Part 1 of 6

IT Act 2000 & Amendments

🕑 90-120 minutes 📖 Essential Foundation 📋 Module 6
Introduction

Introduction to the IT Act 2000

The Information Technology Act, 2000 (IT Act) is India's primary legislation dealing with cybercrime and electronic commerce. Enacted on October 17, 2000, it was India's first law specifically addressing the legal framework for electronic transactions and cyber offenses.

📚 Learning Objectives

By the end of this part, you will be able to:

  • Understand the structure and scope of the IT Act 2000
  • Apply Section 43 civil liability provisions
  • Identify criminal offenses under Sections 65-67B
  • Explain the Section 66 series of offenses
  • Understand government powers under Section 69
  • Apply safe harbour provisions under Section 79

Historical Context

The IT Act 2000 was enacted based on the United Nations Model Law on Electronic Commerce (UNCITRAL Model Law) 1996. The Act was significantly amended in 2008 following the Mumbai terror attacks and the need for stronger cyber security provisions. The 2008 amendment introduced several new offenses and strengthened penalties.

Key Amendment Alert

Section 66A was struck down by the Supreme Court in Shreya Singhal v. Union of India (2015) as unconstitutional. Despite this, many police stations across India continued to register cases under this defunct section. As an investigator, you must be aware that Section 66A cannot be applied.

Section 43: Civil Liability

Section 43: Civil Liability for Computer-Related Damage

Section 43 provides for civil liability (compensation) for various computer-related wrongful acts. It does not provide for criminal punishment but allows victims to claim compensation up to Rs. 5 crores (prior to 2008 amendment, no upper limit currently).

Sec. 43

Penalty and Compensation for Damage to Computer System

If any person without permission of the owner or person in charge of the computer system:

  • 43(a) - Accesses or secures access to the computer system
  • 43(b) - Downloads, copies, or extracts any data or information
  • 43(c) - Introduces or causes introduction of computer contaminant/virus
  • 43(d) - Damages or causes damage to computer system, data, or database
  • 43(e) - Disrupts or causes disruption of computer system
  • 43(f) - Denies or causes denial of access to authorized person
  • 43(g) - Provides assistance to facilitate unauthorized access
  • 43(h) - Charges for services rendered to another person
  • 43(i) - Destroys, deletes, or alters information in a computer resource
  • 43(j) - Steals, conceals, destroys, or alters source code

Remedy: Compensation by way of damages not exceeding Rs. 5 crores to the person affected. Adjudicating Officer appointed under Section 46 decides such cases.

💡 Practical Application

Example: A disgruntled employee accesses the company server without authorization after resignation and deletes important client data. The company can file a complaint before the Adjudicating Officer under Section 43(d) and (i) for compensation.

Note: Section 43 is civil in nature. For criminal prosecution, Section 66 (dishonestly/fraudulently doing acts under 43) would apply.

Section 65-67B: Criminal Offenses

Sections 65-67B: Criminal Offenses

These sections define specific criminal offenses related to computer systems and electronic content.

Sec. 65

Tampering with Computer Source Documents

Whoever knowingly or intentionally conceals, destroys, or alters any computer source code (required to be kept by law) with intention to cause damage.

Computer Source Code includes programs, computer commands, design, layout, and any form containing computer instructions.

Imprisonment up to 3 years OR Fine up to Rs. 2 lakhs OR Both
Sec. 66

Computer Related Offenses

If any person, dishonestly or fraudulently, does any act referred to in Section 43, he shall be punishable.

Key Distinction: Section 43 = Civil liability; Section 66 = Criminal offense (requires dishonest or fraudulent intent).

Imprisonment up to 3 years OR Fine up to Rs. 5 lakhs OR Both
Sec. 67

Publishing or Transmitting Obscene Material

Publishing or transmitting in electronic form any material which is lascivious or appeals to the prurient interest, or if its effect tends to deprave and corrupt persons likely to access it.

First Conviction: Imprisonment up to 3 years + Fine up to Rs. 5 lakhs

Subsequent Conviction: Imprisonment up to 5 years + Fine up to Rs. 10 lakhs

Sec. 67A

Publishing Sexually Explicit Material

Publishing or transmitting material containing sexually explicit act or conduct in electronic form.

