Notes

on

Cyber Law & Ethics

(CE(OE)701C)

Bachelor of Technology in CE

4 Year - I Semester

Dr. Ranjan Kumar Mondal

Assistant Professor
Department of CSE

School of Computer Science and Engineering

SWAMI VIVEKANANDA UNIVERSITY

 Module 1

Introduction: Basics of Law, Understanding Cyber Space, Defining Cyber Laws, Scope and
Jurisprudence, Concept of Jurisdiction, Cyber Jurisdiction, Overview ofIndian Legal System,
Introduction to IT Act 2000, Amendments in IT Act, Cyber Laws of EU – USA – Australia - Britain,
other specific Cyber laws

Introduction to Cyber Law

1. Introduction: Basics of Law

A. What is Law?

Law is a system of rules that a society or government develops to regulate the actions of its members. It is
a set of principles and regulations established to maintain order, resolve disputes, and protect individual
rights.

● Key Functions of Law:

○ Order and Safety: It provides a framework for acceptable behavior and defines
consequences for violations.
○ Justice: It ensures fairness and provides a means to resolve conflicts.
○ Protection of Rights: It protects fundamental human rights, such as life, liberty, and property.
○ Governance: It establishes the structure and powers of the government.

B. Jurisprudence: The Philosophy of Law

Jurisprudence is the theory and philosophy of law. It seeks to answer fundamental questions about law,
such as "What is law?" and "What is the relationship between law and justice?" It helps us understand the
principles and concepts that underpin legal systems.

2. Understanding Cyberspace and Defining Cyber Laws

A. Understanding Cyberspace

Cyberspace is the virtual, interconnected digital environment where communication, data exchange, and
digital interactions take place. It is a notional, non-physical space created by the global network of
interconnected computer systems, telecommunications, and digital data.
 ● Key Characteristics of Cyberspace:
○ Borderless: It transcends physical and geographical boundaries.
○ Dynamic: It is constantly evolving with new technologies and platforms.
○ Anonymity (or Pseudonymity): It allows users to operate without revealing their true
identity.
○ Global Reach: Actions in one part of cyberspace can have effects worldwide.

B. Defining Cyber Law

Cyber Law (also known as Internet Law) is the body of law that governs cyberspace. It includes legal issues
related to the Internet, computers, and digital information. It is not a single, unified law but rather a
collection of statutes, regulations, and judicial precedents that address the unique challenges of the digital
world.

● Scope of Cyber Law:

○ Cybercrime: Hacking, data theft, cyber terrorism, online fraud, cyberstalking.
○ E-commerce: Digital contracts, electronic signatures, online transactions.
○ Intellectual Property: Copyright and trademark infringement in the digital space.
○ Data Protection and Privacy: Regulation of personal data collection, storage, and use.
○ Freedom of Speech: Balancing online expression with defamation and other legal limits.

3. Jurisdiction in the Cyber World

A. Concept of Jurisdiction

In traditional law, jurisdiction refers to a court's or legal body's authority to hear a case. It is typically
determined by:

● Territorial Jurisdiction: The crime or dispute occurred within the court's physical boundaries.
● Personal Jurisdiction: The court has power over the individual or entity involved.
● Subject-Matter Jurisdiction: The court has the authority to hear a particular type of case (e.g.,
criminal, civil).

B. Cyber Jurisdiction

The borderless nature of cyberspace makes traditional jurisdiction concepts difficult to apply. A crime
committed from one country can affect victims in many others. This has led to the development of new
principles for cyber jurisdiction.

● Types of Cyber Jurisdiction:

○ The "Effects" Test: A court has jurisdiction if a foreign defendant's actions in cyberspace
had a significant negative effect within the court's territory.
 ○ The "Zippo" Test (Sliding-Scale): This test determines jurisdiction based on the level of
interactivity of a website with the forum state.
■ Active Website: A business actively conducting transactions and contracts with
residents of the forum state. Jurisdiction is generally found.
■ Passive Website: A website that simply posts information. Jurisdiction is generally
not found.
■ Interactive Website: A site that falls in between, where jurisdiction is determined on
a case-by-case basis.
○ The "Targeting" Test: This test focuses on whether the defendant intentionally directed their
online activities at residents of the forum state.

4. Overview of the Indian Legal System and IT Act 2000

A. Indian Legal System Overview

India follows a common law system, largely inherited from the British. The legal framework is based on
the Constitution of India, and consists of a hierarchical court structure:

● Supreme Court (Apex Court)

● High Courts (State Level)
● Subordinate Courts (District Level)
Cyber laws in India primarily operate within this framework.

