Cybercrime in India: Insight Into the Extra-Territoriality of the Information Technology Act

This article covers the ins-and-outs of cybercrime, its categorization and the space it occupies in India’s ever-increasing cyberspace. It further explores the IT Act which till date serves as India’s primary statute regulating the cyberspace and the crime therein. The article discusses the challenges posed by the advancement of technology that creates inefficiencies in the IT Act and hopes to provide substantial solutions to these issues.


Extra-territorial application of the IT Act
As per Section 1, the Act is applicable nationwide, encompassing the state of Jammu and Kashmir.This Act also has extraterritorial jurisdiction, meaning it applies to anyone who commit offences outside the country.If the origin of the offence, specifically a computer or similar equipment, is located in India, then the individual will be subject to punishment under the Act, regardless of their nationality [11].

Act to apply for offence or contravention committed outside India
A contravention is considered to have occurred outside of India if a person's actions or behaviour that constitute an offence or contravention involve a computer, computer system, or computer network located within India.Section 75 encompasses a wider scope that includes cybercrime perpetrated by cyber criminals of any nationality and in any geographical location (Pal Sayani, 2022) [12].

R v/s Governor of Brixton prison and another.
Here's what happened: Citibank experienced a serious breach in its cash management system, leading to unauthorised transfers of funds from customers' accounts to the hacker's accounts.The hacker responsible for this incident was Valdimer Levin, along with his accomplices.Following Levin's arrest, he was extradited to the United States.One of the key considerations revolved around the jurisdictional matter of determining the "place of origin" of the cyber crime.The Court determined that the communication link between Levin and Citibank computer was in real-time, establishing that Levin's keystrokes were taking place on the Citibank computer.It is crucial to address the conflicts surrounding jurisdiction by adopting a more comprehensive approach that considers principles of reasonableness and fairness.This approach should aim to accommodate the overlapping or conflicting interests of states, in line with the concept of universal jurisdiction

Issues
The above two provisions clearly indicate that the offence, despite being committed outside of India, can be punished in India.Therefore, if a Nepalese individual residing in Canada were to engage in a Distributed Denial of Service attack targeting computer networks in India with the intention of disrupting Yahoo e-mail services, they could potentially face legal consequences under the IT Act if brought to trial in India.The above provisions have been formulated in a comprehensive manner.Some provisions of the Indian Penal Code also indicate that its rules can be applied to unlawful actions carried out outside of India, albeit with certain conditions.Section 2 of the Indian Penal Code focuses on the punishment of offences committed within India.This presents no issue.If a criminal act involving computers is committed within India, the provisions of the Code would be applicable to such acts.Section 3 of the Indian Penal Code states the punishment for offences committed outside of India but which can still be tried within the country according to the law.Any individual who is subject to prosecution under Indian law for a crime committed outside of India will be handled in accordance with the provisions of this Code, as if the act had taken place within India.This section will be relevant in a scenario where the individual, when committing the offence they are being charged with, falls under the jurisdiction of Indian courts.Section 3 of the IPC has a wide scope, encompassing individuals who may not be citizens of India but are subject to Indian law for actions carried out outside of India (Shelke, Atmaram et.al., 2019) [16].

Conclusionary Statement and the way forward:
The IT Act is the primary framework for digital governance in India.Nevertheless, it was implemented in 2000.Just to provide some context, back in 2000, only a mere 0.5% of the population, which was approximately 55 lakh people, were using the internet.BSNL was also established 4 months after the passing of the Act.It is evident that there is a pressing requirement to revise the Act in order to incorporate policy and legal advancements, as well as adapt to current technological circumstances.Both the USA and UK have signed this Convention, which encompasses a range of extraditable offences.These offences include violations against the confidentiality, integrity, and availability of computer data and systems, such as illegal access, interception, data interference, system interference, and device misuse.Additionally, the Convention covers computer-related crimes like fraud and forgery, content-related offences such as child pornography, and offences related to copyright and related rights infringements, as well as attempts and aiding or abetting In general, it appears that India's decision to join the Budapest Convention has been driven more by diplomatic and foreign policy factors rather than a genuine focus on enhancing criminal justice collaboration in cybercrime and e-evidence matters [18].India is on the fast-track to become one of the biggest cyber-environments in the world, naturally exposing it to multitudes of cybercrimes.It is of utmost importance for India to ratify the Budapest convention, thereby, collaborating with other participating nations in making extensive regulations and robust safeguards to protect the expansive cyberspace.

India's primary
means to address cybercrimes In 1996, the United Nations Commission on International Trade Law produced a model law on ecommerce and digital complexities (Blythe, Stephen.E, 2006)[9].Additionally, it mandated that each country establish its own legislation regarding e-commerce and cybercrimes.The Act was enacted in 2000 to safeguard the data of both citizens and the government.This legislation positioned India as the 12th country globally to implement laws addressing cyber crimes.The IT Act, commonly known as the Information Technology Act, establishes the legal structure for safeguarding data pertaining to ecommerce and digital signatures.It underwent additional amendments in 2008 and 2018 to address the evolving societal requirements.The legislation also delineates the authorities and constraints of intermediaries(Basu Subajith & et.Al., 2003)  [10].

Introduction to the cyberspace in India
Due to the increasing advancements in technology, cyberspace has become an essential component of human existence.It has facilitated a wide range of activities, ranging from reserving a taxi through the internet to launching missiles capable of accurately striking targets.The 2007 cyber-attack on Estonia served as a catalyst for other countries, prompting them to recognise the significance of cyberspace and

1. Computer as Target Freq. Percent a. Hack for information to use to defraud. 40 13.1 b. Hack for damage/malware/ransom 20 6.6 c. Hack to subvert government or infrastructure 13 4.3 2. Computer as Instrument a. Buy/sell illicit goods or services
Chopra, Rohit, 2008) [7].India's cyber defence capabilities have emerged a critical worry due to recent incidents such as the compromise of customer data in corporate businesses, the Mumbai power outage on October 12, 2020, and the malware attack at Kudankulam Power Plant in 2019 (Dilipraj, E, 2019) [8].
[13].Section 81 of the Information Technology Act appears to relax the rigid requirement of enforcing the law within a particular jurisdiction with regards to the offences outlined in the Act and the amendments made by the IPC.(Retanlal, et.al., 1997)[14].However, a compelling argument can be made for the expansion of the Act beyond national boundaries by examining the 'terminator' doctrine in American and English law, as well as the concept of 'consequence' outlined in section 179 of the Code of Criminal Procedure in India(Devashish Bharuka, 2002)[15].