Offences Related to Tampering with Computer Source Documents

Introduction:

This era of technological advancements has defied the conventional forms of storing and communicating information. Nowadays computers, laptops and other electronic devices are used as a medium to create, transmit or store information. The earlier such information use to be in the form of paper-based documents but now this information has taken shape of a digital document. This digital transaction of information is simpler and faster than the convention method, however, it is also prone to being misused.

However, this comfort comes with enhanced security problem and modified risk. Humans, not machines, are the main threat to technology. Computer offenders are trying to oppress people for their benefit. Hackers create unlawful access by using the internet to harm your computer system and data, the threat they pose to your protection is growing exponentially. Computer hackers are unauthorized users who break into computer networks to steal, alter, hijack, or ruin information, often by downloading dang.

Laws have been enacted in order to prevent misuse, fraud and manipulation of digital information to cause unlawful benefit to one or to cause unlawful loss to others. The Information Technology Act, 2000 (hereafter referred to as IT Act) provides protection and legal recognition to electronic transactions. This article discusses the offence of tampering with the computer source documents as provided under the IT Act.

Cybercrime

Cybercrime is a general term that refers to any illegal act carried out by using computer, internet, cyberspace and the worldwide web as a medium. Computer crime or cybercrime refers to any crime involving a computer and a network.[1] The computer may have been used in the commission of a crime, or it may be the target.[2] Net crime is criminal exploitation of the Internet.[3] Any unauthorized activity committed by or in association with a computer system or network, including offences such as unlawful ownership and the provision or dissemination of information by means of a computer system or network can be construed as cybercrimes in a broader sense.[4]

Cybercrime is not defined officially in the IT Act or any other legislation. Section 2(nb) of the IT Act defines cybersecurity as “protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction[5]”. This definition was introduced in the IT Act by the 2008 amendment. The amendment has added several new provisions which create punishments for new categories of cybercrimes.

Computer Programming

Computer programming is a method to give computers instructions of what to do. Computer programming is thus a process of writing instructions that are performed by computers. These instructions, commonly known as code, are written in a programming language that the computer can understand and use to execute a task or solve a problem. Basic computer programming involves evaluating the problem and constructing a logical series of instructions to solve the problem. There may be several directions to a solution, and the computer programmer tries to design and code what is most effective.

Types of ‘Computer Source Code’

There are two types of computer software code- source code and object code. The “source code” is a text of computer software written in a high-level programming language.[6] It is a set of mnemonic computer commands written in a special programming language. If a person knows such a language, the software is easily changed. The source code also contains statements on the program’s architecture and intent.[7]

“Object code”, or executable code, is a type of binary machine code that a computer uses to execute a programme, that computer programmers however do not understand it easily or readily.[8] Before a computer can perform the commands, they must be translated from, the “source code”, into the “object code”, a binary representation of the “source code”, which a computer can directly execute.[9]

Computer Related Offences under Indian Penal Code, 1860

Indian Penal Code (hereafter referred as IPC) clarifies that it extends to any person in any place even if beyond India if he has committed offence targeting a computer resource located in India.[10] The IPC was revised by the introducing of the term “electronic record” under Section 29A. Thus, all electronic documentation and records were kept in conformity with the physical documents and records protected by the IPC. However, there is no specific section which deals with cybercrimes or offences related to computer, they can be inferred under these sections.

1. Section 292 IPC: Publication, etc of any material which is considered obscene on any digital platform can be made punishable under this section.
2. Section 292A IPC: Printing etc. of grossly indecent or scurrilous matter or matter intended for blackmail through digital means is punishable under this section.
3. Section 420 IPC: Bogus websites and cyber frauds can be made punishable under section 420 for it provides punishment for cheating and dishonestly causing to induce delivery of property.
4. Section 463 IPC: This section provides punishment for forgery hence E-mail spoofing can be brought in the purview of this section.
5. Section 464 IPC: Making a false document or electronic records is expressly prohibited under this section.
6. Section 468 IPC: Using a forgery electronic document for the purpose of cheating is punishable under this section.
7. Section 469 IPC: Similarly forgery for purpose of harming reputation is made punishable under this section.
8. Section 499 IPC: If a person publishes defamatory messages by e-mail then he can be charged under this section.
9. Section 500 IPC: E-mail abuse is made punishable under this section.
10. Section 503 IPC: Sending threatening messages by e-mail is made punishable under this section.

IT Act, 2000

Chapter XI of the IT Act exclusively deals with cyber offences. This chapter has been substantially broadened by the IT Amendment Act, 2008 thus expanding the scope of cyber offences in India.

