CHAPTER XI: OFFENCES

65. Tampering with computer source documents

Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the being time in force, shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

Explanation.- For the Purpose of this section, "computer source code" means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.

66. Hacking with computer system

(1) Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking.

(2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

66 Hacking with Computer System Computer related offenses:

 a)     If any person, dishonestly or fraudulently,  without permission of the owner or of any other person who is incharge of a computer resource

(i) accesses or secures access to such computer resource;

(ii)      downloads, copies or extracts any data, computer data base or information from such computer

resource including information or data held or stored in any removable storage medium;

(iii)       denies or causes the denial of access to any person authorised to access any computer resource;

he shall be punishable with imprisonment upto one year or a fine which may extend up to two lacs or with both;

 (b) If any person, dishonestly or fraudulently,  without permission of the owner or of any other person who is incharge of a computer resource

(i) introduces or causes to be introduced any computer contaminant or computer virus into any computer resource;

(ii)   disrupts or causes disruption or impairment of electronic resource;

(iii)    charges the services availed of by a person to the account of another person by tampering with or manipulating any computer resource;

(iv)   provides any assistance to any person to facilitate access to a computer resource in contravention of the provisions of this Act, rules or regulations made thereunder;

(v)    damages or causes to be damaged any computer resource, date, computer databse, or other programmes residing in such computer resource;

 he shall be punishable with imprisonment upto two years or a fine which may extend up to five lacs or with both;

 Explanation: For the purposes of this section-

 a.       ‘Dishonestly’ – Whoever does anything with the intention of causing wrongful gain to one person, wrongful loss or harm to another person, is said to do this thing dishonestly”.

b.       ‘Fraudulently’ – A person is said to do a thing fraudulently if he does that thing with intent to defraud but not otherwise.

c.       “Without the permission of the owner” shall include access to information that exceeds the level of authorized permission to access.

 67. Publishing  in electronic form of information which is obscene in electronic form16AA

(1)   Save as provided in this Act under Section 79 which exempts intermediaries from liability in certain cases, whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to five two years and with fine which may extend to one five lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten five years and also with fine which may extend to ten lakh rupees. 

(2)      Whoever intentionally and knowingly publishes or transmits through electronic form any material which relates to child pornography, shall be punished with imprisonment for a term not less than three years and with a fine which may extend to ten lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees. 

 Explanation: - For the purposes of this section “child pornography” means material that features a child engaged in sexually explicit conduct.

 Exception – This sub-section (1) does not extent to –

 (a)     any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic form –

 (i)      the publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper, writing, drawing, painting, representation or figure is in the interest of science, literature, art or learning or other objects of general concern, or

(ii)      which is kept or used bon fide for religious purposes;

 68. Power of Controller to give directions

(1) The Controller may, by order, direct a Certifying Authority or any employee of such Authority to take such measures or cease carrying on such activities as specified in the order if those are necessary to ensure compliance with the provisions of this Act, rules or any regulations made thereunder.

(2) Any person who
intentionally or knowingly fails to comply with any order under sub-section (1) shall be guilty of an offence and shall be liable on conviction to imprisonment for a term not exceeding three years or to a fine not exceeding two lakh rupees or to both.

68A.  Encryption and other technologies for security of  data19A

The Central Government may, for secure use of the electronic medium and for promotion of e-governance and e-commerce by rules provide for one or more modes or methods for encryption.

 69.Directions of Controller to a subscriber to extend facilitates to decrypt information 19B

(1) If the Controller is satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence; for reasons to be recorded in writing, by order, direct any agency of the Government to intercept any information transmitted through any computer resource.

(2) The subscriber or any person incharge of the computer resource shall, when called upon by any agency which has been directed under sub-section (1), extend all facilities and technical assistance to decrypt the information.

(3) The subscriber or any person who fails to assist the agency referred to in sub-section (2) shall be punished with an imprisonment for a term which may extend to seven years

69. Power to issue directions for interception or monitoring or decryption of any information through any computer resource19B

 (1) If the Controller Central Government is satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence, it may subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the government to intercept or decrypt or cause to be monitored any information transmitted through any computer resource.

(2) The Central Government shall prescribe safeguards subject to which such interceptions or monitoring may be done.

(2) (3) The subscriber or any person in-charge of the computer resource shall, when called upon by any agency which has been directed under sub-section (1), extend all facilities and technical assistance

a. to decrypt the information; or

b. provide access to the computer resource containing such information

(3) (4) The subscriber or any person who fails to assist the agency referred to in sub-section (2) (3) shall be punished with an imprisonment for a term which may extend to seven years.

R570. Protected system

(1) The appropriate Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system.

(2) The appropriate Government may, by order in writing, authorise the persons who are authorised to access protected systems notified under sub-section (1).

(3) Any person who secures access or attempts to secure access to a protected system in contravention of the provision of this section shall be punished with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine.

71. Penalty for misrepresentation

(1) Whoever
intentionally makes any misrepresentation to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any license or DigitalElectronic19C Signature Certificate, as the case may be, shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

72. Penalty for Breach of confidentiality and privacy

(1)   Save as otherwise provided in this Act or any other law for the time being in force, any person who, in pursuance of any of the powers conferred under this Act, rules or regulations made thereunder, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned intentionally discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend upto two years, or with fine which may extend to one five lakh rupees, or with both.

