INTRODUCTION TO INFORMATION TECHNOLOGY ACT AND OFFENCES
The advent and advancement of technology is the beacon of globalization. By globalization, it is meant that India and the world at large have been shrunk into a global village where with the aid of technology, communication and transmission of ideas with ease is guaranteed as opposed to the traditional and archaic system of communication and dissemination of information.
Admitting that information technology has been misused greatly leading to the commission of various high profile crimes, however, its advantages are overwhelming.
With the overwhelming benefits of information technology, countries have arisen to the task of making the information technology system safer by enacting, amending and re-enacting laws to guarantee the same.
India in adapting the global trend of making information technology safer in order to advance the society enacted the Information Technology Act of 2000 which made provisions for the prohibition and criminalizing of any act(ion) which will about to an abuse of the information technology system.
OFFENCES UNDER THE INFORMATION TECHNOLOGY ACT OF 2000-
Offences simply refer to acts or action or omission which the law will punish. Therefore, this topic seeks to outline and discuss various offences as encapsulated under the Information Technology Act of 2000 and the applicable punishment to them. Information Technology or Cyber offences are unlawful acts perpetrated with the use of information technology which may take the following forms:
- The unauthorized access to computers,
- The unauthorized access to the database/cloud storage,
- The unauthorized collection of online log in details (Phishing),
- Electronic identity theft,
- Virus, malware or warm attacks (the famous Ransomware attack),
- Web jacking,
- Email bombing and business email compromise.
The above listed clearly does not constitute an offence until a law defines any or all of them to be an offence and stating the applicable punishment.
- Publication of obscene content on the internet.
- Gaining unauthorized access especially remotely in a computer system or electronic storage (Hacking).
- Unauthorized change with the computer source document.
For a person to be convicted for any of the abovementioned offences it must be proved by credible evidence that the alleged offender possessed both the mental and physical element of committing a crime i.e the Mens rea which means the mental element leading to the commission of a crime, and the actus reus which is the actual act or the action which is the physical aspect of an offence.
PUBLICATION OF OBSCENE CONTENT ON THE INTERNET
By Section 67 of the Information Technology Act, it is an offence to make a publication of any content which is obscene on the internet.
However, it must be proved that the alleged offender published, transmitted or caused to be published a pornographic content in an electronic form.
Where the above element is proved against the alleged offender and his failure to contend and disprove same will lead to his conviction to a term of imprisonment which extends up to five years for a first offender with a fine option of one (1) lakh Rupees. Upon second conviction a term of imprisonment up to ten years with a fine option of two (2) lakh Rupees.
In the case of the State of Tamil Nadu vs. Suhas Katti where the accused person made posts of obscene, defamatory and annoying message about a divorcee in an online group page message group.
The accused created another email account in the victim’s name from where he forwarded the vexatious and obscene emails to the victim. The posts led to numerous calls from people who knew the victim.
At the close of investigation which revealed that the accused was making such publications because the victim refused his love advances. The court convicted and sentenced the accused not only under Section 67 of the Information Technology Act but under offences under the India penal code.
GAINING UNAUTHORIZED ACCESS ESPECIALLY REMOTELY IN A COMPUTER SYSTEM OR ELECTRONIC STORAGE (HACKING)
Section 66 of the Information Technology Act, 2000:
- Any person with the intention to cause or knowingly or ought to likely know that he will cause a wrongful loss by doing anything which will occasion such loss or damage in the computer which he lacks the requisite authority to access commits the offence known as hacking.
- Any person who upon investigation and trial is found to have committed the offence known as hacking contrary to section 66 above shall be punished with imprisonment up to three (3) years, or with an option of a fine which may extend up to two lakh rupees, or with both.
For a person to be convicted for the offence of hacking the prosecution must satisfactorily prove the following essential ingredient of the offence:
- The intention or knowledge.
- The act of causing damage to either private or public records through an unauthorized means.
- The damage may not be complete but once the value of the information or the computer itself has diminished.
- The act must have occasioned injury on the computer or the information stored in it or the person or authorized that stored the information.
In the case of R v. Gold & Schifreen investigation and evidence at trial revealed that the accused gained access to the British telecom Prestel Gold computers networks file, the court held that such actions amount to dishonest trick and not a criminal offence.
In contrast with R. v. Gold above and in R v. Whiteley, the accused gained unauthorized access to the Joint Academic Network (JANET) where deleted and altered files and also changed the passwords to deny access to the authorized users.
Cases in India:
The official website of the government of Maharashtra was hacked by Hackers called Cool Al- Jazeera, and claimed to be a Saudi Arabia based hackers. This obviously is an offence as contemplated by the provision of Section 66 of the Information Technology Act, 2000.
