The adage “cyber-crimes” does not have a settled definition anywhere. The word “cyber” is used as a slang for anything relating to computers, information technology, internet and virtual reality. Therefore, it stands to reason that “cyber-crimes” are offences relating to computers, information technology, internet and virtual reality.
One finds laws that penalize cyber crimes in several statutes and even in regulations framed by various regulators. The Information Technology Act, 2000 (IT Act) and the Indian Penal Code, 1860 (IPC) penalize many cyber crimes and unsurprisingly, there are many provisions in the IPC and the IT Act that overlap with each other.
Analogous Provisions In Indian Penal Code and Information Technology Act
Many of the provisions relating to cyber-crimes which are provided for in IPC and the IT Act have the very same ingredients, to cite a few:
Hacking and Data Theft
Sections 43 and 66 of the IT Act go on to penalize instances of hacking into a computer network, data theft, introducing and spreading viruses through the medium of computer networks, causing damage to computer systems and ancillary offences. The maximum prescribed punishment for the above-provided list of offences is imprisonment of up to 3 years or a fine of Rs. 5,00,000 (Rupees Five lac) or both.
Whereas Section 378 of the IPC mentions about theft of movable property and will indeed find application in the case of the theft of any data, online or otherwise, this is so because of the definition of movable property which has been provided in Section 22 of the IPC which defines movable property as including corporeal property of every description, excluding land and things attached to the earth or permanently fastened to anything which is attached to the earth. The maximum prescribed fine for this offence is imprisonment of 3 years or a fine or both.
Section 424 of the IPC provides that “whoever dishonestly or fraudulently conceals or removes any property of himself or any other person, or dishonestly or fraudulently assists in the concealment or removal thereof, or dishonestly releases any demand or claim to which he is entitled, shall be punished with imprisonment of either description for a term which may extend to 2 (two) years, or with fine, or with both.” This provision will find application in cases of data theft and the maximum mandated punishment is 2 years or fine or both.
Section 425 of the IPC concerns itself with mischief and holds that “whoever with intent to cause, or knowing that he is likely to cause, wrongful loss or damage to the public or any person, causes the destruction of any property, or any such change in any property or in the situation thereof as destroys or diminishes its value or utility, or affects it injuriously, commits mischief”. It is established ideal that, damaging computer systems and even denying access to a computer system will form part and parcel of Section 425 of the IPC. The maximum punishment for mischief as per Section 426 of the IPC is imprisonment of up to 3 (three) months or a fine or both.
Identity Theft And Cheating By Personation:
The IT Act’s Section 66C outlines the penalties for identity theft, saying that anyone found guilty of using another person’s electronic signature, password, or other unique identification feature fraudulently or dishonestly faces up to three years in prison and a fine of Rs. 1,000,000 (Rupees one lakh) in addition to their other punishments.
The IT Act’s Section 66D outlines the penalties for “cheating by personation by using computer resource” and states that anyone found guilty of engaging in personation fraud using a computer resource or communication device faces up to three years in prison and a fine of Rs. 1,000,000 (Rupees one lakh) in addition to other penalties.
A person who engages in “cheating by personation” is also subject to punishment under Section 419 of the IPC, which stipulates that they may receive a fine, a term of imprisonment of either description that may not exceed three years, or both. A person is considered to have engaged in “cheating by personation” if they purposefully represent themselves or another person as someone other than who they actually are, or if they intentionally replace one person for another.
In the case of identity theft, the provisions of Sections 463, 465, and 468 of the IPC that address forgery and “forgery for the purpose of cheating” may also apply. Forgery committed with the intent to defraud is punishable under Section 468 of the IPC with both a fine and imprisonment of either kind for a time that may not exceed 7 (seven) years. According to Section 463 of the IPC, forgery is defined as the creation of a false document or portion of a document with the intent to harm the public or any individual, to support a claim or title, to persuade an individual to part with property, to enter into an express or implied contract, to commit fraud, or with the knowledge that fraud may be committed.
In this context, it is also appropriate to make reference to Section 420 of the IPC, which states that anyone found guilty of deceiving another person and dishonestly persuading them to deliver property to a third party, create, modify, or destroy a valuable security, or anything that is signed or sealed and can be converted into a valuable security, will be sentenced to up to seven years in prison.