First Conviction: Imprisonment up to 5 years + Fine up to Rs. 10 lakhs

Subsequent Conviction: Imprisonment up to 7 years + Fine up to Rs. 10 lakhs

Sec. 67B

Child Pornography (CSAM)

Publishing, transmitting, creating, seeking, browsing, downloading, advertising, promoting, exchanging, or distributing material depicting children in sexually explicit act or conduct in electronic form.

Also covers: Cultivating, enticing, or inducing children to online relationships for sexually explicit acts; facilitating online abuse; recording children's own abuse.

First Conviction: Imprisonment up to 5 years + Fine up to Rs. 10 lakhs

Subsequent Conviction: Imprisonment up to 7 years + Fine up to Rs. 10 lakhs

🚨 POCSO Act Applicability

Cases involving child sexual abuse material (CSAM) should also be registered under the POCSO Act, 2012 which provides for more stringent punishments. POCSO is a special law and should be applied alongside IT Act.

Section 66 Series

The Section 66 Series: Specific Cyber Offenses

The 2008 amendment introduced several specific offenses under the Section 66 series to address emerging cyber crimes.

Section Offense Punishment
66A Sending offensive messages (STRUCK DOWN by Supreme Court in 2015) NOT APPLICABLE
66B Dishonestly receiving stolen computer resource or communication device Up to 3 years + Fine up to Rs. 1 lakh
66C Identity theft - Fraudulently using electronic signature, password, or unique identification Up to 3 years + Fine up to Rs. 1 lakh
66D Cheating by personation using computer resource Up to 3 years + Fine up to Rs. 1 lakh
66E Violation of privacy - Capturing, publishing, transmitting private images without consent Up to 3 years + Fine up to Rs. 2 lakhs
66F Cyber terrorism - Acts threatening unity, integrity, security, sovereignty of India Imprisonment for LIFE
Section 66A - Important Note for Investigators

Section 66A was declared unconstitutional in Shreya Singhal v. Union of India (2015) for violating Article 19(1)(a) - Freedom of Speech. The court found the section vague and overbroad.

Despite this, cases continue to be registered under 66A illegally. The Supreme Court in 2019 and 2021 directed all states to sensitize police about this. As an investigator, never apply Section 66A.

Alternative provisions: Use BNS/IPC provisions for criminal intimidation, defamation, or specific IT Act sections like 67 for obscene content.

Section 66C: Identity Theft - Detailed Analysis

Sec. 66C

Identity Theft

Elements of the Offense:

  1. Fraudulent or dishonest use
  2. Of electronic signature, password, or any other unique identification feature
  3. Of any other person

Common scenarios:

  • Using stolen login credentials
  • Creating fake social media profiles using someone's identity
  • Phishing attacks to steal passwords
  • Using stolen OTPs for financial transactions
  • Aadhaar-based identity fraud

Section 66F: Cyber Terrorism - The Most Serious Offense

Sec. 66F

Cyber Terrorism

Acts constituting cyber terrorism:

  1. With intent to threaten unity, integrity, security, or sovereignty of India, or to strike terror in the people:
    • Denial of access to authorized persons
    • Attempting to penetrate or access computer resources without authorization
    • Introducing computer contaminant
  2. Knowingly or intentionally causing (or likely to cause):
    • Death or injuries to persons
    • Damage/destruction of property
    • Disruption of essential supplies/services critical to life of community
    • Adversely affecting critical information infrastructure (CII)
  3. Knowingly or intentionally accessing restricted computer with intent to obtain information which can be used against India
LIFE IMPRISONMENT - Non-bailable, cognizable offense
Section 69: Government Powers

Section 69: Government Powers

Section 69 and its subsections provide the government with powers to intercept, monitor, decrypt, and block information for specified purposes. These powers must be exercised following prescribed procedures and safeguards.

Sec. 69

Power to Issue Directions for Interception or Monitoring

When applicable: If the Central or State Government is satisfied that it is necessary or expedient in the interest of:

  • Sovereignty or integrity of India
  • Defence of India
  • Security of the State
  • Friendly relations with foreign States
  • Public order
  • Prevention of incitement to commission of cognizable offenses
  • Investigation of any offense

Powers: Direct any agency to intercept, monitor, or decrypt any information generated, transmitted, received, or stored in any computer resource.

