumbai Power Grid Attack (2020)

  • Type: Cyber warfare
  • Details: Suspected Chinese cyber unit allegedly caused a blackout via malware.
  • Lesson: Importance of securing critical infrastructure and real-time threat detection.

Graph View

Backlinks