(2) Save as otherwise provided under this Act, if any intermediary who by virtue of any subscriber availing his services has secured access to any material or other information relating to such subscriber, discloses such information or material to any other person, without the consent of such subscriber and with intent to cause injury to him, such intermediary shall be liable to pay damages by way of compensation not exceeding Rs. 25 lakhs to the subscriber so affected.;72-2

(3)      Whoever intentionally captures or broadcasts an image of a private area of an individual without his consent, and knowingly does so under circumstances violating the privacy of that individual, shall be liable to pay compensation not exceeding Rs. 25 lakhs to the person so affected, and shall also be liable for imprisonment for a term not exceeding one year or with fine not exceeding Rs 2 Lakhs, or with both on the complaint of the person so affected.

(4)     No court shall take cognizance of any offense punishable under sub-section (3) except upon a complaint filed by the aggrieved person in writing before a Magistrate

 Explanation: For the purpose of this section

  (a)   “capture” with respect to an image, means to videotape, photograph, film, record by any means;

 (b)   “broadcast” means to electronically transmit a visual image with the intent that it be viewed by a person or persons;

(c)   “a private area of the individual” means the naked or undergarment clad genitals, pubic area, buttocks, or female breast of that individual;

(d)   “female breast” means any portion of the female breast below the top of the areola; and

 (e)   “under circumstances violating the privacy of that individual” means –

(i)   circumstances in which a reasonable person would believe that he or she could disrobe in privacy, without being concerned that an image of a private area of the individual was being captured; or

(ii)    circumstances in which a reasonable person would believe that a private area of the individual would not  be visible to the public, regardless of whether that person is in a public or private place.

 (f)     “Intermediary” as defined in Section 79;

 (g)   Injury as defined in IPC.

 73. Penalty for publishing DigitalElectronic21A Signature Certificate false in certain particulars

 (1) No person shall publish an DigitalElectronic 21ASignature Certificate or otherwise make it available to any other person with the knowledge that-

(a) the Certifying Authority listed in the certificate has not issued it; or 

(b) the subscriber listed in the certificate has not accepted it; or

(c) the certificate has been revoked or suspended,

unless such publication is for the purpose of verifying an digitalelectronic
21A signature created prior to such suspension or revocation.

(2) Any person who contravenes the provisions of sub-section (1) shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

74. Publication for fraudulent purpose
Whoever knowingly creates, publishes or otherwise makes available an DigitalElectronic
21A Signature Certificate for any fraudulent or unlawful purpose shall be punished with imprisonment for a term which may extend to two years, or with fine which extend to one lakh rupees, or with both.

75. Act to apply for offence or contravention committed outside India
(1) Subject to the provisions of sub-section (2), the provisions of this Act shall apply also to any offence or contravention committed outside India by any person irrespective of his nationality.

(2) For the purposes of sub-section (1), this Act shall apply to an offence or contravention committed outside India by any person if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India. 

76.Confiscation
Any computer, computer system, floppies, compact disks, tape drives or any other accessories related thereto, in respect of which any provisions of this Act, rules, orders or regulations made thereunder has been or is being contravened, shall be liable to confiscation

Provided that where it is established to the satisfaction of the court adjudicating the confiscation that the person in whose possession, power or control of any such computer, computer system, floppies, compact disks, tape drives or any other accessories relating thereto is found is not responsible for the contravention of the provisions of this Act, rules, orders or regulations made thereunder, the court may, instead of making an order for confiscation of such computer, computer system, floppies, compact disks, tape drives or any other accessories related thereto, make such other order authorised by this Act against the person contravening of the provisions of this Act, rules, orders or regulations made thereunder as it may think fit.

77. Penalties or confiscation not to interfere with other punishments
No penalty imposed or confiscation made under this Act shall prevent the imposition of any other punishment to which the person affected thereby is liable under any other law for the time being in force.

78. Power to investigate offences

Notwithstanding anything contained in the Code of Criminal Procedure, 1973, a police officer not below the rank of Deputy Superintendent of Police shall investigate any offence under this Act.


CHAPTER XIA

EXAMINER OF ELECTRONIC EVIDENCE21C

78A.  Central Government to notify Examiner of  Electronic Evidence

The Central Government may, for the purposes of providing expert opinion on electronic form evidence before any court or other authority notify any Department, Body or Agency of the Central or the State Government or any suitably qualified expert as an Examiner of Electronic  Evidence. The procedures and conditions for the notification of such examiner shall be as prescribed by the Central Government.

Explanation:  For the purposes of this section “Electronic Evidence” means any information of probative value that is either stored or transmitted in electronic form and includes computer evidence, digital audio, digital video, cell phones, digital fax machines etc

16AA This option is formulated keeping in view the culture sensitiveness of our society.

19A Section 68A is added for providing one or more modes and methods for encryption.

19B Entire section is amended in respect of power to issue directions for interception or monitoring or decryption of any information through any computer resource.( Earlier this power was only with the Controller).

R5 Amended vide order no. 2(8)/2000-Pers.I  dated September 12, 2002

19C . In this clause and in number of other places the term “ Digital” has been changed to “Electronic”  to enable the Act to be technology neutral

72-2 Section 72(2) has been added to protect the privacy of the individual subscribers.

21A . In this clause and in number of other places the term “ Digital” has been changed to “Electronic”  to enable the Act to be technology neutral

21C New section 78A as suggested by Dr. Vishwanathan Follow-up committee has been incorporated with minor changes.