Module 1: Foundations of Cyber Law Practice

The IT Act 2000 was enacted based on the UNCITRAL Model Law to provide legal recognition to electronic records and digital signatures, facilitating e-commerce and e-governance.

The IT Amendment Act, 2008 introduced several new provisions including Section 66A (offensive messages), which was later struck down by the Supreme Court in Shreya Singhal (2015).

BNS 2023 replaces the Indian Penal Code, 1860. BNSS replaces CrPC, and BSA replaces the Indian Evidence Act.

BNSS S.176(3) mandates forensic expert visit to crime scene for offences punishable with 7 years or more. This is a game-changer for cyber cases.

Section 63 BSA (successor to S.65B Evidence Act) governs the admissibility of electronic records and requires a certificate for secondary electronic evidence.

The 9-judge bench in K.S. Puttaswamy (2017) unanimously held that privacy is a fundamental right protected under Article 21 (Right to Life and Personal Liberty).

Section 66A was struck down for being vague and overbroad, using undefined terms like "grossly offensive" and "menacing," thereby having a chilling effect on free speech under Article 19(1)(a).

The Puttaswamy proportionality test requires: (1) Legality — backed by law; (2) Legitimate aim — necessary for a valid state objective; (3) Proportionality — means proportionate to the objective.

Article 19(1)(a) guarantees freedom of speech and expression to all citizens. This right extends to online speech and was central to the Shreya Singhal judgment.

Shreya Singhal clarified that "actual knowledge" under S.79(3)(b) means knowledge via court order or government notification — not mere user complaints, to prevent private censorship.

"Generalia specialibus non derogant" means special law prevails over general law. Thus, IT Act (special law for cyber offences) prevails over BNS (general criminal law) for cyber-specific conduct.

Section 66 IT Act covers computer related offences — dishonestly/fraudulently doing any act referred to in Section 43 (unauthorized access, damage, etc.). This is the primary "hacking" provision.

Section 66F (Cyber Terrorism) is punishable with imprisonment which may extend to imprisonment for life. It covers acts threatening India's unity, integrity, security, or sovereignty.

IT Act has no specific provision for criminal intimidation. Section 351 BNS (criminal intimidation) applies to online threats. S.66A is struck down and cannot be used.

Ransomware on critical infrastructure (hospital) involves: S.66 (hacking), S.66F (cyber terrorism — lives at risk), and S.308 BNS (extortion). S.66A is struck down.

BNSS Section 173 mandates that Zero FIR must be transferred to the police station having territorial jurisdiction within 15 days.

Anvar P.V. v. P.K. Basheer (2014) established that Section 65B(4) certificate is mandatory for electronic evidence. Without it, secondary electronic evidence is inadmissible.

BNSS S.193 provides 90 days for investigation, extendable to 180 days. If chargesheet not filed, accused gets statutory bail.

Arjun Panditrao (2020) clarified that S.65B certificate may be produced at any stage before judgment and can be given by any person in responsible official position (not necessarily creator).

Section 67B IT Act specifically criminalizes publishing, transmitting, or creating material depicting children in sexually explicit acts — Child Sexual Abuse Material (CSAM).

Section 75 IT Act provides jurisdiction over offences committed outside India if the act involves a computer, computer system or network located in India, irrespective of accused's nationality.

The effects doctrine establishes jurisdiction in the place where the effects (harm/consequences) of an offence are felt, allowing victims to file cases where they suffered harm.

The Ministry of Home Affairs (MHA) is India's Central Authority for processing Mutual Legal Assistance Treaty (MLAT) requests to and from foreign countries.

MLAT requests to USA typically take 12-18 months. For faster alternatives, use direct platform Law Enforcement Request systems (2-4 weeks) or emergency preservation requests.

1930 is the National Cyber Crime Helpline. For financial frauds, reporting within the "golden hour" via 1930 significantwas based on the UNCITRAL Model Law on Electronic Commerce (1996), providing legal recognition to electronic records and digital signatures.

Section 43 IT Act provides civil liability (compensation) for unauthorized access, damage, disruption to computer systems. S.66 criminalizes acts under S.43 done dishonestly/fraudulently.

K.S. Puttaswamy was decided by a 9-judge Constitution Bench, unanimously holding that privacy is a fundamental right under Article 21.

Article 19(2) permits restrictions on grounds of: sovereignty/integrity of India, security of State, friendly relations, public order, decency/morality, contempt of court, defamation, incitement to offence.

Section 66C IT Act punishes identity theft — fraudulently using another person's electronic signature, password, or unique identification feature.

Section 66D IT Act punishes cheating by personation using computer resource — impersonating someone online to cheat another person.

BNSS Section 176 mandates video recording of searches. This is crucial for cyber cases — device seizure must be videographed for evidentiary integrity.

Sharat Babu Digumarti v. NCT of Delhi (2017) established that IT Act as special law prevails over IPC (now BNS) as general law for cyber-specific offences.

Section 75 applies "irrespective of nationality". Since the server is in India (Mumbai), Indian jurisdiction attaches. Enforcement is a separate challenge.

BNSS Section 182 (successor to CrPC S.166-A) deals with Letter Rogatory for obtaining evidence from foreign jurisdictions.

In the "golden hour", priority is freezing funds. 1930 helpline can coordinate with banks immediately. Documentation can follow.

IT Rules 2021 require grievance officer to acknowledge within 24 hours and resolve within 15 days. For certain content (intimate images), action required within 24 hours.

CERT-In is the Indian Computer Emergency Response Team, established under S.70B of IT Act as the national agency for cyber security incident response.

Section 66E IT Act punishes violation of privacy — capturing, publishing, or transmitting images of private areas without consent (voyeurism).

Informational privacy (recognized in Puttaswamy) includes control over personal data and protection from unauthorized collection, use, and disclosure. This is the constitutional foundation for DPDPA.