A. Civil Wrongs with Criminal Consequences
The IT Act uniquely combines civil and criminal liability. Section 43 creates civil liability for unauthorized computer access, while Section 66 criminalizes the same acts when done dishonestly or fraudulently.
Prohibited Acts under S.43(a) to (j):
- S.43(a): Unauthorized access to computer/network
- S.43(b): Downloading/copying/extracting data
- S.43(c): Introducing computer contaminant (virus/malware)
- S.43(d): Intentionally damaging computer/data
- S.43(e): Disrupting or causing denial of access
- S.43(f): Denial of service to authorized person
- S.43(g): Assisting in unauthorized access
- S.43(h): Charging service to another person's account
- S.43(i): Destroying/altering source code
- S.43(j): Stealing/destroying any computer
Section 43 provides civil compensation (up to ₹1 crore) adjudicated by IT Adjudicating Officer. No imprisonment. Perfect for corporate victims seeking damages without criminal prosecution delays.
Essential Elements:
S.66 criminalizes S.43 acts when done with criminal intent. The key differentiator is mens rea — dishonest or fraudulent intention converts civil wrong into criminal offence.
Bailability: S.66 is punishable with max 3 years — making it bailable. Bail is matter of right. Key defence argument: once devices seized, no tampering risk.
B. Core Cyber Crimes
Scope:
Concealing, destroying, altering source code when required to be maintained by law. "Source code" includes programs, computer commands, design, and layout.
Often used in: Employee stealing proprietary code, software piracy, website defacement affecting source files, destroying audit logs.
Essential Elements:
Covers stealing login credentials, OTPs, biometric data, Aadhaar numbers, or any unique digital identifier.
S.66C = Theft of identity credentials (stealing the password)
S.66D = Using stolen identity (impersonating with that password)
Often charged together in phishing cases.
Essential Elements:
This is the primary phishing section. Covers: fake websites impersonating banks, CEO fraud emails, social media impersonation for fraud, fake customer support calls.
Charging only BNS S.318 (cheating) for phishing misses the technology element. S.66D is mandatory when impersonation occurs through digital means. Always charge both.
Prohibited Acts:
- Capturing image of private area without consent
- Publishing or transmitting such image
- "Private area" = naked/undergarment-covered genitals, pubic area, buttocks, female breast
Primary section for voyeurism, upskirting, hidden camera offences. Often combined with S.67/67A if images are obscene.
Two Types of Acts:
Type 1 (S.66F(1)): Intent to threaten unity, integrity, security, sovereignty of India or strike terror:
- Denial of access to authorized persons to computer resource
- Attempting to penetrate secured computer resource
- Introducing contaminant (knowing it may cause death, injury, property damage)
Type 2 (S.66F(2)): Knowingly accessing computer and obtaining information that could be used to injure sovereignty, integrity, security of India, relations with foreign states, public order, or cause offence to foreign nationals.
Life imprisonment + Non-bailable = Most serious IT Act offence. Used for: attacks on critical infrastructure (hospitals, power grid, banking), ransomware affecting essential services, state-sponsored hacking.
C. Obscenity & Content-Based Offences
Publishing or transmitting in electronic form any material that is lascivious or appeals to prurient interest, or whose effect tends to deprave and corrupt.
Test: Community standards + likely audience + dominant theme. Similar to IPC 292 but for electronic medium.
Publishing or transmitting material containing sexually explicit act in electronic form. More severe than S.67 — covers explicit depictions regardless of obscenity test.
S.67: Obscene material (subjective test)
S.67A: Sexually explicit acts (objective — actual sex acts depicted)
S.67A is more serious with higher punishment.
Prohibited Acts:
- Publishing/transmitting material depicting children in sexually explicit act
- Creating text/digital images/advertising/promoting CSAM
- Cultivating/enticing/inducing children for online relationship for sexually explicit act
- Facilitating online abuse of children
- Recording own abuse or abuse of others
S.67B must always be charged alongside POCSO Act provisions. POCSO has stricter punishments and procedures. Failure to invoke POCSO is a serious prosecution error.
Quick Reference: IT Act Offences
| Section | Offence | Punishment | Bail | Key Elements |
|---|---|---|---|---|
| S.43 | Damage to computer | ₹1 Cr compensation | Civil | Unauthorized access/damage |
| S.65 | Source code tampering | 3 yrs + ₹2L | Bailable | Alter/destroy source code |
| S.66 | Hacking | 3 yrs + ₹5L | Bailable | S.43 acts + dishonest intent |
| S.66C | Identity theft | 3 yrs + ₹1L | Bailable | Steal password/credential |
| S.66D | Cheating by personation | 3 yrs + ₹1L | Bailable | Impersonate via computer |
| S.66E | Privacy violation | 3 yrs + ₹2L | Bailable | Capture/publish private images |
| S.66F | Cyber terrorism | Life | Non-Bailable | Threaten sovereignty/security |
| S.67 | Obscene material | 3/5 yrs | Bailable/NB | Lascivious/prurient content |
| S.67A | Sexually explicit | 5/7 yrs | Non-Bailable | Explicit sex acts |
| S.67B | CSAM | 5/7 yrs + POCSO | Non-Bailable | Child in sexual content |
🎯 Key Takeaways
- S.43 is civil, S.66 is criminal: Same acts, different consequences based on mens rea
- S.66C + S.66D often charged together: Identity theft (stealing) + Cheating by personation (using)
- S.66D is mandatory for phishing: Can't charge only BNS cheating
- S.66F = Life imprisonment: Most serious; use for critical infrastructure attacks
- S.67B always needs POCSO: Never charge CSAM without POCSO provisions
- Most IT Act offences are bailable: Except S.66F, S.67A, S.67B (2nd offence)