B. Introduction to the Information Technology Act, 2000

The Information Technology Act, 2000 (IT Act) is the primary law governing electronic commerce,
digital transactions, and cybercrime in India. Its main objectives were:

● To provide legal recognition for electronic records and digital signatures.

● To facilitate electronic governance and e-commerce.
● To define and penalize various cybercrimes.

C. Amendments in the IT Act

The IT Act has been amended to keep pace with technological advancements. The most significant
amendment was the Information Technology (Amendment) Act, 2008.

● Key Changes in the 2008 Amendment:

○ Section 66A: Introduced a controversial provision for punishing the sending of "offensive
messages" through a computer or communication device. This section was later struck down
by the Supreme Court in Shreya Singhal v. Union of India (2015) as it was deemed to be
vague and in violation of the right to freedom of speech.
 ○ Expanded Cybercrime Definitions: Broadened the scope of cybercrimes to include identity
theft, cyberterrorism, and voyeurism.
○ Introduction of "Electronic Signature": The term "digital signature" was replaced with
"electronic signature" to accommodate newer technologies.
○ Enhanced Intermediary Liability: Increased the responsibilities of online intermediaries
(like social media platforms and ISPs) for content hosted on their platforms.

5. Cyber Laws of Other Nations

A. European Union (EU)

The EU's cyber legal framework is comprehensive and often serves as a global benchmark.

● General Data Protection Regulation (GDPR): A landmark law on data privacy and protection for
all individuals within the EU. It gives individuals control over their personal data and imposes strict
rules on how organizations collect, process, and store it.
● Network and Information Security (NIS) Directive: A directive aimed at improving cybersecurity
across the EU, requiring member states to adopt a national strategy and requiring operators of
essential services to take security measures and report incidents.

B. USA

The United States has a combination of federal and state laws governing cyberspace.

● Computer Fraud and Abuse Act (CFAA): A federal law that prohibits unauthorized access to
protected computer systems.
● Digital Millennium Copyright Act (DMCA): A law that addresses copyright infringement in the
digital age and provides safe harbors for online service providers.
● Identity Theft and Assumption Deterrence Act: A federal law that makes identity theft a crime.

C. Australia

Australia has also developed specific laws to address cyber issues.

● Spam Act 2003: Regulates the sending of commercial electronic messages.

● Privacy Act 1988: Includes the Australian Privacy Principles (APPs) that govern the handling of
personal information.

D. Britain (UK)

The UK's legal framework is distinct from the EU but has significant overlaps due to its past membership.
 ● Online Safety Act: Aims to combat harmful content on the internet, imposing a "duty of care" on
social media companies and other online services to protect users.
● Computer Misuse Act 1990: A key piece of legislation that criminalizes unauthorized access to
computer material, with or without intent to commit further offenses.

6. Other Specific Cyber Laws

Beyond national laws, several international conventions and frameworks exist to promote cooperation in
combating cybercrime.

● The Budapest Convention on Cybercrime (Council of Europe): The first international treaty
seeking to harmonize national laws on cybercrime, improve investigative techniques, and increase
cooperation among nations.
● WIPO Copyright Treaty (WCT): A treaty that addresses the protection of authors' rights in the
digital environment.
MCQ

Q: Which of the following is not a type of cybercrime?

A) Data theft
B) Forgery
C) Damage to data and systems
D) Installing antivirus for protection

Q: What is the name of the IT law that India enacted?

A) India’s Technology (IT) Act, 2000
B) India’s Digital Information Technology (DIT) Act, 2000
C) India’s Information Technology (IT) Act, 2000
D) The Technology Act, 2008

Q: When did India's IT Act, 2000 come into effect?

A) 17 Oct 2000
B) 1 Jan 2001
C) 11 Jun 2000
D) 24 Dec 2002

Q: Which section of the IT Act defines “hacking”?

A) 65
B) 66
C) 69
D) 72

Q: Which chapter of Cyber Law provides legal recognition to digital signatures?

A) Chapter III
B) Chapter IV
C) Chapter IX
D) Chapter IX and X

Q: Which section deals with tampering with computer source code?

A) 65
B) 66
C) 72
D) 67

Q: Which section covers publishing obscene content electronically?

A) 66
B) 70
C) 67
D) 68

Q: Under Section 72, what is the maximum punishment for breach of confidentiality and privacy?
A) 3 years & ₹2 lakh fine
B) 2 years & ₹1 lakh fine
C) 5 years & ₹5 lakh fine
D) Only civil penalty

Q: What is a valid defence under Sections 67, 67A, and 67B?