The importation of Section 66 of the Information Technology Act does not target the protection of information but also to protect the integrity and security of computer resources from attacks by unauthorized persons, irrespective of what may be the intention of such person.
UNAUTHORIZED CHANGE WITH THE COMPUTER SOURCE DOCUMENT
The definition of a Computer source code or document is the listing of programs, program analysis of computer resource, prompts, and computer commands, and design and layout in any form. An offence under Section 65 of the Information Technology Act will accrue where a person without any lawful authority or excuse tampers with such computer source of programs.
At the conclusion of investigation and prosecution of the accused person, if convicted he shall be imprisoned for a term up to three (3) years with an option of fine to the tune of two lakh rupees or both.
For s prosecution to succeed in proof of this offence, the prosecution must be credible evidence before the court establish with regards a source code that the accused did any or all of the following:
- knowingly concealed,
- knowingly destroyed,
- knowingly altered,
- knowingly causing another person to alter,
- knowingly causing another person to conceal,
- knowingly causing another person to destroy.
This is provision particularly Section 65 is applicable in the Intellectual Property Right protection as it assists the companies to secure their source code and consequently seek legal redress where it is tampered with.
This is usually a non-bailable offence in India and tried by any magistrate.
In the case of Syed Asifuddin, the employees of the Tata Indicom were arrested by government officials for the manipulation of an electronic 32- bit number program. The program exclusively franchised to Reliance Infocom was added into cell phones for theft by the hackers.
The Court at the close of hearing of the case in view of the evidence proffered against the accused persons held that tampering with source code invokes Section 65 of the Information Technology Act and applied the punishment as provided.
The Act under Section 68 empowers the controller to give directives in other to ensure compliance with this Act.
Under this section, it provides for the offence and conviction of any person who fails to comply with the Controller’s order and directive. The punishment is a term of imprisonment for not less than three (3) years or an option of fine not exceeding two lakh rupees or to both.
Where the directive of the Controller is the interception or decryption of given information whoever fails to comply with this order shall be on conviction sentenced to seven years imprisonment.
The disobedience to the orders of the controller under sections 68 and 69 of the Act are non-bailable and cognizable offences.
By Section 70 of the Act, any person or government authorized on its behalf may declare any computer, computer system or computer network, to be a protected system. It is the only authorized person has the right to access to the protected system.
Where any person contravenes the order or restriction placed that person on conviction shall be sentenced to a term of ten (10) years and fine.
Under Section 71 of this Act, any misrepresentation by suppression of information pertaining to information technology which ought to be disclosed to a controller or any person authorized to Act on his behalf shall be punishable with imprisonment for a term which may extend to two (2) years, or a fine option of one (1) lakh rupees, or both.
By virtue of this Act under Section 72 any person working in order to give effect or in compliance with this Act is placed with the duty to treat any information gathered as confidential.
If such person breaches the duty of confidentiality as imposed on him by this Act, he will be punished on conviction with a term which may extend to two (2) years or a fine option one (1) lakh rupees or both.
Any fraudulent publication made under the circumstances envisaged in this Act is punishable with a term of imprisonment for two (2) years or with an option of a fine which extends to one (1) lakh rupees, or with both.
While investigating any of the offences discussed above, including the offences not highlighted herein.
It is worthy to state that the investigating authority which is principally the police is empowered to seize any device used in the commission of any offence under this Act, likewise where the court confiscates a device in this under this Act, such confiscation shall not be deemed as the sole punishment that will be meted to the accused person.
Offences bothering on the abuse of information technology are beyond what may be addressed with municipal laws. A closer look at the case of R v. Governor of Brixton prison & Anor. demonstrates the jurisdictional challenge which may be faced where the offence has its result in the shores of another country.
From the case discussed above, there was an illegal hacking of the Citibank’s cash management which led to the unauthorized transfer of funds. The funds were illegally transferred from the customers’ account to the hackers’ account.
The investigation revealed one Vladimir Levin and his accomplices as the hackers. Upon the arrest and extradition of Levin to the United States. The ‘place of origin’ of cybercrime raised a jurisdictional issue.
The Court held inter alia that the real-time nature of the communication link between Levin and Citibank computer demonstrates that Levin’s keystrokes were actually occurring on the Citibank computer as such the offence was committed in the United States and the origin of the offence shall not an operation to divest the court of the jurisdiction over the offence.
The overlapping and conflicting interest of states must be considered while resolving jurisdictional conflict in an offence of this nature as undue reliance on Jurisdiction by the origin of the offence will not only adversely affect the adjudication of the offence but a proper investigation which will inform whether the case will lead up to trial in court.