Section 65: Tampering with computer source documents

The offence of tampering with computer source documents under Section 65 of the IT Act is made out when a person-

1. Intentionally conceals, destroys or alters a computer source code used for a computer, computer programme, computer system or computer network;
2. Intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer programme, computer system or computer network; and
3. (a) However, the offence is made out only when computer source code is required to be kept or

(b) When computer source code is maintained by law for the time being in force.[11]

‘Computer Source Code’ for the purpose of Section 65 of IT Act includes-

1. list of programmes;
2. computer commands;
3. design and layout; and
4. Programme analysis of computer resource in any form. [12]

The aim of this section is to protect the “intellectual property” vested in the computer. It is an effort to secure electronic source documents (codes) beyond which is accessible under the Copyright Act. This section is expanded to the Copyright Act which allows businesses to protect the source code of their programmes.[13] The IT Act provides that offences for which the punishment for life or imprisonment for a term exceeding three years has been provided, under this Act are compoundable[14]; bailable if punishable with imprisonment of three years [15] and cognizable if punishable with imprisonment of three years and above[16]. Accordingly, Section 65 provides imprisonment upto three years, therefore tampering with computer source documents is a compoundable, bailable and cognizable offence.

Syed Asifuddin and others vs. The State of A.P. and another

The Andhra Pradesh High Court held that the disjunctive term “or” is used by the Legislature, in Section 65, between the two expressions “when a computer source code is required to be kept” and when a computer source code is “maintained by law for the time being in force” which signifies that both conditions are different. However, whether a mobile phone operator maintains a source code for a computer is a matter of evidence, thus a question of fact. In this case, the employees of Tata Indicom were arrested for leveraging the 32-bit electronic serial number (ESN) programmed for hacking into mobile phones, exclusively franchised to Reliance Infocom. The Court held that this case involves tampering with source code and thus Section 65 of the IT Act was invoked.[17]

Requirements under Section 65

While conducting an investigation in relation to Section 65 of the IT Act, 2000 it becomes crucial to verify the following electronic evidences gathered-

1. The phrase “whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy, or alter any computer source code” as used in Section 65 implies that the offender must have mens rea to either hide, demolish or change the computer source code or causes another person to do so.[18] Therefore accessing the computer source code to alter, delete or destroy it must be accompanied with fraud or dishonest intent, by a person who is not authorized to access such records or if the person is authorized then he uses it for unauthorized means, thereby exceeding his authority.
2. The ownership of the aggrieved in relation to the tampered computer source code must be established. One of the ways to establish the ownership is to ascertain whether the aggrieved has copyright on the concerned computer source code. If the aggrieved has copyright on the computer source code then the ownership can be established otherwise not.
3. Further, the Investigation Officer may recover from the aggrieved the alleged original computer source code, and may also recover the alleged stolen or tampered version of it, from the defendant and forward both to an expert for comparison and reporting.
4. If the report confirms the original and the tampered version of accused then the case is established and accordingly the appropriate further action may be taken against the accused.
5. It is also crucial to prove as to how the source code was taken away or altered. It becomes important to verify whether it was transmitted through e-mail or copied on any portable media and recovery of such electronic portable media in pursuance of the confession of the accused under the cover of a mediator or investigation report is also crucial.
6. If the source code was sent via e-mail, the associated e-mail ID and their connection with the accused person will act as an evidence to create the case. The electronic portable media retrieved can also be forwarded under a Letter of Advice to the Forensic Science Laboratory (hereafter referred to as FSL) and an investigation report may be obtained.
7. Additionally, if any laptop has been used to steal the source code, such a laptop may also be retrieved at the defendant’s instance or otherwise. The laptop will be forwarded for review to the FSL.
8. If the former employee of the complainant’s company manipulates the source code, then the appointment letters, non-disclosure agreements etc can also be obtained to show that the defendant genuinely served in the corporation of the plaintiff. However, the examination of the Human Resource Manager is also required.
9. Examination and recording of the complainant’s statements, and also of his/her subordinates such as supervisors, team members of the accused may also be required.

Section 43: Penalty and compensation for damage to computer, computer system, etc.

This section provides that if any person without the permission of the owner or of any other person who is charge of the computer/computer system/computer network, does any of the following acts, then such person is liable to pay damages by way of compensation the affected person.

1. If he accesses or secures access to the computer/computer system/computer network/ computer resource;
2. Downloads, copies or collects any data, file or information from computer/computer system/computer network, including information or data saved or stored in any portable storage media;
3. Introduces or allows any device contaminant or virus to be inserted into the computer/computer system/computer network;
4. Damages or causes to damage any computer/computer system/computer network or any computer database or documents within the computer/computer system/computer network;
5. Disrupts or causes the computer/computer system/computer network to be disrupted;
6. Denies access to any person who is authorized to access the computer/computer system/computer network;
7. Assists any person to allow access to a device, computer system/ computer network, in contravention of the provisions of this Act, the rules or regulations;
8. Charges services used by a person on behalf of another person by tampering with or exploiting some other computer/computer system/computer network;
9. Destructs, deletes or changes any information contained in a computing resource or diminishes its worth or usefulness or, by any way, injuriously affects it;
10. Stealing, concealing, damaging or modifying or causing any person to steal, cover, destroy or modify any computer source code used for a computer resource with the intention of causing damage.[19]