A) The act was committed from a foreign location
B) The content was published in interest of art or science
C) The accused was unaware of the content
D) The material was kept in personal storage

Q: Under Section 78, who can investigate offences under the IT Act?
A) Any head constable
B) Magistrate only
C) Police officer not below the rank of Inspector
D) CID officer only

Q: Which section of the IT Act provides for compounding of contraventions?

A) 62
B) 49
C) 88
D) 63

Q: Who adjudicates cyber contraventions under the IT Act?

A) Cyber Appellate Tribunal
B) High Court
C) Supreme Court
D) Adjudicating Officer

Q: Which section was struck down in Shreya Singhal v. Union of India (2015)?
A) 66C
B) 66A
C) 66B
D) 67B

Case Highlight: In Suhas Katti v. Tamil Nadu (2004), the first conviction under Section 67 (obscene
electronic content) was secured. It also validated use of Section 65B of the Evidence Act for electronic
documents.
Q: When was the IT Act, 2000 significantly amended, introducing Sections 66A-66F, pornography,
cyber terrorism provisions, and decryption powers?
A) 2007
B) 2008/2009
C) 2010
D) 2012
Answer: Amended in 2008, passed by Parliament in December 2008, signed into law in February 2009
Short Question and Answers
1. Define 'cyber-law' and 'cyber-space'. How do they relate? (5 Marks)
Cyber-law refers to the body of legal norms governing conduct, transactions, and issues within cyber-
space—a realm encompassing computers, networks, software, data storage, the internet, emails, mobile
devices, ATMs, and more. While cyber-space denotes the digital environment where electronic
interactions occur, cyber-law serves as the regulatory framework ensuring legality, security, and
enforceability of activities within this space.
2. Explain the concept of 'jurisdiction' in cyber-law and outline the challenges it poses. (5 Marks)
Jurisdiction traditionally depends on geographic boundaries, such as where the defendant resides or the
crime occurred. However, cyber-space erases these boundaries, making jurisdiction complex—multiple
countries' laws may apply simultaneously to a single online act. Jurisdictional issues in cyberspace
include determining applicable law, resolving conflicts between laws of different countries, enforcing
cross-border judgments, and combating anonymity.
3. Present the objectives and key provisions of the IT Act, 2000. (5 Marks)
The Information Technology Act, 2000 aims to legalize electronic transactions, ensure admissibility of
electronic records and digital signatures, and facilitate e-filing with government agencies. It also amends
existing statutes like the Indian Penal Code, Evidence Act, Banker’s Books Evidence Act, and RBI Act to
integrate electronic governance. Key provisions include establishing the Controller of Certifying
Authorities, legal recognition of digital signatures, creating the Cyber Appellate Tribunal, and defining
cyber offences for punishment.
4. Discuss the major amendments introduced by the IT (Amendment) Act, 2008. (5 Marks)
The 2008 Amendment introduced several critical changes:
Additional offences under Section 66A to 66F, covering “offensive messages” (66A), decryption powers
for authorities (69), cyber terrorism (66F), voyeurism (66E), and child pornography (67A) among others.
Expanded scope of penalties including life imprisonment for cyber-terrorism.
Strengthened e-commerce infrastructure, added regulatory controls, and brought in new procedural
safeguards for interception, monitoring, and blocking.
5. Explain the significance of Suhas Katti v. Tamil Nadu (2004) in the context of cyber-law
enforcement in India. (5 Marks)

In Suhas Katti v. Tamil Nadu (2004), the court convicted the accused under Section 67 of the IT Act,
2000 for publishing obscene material via emails. The case was landmark because it:
Marked the first conviction under Section 67 in India.
Validated the admissibility of electronic evidence under Section 65B of the Indian Evidence Act, even
when provided by a private techno-legal consultant (not a government lab)
Established an important precedent for handling electronic evidence and liability of intermediaries like
cyber cafés.
6. Compare cyber-law approaches of India with one other jurisdiction (e.g., EU or UK). (5 Marks)
India: Governed primarily by the IT Act, 2000 and its 2008 amendments; addresses digital commerce,
cyber-offences, digital signatures; features intermediary regulations and enforcement mechanisms
United Kingdom: Regulated under the Computer Misuse Act, 1990, which focuses on unauthorized
access and cyber-offences. However, cyber-security professionals express concern over outdated
provisions hampering legitimate defensive actions
Thus, while India emphasizes digital governance and broad e-commerce regulation, the UK’s approach is
more offence-centric, though both face challenges adapting to evolving cyber threats.