The only distinction between the penalties outlined in Sections 66C and 66D of the IT Act and those outlined in Section 419 of the IPC is that the fine outlined in that Section of the IPC has no upper limit. The penalty under Section 468 is substantially more severe, with a maximum sentence of 7 (seven) years in jail. Furthermore, the IPC employs the word “or” to indicate that the offence could be punished with either an imposition of a fine or imprisonment, whereas the IT Act allows both punishments. In relation to the crime of identity theft, the key difference between the IPC and the IT Act is that the latter mandates that the crime be performed with the aid of a computer resource.
Conflicts Between IPC And IT Act Illustrated Through Cases
The contradiction between the IPC and the IT Act was brought to light in the case of Sharat Babu Digumarti v. Government of NCT of Delhi. In this instance, baazee.com (“Bazee”) featured an explicit video for sale on November 27, 2004. To avoid being picked up by the Baazee filters, the listing was purposefully placed in the subcategory “ebooks” and category “Books and Magazines.” Before the listing was removed from the market, a few copies were sold. Later, Avinash Bajaj, the managing director of Bazee, and Sharat Digumarti, the company’s manager, were charged by the crime branch of the Delhi Police. It was determined that vicarious liability could not be imposed on Avinash Bajaj under either Section 292 of the IPC or Section 67 of the IT Act as Avinash’s employer Bazee was not an accused, and thus allowed Avinash Bajaj to avoid being held accountable. Later charges against Sharat Digumarti under Section 67 of the IT Act and Section 294 of the IPC were also dismissed, but the charges under section 292 of the IPC were kept. The Supreme Court next assessed whether a prosecution under Section 292 of the IPC may be upheld after the charges under section 67 of the IT Act were dismissed. The IT Act alone would apply if an offence involves an electronic record since that was the legislative intent, the Supreme Court decided in its decision to throw out the charges brought against Sarat Digumarti. It is a well-established rule of interpretation that particular laws take precedence over general ones and that later laws take precedence over earlier ones. In addition, Section 81 of the IT Act specifies that any provisions that conflict with the IT Act’s requirements may be found in other currently in effect laws.
Several people were accused of stealing data and software from their employer in the case of Gagan Harsh Sharma v. The State of Maharashtra, and they were charged under Sections 408 and 420 of the IPC as well as sections 43, 65, and 66 of the IT Act. Section 408 of the IPC deals with criminal breach of trust by clerk or servant and states that “whoever, being a clerk or servant or employed as a clerk or servant, and being in any manner entrusted in such capacity with property, or with any dominion over property, commits criminal breach of trust in respect of that property, shall be punished with imprisonment of either description for a term which may extend to seven years, and shall also be liable to fine”.
Sections 408 and 420 of the IPC prohibit the use of bail and prohibit compounding of offences without the court’s approval. Sections 43, 65, and 66 of the IT Act provide for both bail and compounding for certain offences. The petitioners therefore sought for the allegations against them under the IT Act to be looked into and pursued instead of the charges against them under the IPC. It was further contended that if the Supreme Court’s decision in a landmark case in this Sharat Babu Digumarti were adopted, the petitioners could only be punished for offences resulting from the identical activities under the IT Act and not the IPC.
The petitioners’ arguments were upheld by the Bombay High Court, which also ruled that the IPC charges against them should be withdrawn.
The Indian Penal Code (IPC) and the Information Technology Act (IT Act) are two important laws that govern cyber crimes in India. However, there is a significant overlap between the provisions of these two laws, which can sometimes lead to conflicts.
One of the main areas of conflict is in the definition of cyber-crimes. The IPC does not define cyber crimes specifically but instead relies on broad definitions of traditional crimes such as theft, cheating, and forgery. The IT Act, on the other hand, defines several specific cyber crimes, such as hacking, data theft, and online fraud.
This overlap can lead to confusion and uncertainty about which law applies to a particular case. For example, if a person hacks into a computer system and steals data, they could potentially be charged with both theft under the IPC and unauthorized access to a computer system under the IT Act. To address these conflicts, it is important to clarify the relationship between the IPC and the IT Act. This could be done by amending the IPC to include specific definitions of cyber-crimes, or by amending the IT Act to increase the punishments for cyber-crimes.
In addition, it is important to train law enforcement and judicial officials on the application of the IPC and the IT Act to cyber crimes. This will help to ensure that cyber crimes are investigated and prosecuted effectively, regardless of which law applies.
This article is written and submitted by Devam Krishnan during his course of internship at B&B Associates LLP. Devam is a B.A. LLB 4th year student at National University of Study and Research in Law, Ranchi.