Section 66: Computer related offences

This section is an enhanced version of Section 43. Section 66 punishes the same acts provided under Section 43 with imprisonment for upto three years and fine upto five lakh or both, if done with dishonest or fraudulent intention.[20] Therefore the only difference between Section 43 and Section 66 is that the former provides for a cyber contravention, it describes a civil wrong as it provides only for compensation, but the later is a penal provision which requires mens rea to establish the given cyber offences.

Additionally ‘hacking’ earlier used to refer to a crime under section 43 of the IT Act, but at the same time ethical hacking or better known as white-collar hacking is considered legitimate. Ethical hacking is also taught by numerous practitioners in schools and universities. So there was a need to discriminate between good and poor hacking. Accordingly, under the 2008 amendment to the IT Act, the term ‘hacker’ was removed from the Act. The amendment reformulated section 66 and section 43 by eliminating the term hacking from the Legislation.[21]

Conclusion

Thus it can be concluded that under the IT Act tampering with computer source documents may consist of concealing, damaging or modifying the source code used by computers, computer programmes, computer systems or computer networks where the computer source code is expected to be stored or preserved by law and such an act is made punishable with imprisonment up to three years or a fine extending up to two lakh rupees, or both. Further, such modification should be done without authorization. In addition to this, the 2008 amendment also introduced a variety of cyber offences, thereby enhancing the dimension of cyber protection in India.

---

References:

[1] Moore R., Cyber crime: Investigating High-Technology Computer Crime (Cleveland, Mississippi: Anderson Publishing 2005).

[2] Warren G. Kruse, Jay G. Heiser, Computer forensics: incident response essentials, 392, (Addison-Wesley 2002).

[3] David Mann and Mike Sutton, Net crime, The British Journal of Criminology, (Jan 15, 2021, 9:09 PM) Bjc.oxfordjournals.org.

[4] Rahul Deo, Offences under IT Act, 2000, Academike Lawctopus (Jan 15, 2021: 8 PM), https://www.lawctopus.com/academike/offences-act-2000/.

[5] Information Technology Act, 2000, Sec 2(nb), No. 21, Acts of Parliament, 2000 (India).

[6] S Charles H. Davidson, Object Program, in Encyclopedia of Computer Science, 962, (Anthony Ralston and Edwin D. Reilly eds., 1993).

[7] David Bender, Protection of Computer Programs: The Copyright/Trade Secret Interface, 47 (U. Pitt. L. Rev. 907, 919 1986).

[8] Jonathan L. Mezrich, Source Code Escrow: An Exercise In Futility?, 5 Marq. Intell. Prop. L. Rev. 117, 118 (2001).

[9] 8 Ravi Sethi, Programming Languages: Concepts and Constructs (Addison Wesley 1990).

[10] Indian Penal Code, 1860, Sec 4(c). No. 45, 1860 (India).

[11] Information Technology Act, 2000, Sec 65, No. 21, Acts of Parliament, 2000 (India).

[12] Information Technology Act, 2000, Sec 65, No. 21, Acts of Parliament, 2000 (India).

[13] Rahul Deo, Offences under IT Act, 2000, Academike Lawctopus (Jan 15, 2021: 8 PM), https://www.lawctopus.com/academike/offences-act-2000/.

[14] Information Technology Act, 2000, Sec 77A, No. 21, Acts of Parliament, 2000 (India).

[15] Information Technology Act, 2000, Sec 77B, No. 21, Acts of Parliament, 2000 (India).

[16] Id.

[17] Syed Asifuddin and others vs. The State of A.P. and another, (2005) S.C.C. OnLine AP 1100.

[18] Apar Gupta, Apar Gupta: Commentary on Information Technology Act – Along with Rules, Regulations, Orders, Guidelines, Reports and Policy Documents, 2016, Ch 11 Offences, (Jan 16, 2021, 06:00 PM), https://advance.lexis.com/api/permalink/feb8ff51-068a-4c75-9cf3-1a697af1b22f/?context=1523890.

[19] Information Technology Act, 2000, Sec 43, No. 21, Acts of Parliament, 2000 (India).

[20] Information Technology Act, 2000, Sec 66, No. 21, Acts of Parliament, 2000 (India).

[21] Sylvine, Laws against Hacking in India, Ipleaders, (Feb 3, 2021; 6.09PM) https://blog.ipleaders.in/laws-hacking-india/#:~:text=The%20Information%20and%20Technology%20Act%2C%202000%20(IT%20Act)%20covers,collar%20hacking%20was%20considered%20legal.