Subscriber/Intermediary Obligation: Must extend all facilities and technical assistance. Failure to comply: Imprisonment up to 7 years + fine.

Sec. 69A

Power to Issue Directions for Blocking Public Access

Government can direct any agency or intermediary to block public access to any information generated, transmitted, received, stored, or hosted in any computer resource.

Grounds: Same as Section 69.

Implementation: IT (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009.

Note: Blocking orders are confidential under the Rules. However, the Supreme Court in Anuradha Bhasin v. UoI (2020) held that indefinite internet shutdown/blocking is unconstitutional.

Sec. 69B

Power to Monitor and Collect Traffic Data

Government can authorize any agency to monitor and collect traffic data or information from any computer resource for cyber security purposes.

Traffic Data: Data relating to communication by means of computer system including origin, destination, route, time, date, size, duration, type of underlying service.

Authorized Agencies under Section 69

As per the 2018 notification, only 10 agencies are authorized for interception/monitoring:

  1. Intelligence Bureau (IB)
  2. Narcotics Control Bureau (NCB)
  3. Enforcement Directorate (ED)
  4. Central Board of Direct Taxes (CBDT)
  5. Directorate of Revenue Intelligence (DRI)
  6. Central Bureau of Investigation (CBI)
  7. National Investigation Agency (NIA)
  8. Cabinet Secretariat (RAW)
  9. Directorate of Signal Intelligence (for Jammu & Kashmir, North East, Assam)
  10. Commissioner of Police, Delhi
Section 79: Safe Harbour

Section 79: Safe Harbour for Intermediaries

Section 79 provides conditional immunity (safe harbour) to intermediaries for third-party content. This is crucial for understanding when platforms can be held liable and when they are protected.

Sec. 79

Exemption from Liability of Intermediary

Rule: An intermediary shall NOT be liable for any third-party information, data, or communication link made available or hosted by him.

Conditions for immunity:

  1. Function is limited to providing access to a communication system
  2. Does not initiate transmission, select receiver, or select/modify information
  3. Observes due diligence while discharging duties under the Act
  4. Observes guidelines prescribed by the Central Government (IT Rules, 2021)

Loss of immunity when:

  • Intermediary conspires, abets, aids, or induces the commission of the unlawful act
  • Upon receiving actual knowledge or on being notified by the government, fails to expeditiously remove or disable access to unlawful content
💡 Key Judicial Interpretation

Shreya Singhal v. UoI (2015): The Supreme Court clarified that "actual knowledge" under Section 79(3)(b) means knowledge through a court order - not mere receipt of a complaint or notice. This is crucial for determining when an intermediary loses safe harbour protection.

However: The IT (Intermediary Guidelines) Rules 2021 impose proactive due diligence requirements that may affect this interpretation in practice.

Who is an Intermediary?

Section 2(1)(w) defines "intermediary" broadly to include:

  • Telecom service providers
  • Network service providers
  • Internet service providers (ISPs)
  • Web-hosting service providers
  • Search engines
  • Online payment sites
  • Online auction sites
  • Online marketplaces
  • Cyber cafes
  • Social media platforms
Tool Reference
🔍

Section Finder Tool

Use our Section Finder tool to quickly locate the relevant section based on the type of cyber crime you're investigating. Enter the offense type and get the applicable IT Act, BNS, and BNSS sections instantly.

Open Section Finder

Punishment Calculator

Determine the applicable punishments, fines, and bail provisions for various cyber offenses. This tool helps you understand the sentencing framework for IT Act offenses.

Open Punishment Calculator
Key Takeaways
📚 Key Takeaways
  • Section 43 is civil (compensation up to Rs. 5 crores); Section 66 is criminal (requires dishonest/fraudulent intent)
  • Section 66A is dead law - struck down in 2015, never apply it
  • Section 66F (Cyber Terrorism) carries life imprisonment - the most severe punishment under IT Act
  • Section 69 powers require following proper procedure; only 10 agencies are authorized
  • Section 79 safe harbour protects intermediaries if they follow due diligence and respond to court orders/government notifications
  • For CSAM cases, always apply POCSO Act alongside Section 67B
  • IT Act provides framework, but BNS/BNSS/BSA 2023 now also address digital offenses (covered in Part 2)
Navigation
Back to Module Next: BNS/BNSS/BSA 2023