Judicial Response to Cyber Security in India

Judiciary on Cyber Security

8/28/20235 min read


As technology advances, humans have become reliant on the Internet for all their requirements. The Internet has provided us with quick access to everything seated in one location. Every imaginable thing can be done through the Web, including social networking sites, online shopping sites, data storage, gaming, online schooling, online jobs, and so on. The Internet is used in every aspect of life. As the Internet advantages grew in popularity, so did the notion of cybercrime. Different types of cybercrime have evolved with the increasing dependency on the Internet. There was a shortage of understanding about the crimes that might have been perpetrated over the Internet a few years ago. Still, today, in terms of cybercrime, India is also not far behind other countries, where the rate of cybercrime incidents is also on the rise.

According to the report of Norton Lifelock, a cybersecurity software company, in the last 12 months, 27 million Indian adults have been victims of identity theft, and 52% of people in the nation are unaware of how to defend themselves against cybercrime.

Cybercrime: an overview

Cybercrime is defined as illegal behavior involving a PC, a computer network, or any networked device. Most, but not all, cybercrime is conducted by profit-driven cybercriminals or hackers. Some cybercrimes target computers or devices to harm or disable them, while others target computers or networks to disseminate malware, unlawful information, pictures, or other things. Some cybercrime targets computers to infect them with a computer virus, which subsequently spreads to other computers and, in some cases, whole networks.

How do cybercrimes work?

Cybercrime may start everywhere there is digital data, opportunity, or motivation. From lone users engaging in cyberbullying to state-sponsored attackers, cybercriminals come in many shapes and sizes. Cybercrime does not happen in a vacuum; it is, in many respects, a dispersed phenomenon. That is, hackers frequently insist on the help of other parties to execute their schemes. This is true whether it’s a malware developer selling code on the dark web, a distributor of illicit medicines utilizing cryptocurrency brokers to keep virtual money in escrow, or state threat actors stealing intellectual property through technological subcontractors. Cybercriminals employ a variety of attack vectors to carry out their cyberattacks, and they are always looking for new ways to achieve their objectives while evading discovery and prosecution.

Laws governing cybercrimes in India

Cybercrime refers to illegal activities in which a computer is used as a tool, a target, or both. Traditional criminal actions, some are theft, fraud, forgery, defamation, and mischief, all of which are covered under the Indian Penal Code, might be included in cybercrimes. The Information Technology Act of 2000 addresses a variety of new-age offenses that have arisen due to computer abuse. The Indian Penal Code (IPC) 1860, the Bankers’ Books Evidence Act 1891, the Indian Evidence Act (IEA) 1872, and the Reserve Bank of India Act (RBIA) 1934 were all swiftly amended by the IT Act. The Amendments brought under the Sections of these Acts were to make them compliant with new technologies. By establishing stringent legal recognition, these modifications attempted to tone down all electronic transactions/communications, bringing them beneath the radar.

Landmark judgments

The following judgments are the landmark judgments on cybercrime in India. The first cybercrime occurred in 1992 when the first polymorphic virus was released. The case of Yahoo v. Akash Arora (1999) was one of the earliest examples of cybercrime in India. The defendant, Akash Arora, was accused of utilizing the trademark or domain name ‘yahooindia.com,’ a permanent injunction was sought in this case. The case of Vinod Kaushik and others v. Madhvika Joshi and others (2012) is the other example in which the Court held that according to Section 43 of the IT Act, 2000, accessing the e-mail accounts of the spouse and father-in-law without their consent prohibited. In 2011, a decision was reached in this matter. All of these instances deal with the question of how cybercrime has evolved, with a focus on India.

CBI v. Arif Azim (Sony Sambandh Case) (2013)

In 2013, India had its first cybercrime conviction. It all started when Sony India Private Ltd, which owns the website www.sony-sambandh.com and targets Non-Resident Indians (NRI), filed a complaint. After paying for them online, NRIs may use the service to transfer Sony items to friends and family in India.

The firm guarantees that the items will be delivered to the intended recipients. In May 2002, Barbara Campa went onto the website and bought a Sony Color Television and cordless headphones. She provided her credit card information and asked for the items to be sent to Arif Azim in Noida. The credit card company cleared all the payments, and after that, the transaction was completed. The products were delivered to Arif Azim after the business completed the necessary due diligence and inspection processes.

The firm took digital photos of Arif Azim accepting the package at the time of delivery and the transaction was completed at that point, but after a period of one and a half months, the credit card company told the firm that the purchase was illegal since the true owner had denied making it. The firm reported internet cheating to the Central Bureau of Investigation (CBI), which opened an investigation of U/S 418, 419, and 420 of the Indian Penal Code. Arif Azim was detained once the incident was examined. Arif Azim then obtained the credit card number of an American national while working in a contact center in Noida, which he abused on the company’s website, according to investigations.

In this kind of cyber fraud case, the CBI recovered the colour television and cordless headphone. The CBI had enough evidence to establish their case in this instance. Therefore, the accused acknowledged his guilt. Arif Azim was found guilty under Sections 418, 419, and 420 of the IPC, marking it the first time that a cybercriminal has been found guilty. The Court, on the other hand, believed that because the accused was a young person of 24 years old, and a first-time offender, a compassionate approach was required. As a result, the Court ordered the accused sentenced to a year of probation. The decision has enormous consequences for the entire country. Apart from being the first cybercrime conviction, it has demonstrated that the IPC may be effectively used for various types of cybercrime that do not come under the Information Technology Act 2000.


The IT Act and the Rules disseminated thereunder regulate the cyber law regime. When the IT Act is not able to provide for any specific sort of offense or if it does not include comprehensive provisions with regard to an offense, one may also turn to the provisions of the IPC, 1860. However, the current cyber law system is still inadequate to cope with the wide range of cybercrimes that exist in the world. With the country, i.e. India moving towards the ‘Digital India’ movement, cybercrime, on the other hand, is continuously developing day by day, and various types of cybercrime are being added on a daily basis to the cyber law regime. So, there is a need to bring some amendments to the Indian laws to reduce such crimes.

Ankita Raj


AU Patna