Comparative Study on Indian and International Laws on Cyber Security

Introduction

An increase in cybersecurity risks has been seen in India as a direct result of the country's
increased reliance on electronic devices and the internet since the recent emergence of the
COVID-19 epidemic. The rapid spread of COVID-19 has highlighted the many shortcomings of
our increasingly Internet-dependent culture. There has been a rise in the acceptance and usage of
electronic media, a meteoric rise in the e-commerce business and trade, a proliferation of
international trade, and an increase in the prevalence of previously unrecognized transgressions
of online norms. There are a plethora of legal complications and questions this brings. This
paved the way for the legitimization of cyber law in India.

Increases in phishing, Trojan horses, malware assaults, and invasions of privacy highlight the
need for India to clarify its cyber security legislation and provide victims with clearer access to
legal recourse. It's crucial. Since February 2020, cyberattacks in India have acquired significant
traction, with the proportion of cyberattacks increasing to 500% in 2020 alone, and this trend is
only projected to accelerate shortly.

The purpose of this chapter is to examine the present cyber law, cyber security, and victim
remedies in India. The essay also discusses the consequences of forthcoming cyber legislation in
India for topics like cyber security and cyber assaults. This study seeks to ascertain whether the
present body of law, together with pending legislation, is enough to handle future privacy and
cybersecurity issues. Cybercrime legislation in Australia, India, Russia, the United States, and
the United Kingdom.

Cyber Law Legislation in India

Cyberlaw, often known as information technology law, refers to the body of law that governs
electronic communications and computing devices. He manages the legal sector's use of
information technology, including e-commerce, information security, and software distribution.
Contract law, intellectual property law, personality law, and data protection law are all
components of IT law and not distinct fields of law in and of themselves. IT law focuses heavily
on protecting creators' work. The IT Act regulates data, software, and other aspects of the digital
era while taking into account the nuances of legal terminology and expertise.1

While not limited by any one body of law, it effectively encompasses a wide range of issues
related to intellectual property, data protection, and personal privacy. Electronic trade, electronic
governance, electronic banking, and cybercrime are all protected by the law. The Information
Technology (Amendment) Act of 2008 revised the aforementioned statute. [ITAA-2008].

Information Technology Act, 2000

When it comes to managing high-tech or digital information, the IT Act of 2000 serves as the
overarching regulatory framework. Distinct in that it accommodates such novel concepts as
advanced marks, cyber wrongdoings, structured benefit providers, and electronic certifications.
The purpose of the IT Act is to enhance e-government, legitimate e-commerce, stop cybercrime,
and enforce the Indian Penal Code, according to the preamble of the Act. The Government of
India revised the Act in 2008 to incorporate provisions for emerging technologies and
regulations that had been left out of the original legislation due to escalating safety concerns and
the quick expansion of the information technology industry. The statute shows certifying expert
tactics (computerized certificates beneath the IT Act 2000 supplanted by electronic marks in
ITAA 2008). Various wrongdoings were said, particularly information burglary and methods for
judging such wrongdoings. It moreover covers common and common wrongdoings committed
on an everyday premise and their disciplines. In expansion, a few clauses, the part of mediators,
and the significance of conducting due perseverance to dodge such dangers were highlighted. In
arrange to keep certain logs, the Government under the

1PP Pankaj (ed), Cyber Law (IT) Law in India available at https://www.geeksforgeeks.org/cyber-law-it-law-in-
india/
IT Act has set up particular controls centering on particular regions of information collection,
transmission, and preparing, counting Control on enrollment of Cyber Cafes in India. built up the
rules. It too disallows the show of shocking substance at different advanced stages and requires
the mediator to piece and expel such substance from his site. Moreover, the protection and
security of clients’ information have ended up a major concern nowadays, and such information
given by citizens must be satisfactorily ensured and secured. As such, lawful directions were
presented by the government in 2011 that require organizations that hold touchy client individual
data to comply with certain built-up security guidelines, and on the off chance that they don't
comply with the controls, they will be subject to the laws. Overwhelming fines and detainment
are forced.

Importance of Cyber Law in India

Cyber law is one of the most smoking zones in India and is considered one of the foremost
critical laws of the 21st century. It is a rising division in India with the potential for encouraging
improvement and extension. Indian cyber laws are defined with the assistance of various
universal traditions and traditions. The most objective of Cyber Law in India is to legitimately
recognize and direct electronic exchanges. Indian cyber law has numerous benefits. We offer
assistance to encourage e-commerce in India and guarantee lawful endorsement of e-commerce.
It too directs e-commerce in India. Indian cyber laws too offer assistance to avoid data
innovation-related wrongdoings. It moreover controls the Web and other computer systems.
Indian Cyber Law to make a difference to encourage the improvement of electronic foundations
in India. Indian cyber laws too offer assistance to avoid the abuse of computers and other
electronic gadgets. It too makes a difference anticipate unauthorized get to computer frameworks
and systems. Indian Cyber Law will moreover offer assistance to advance the advancement of
the Indian e-economy. 2

2 Brief guides to understanding cyber laws in India available at www.hatabook.com/blog/article-1019-importance-

of-cyber-law-in-india/#:~:text=The%20primary%20objective%20of%20Cyber,legal%20recognition%20for
%20electronic%20transactions.
History of Cyber Law in India

India's cyber legal framework emerged in the early 21st century. The Data Innovation Act,
India's first anti-cybercrime legislation, was approved by parliament in the year 2000. The
National Cybersecurity Accord, which outlined India's strategy for preventing and responding to
cybercrime, was scrapped by the government in 2011. 3

The decision of the joint meeting of the united states on January 30, 1997, passed the Data
Innovation Act, which led to the agreement to enact advanced electronic commerce in global
commercial law. The Department of Utilities (DoE) drafted the allegation in July 1998. Either
way, it was introduced in the House of Agents on December 16, 1999, when the modern Data
Innovation Bureau was established. In any case, it has been revised by the community of players
following several recommendations regarding e-commerce and questions about World Trade
Organization (WTO) commitments. After the charge was submitted to parliament, it was brought
before a 42-member parliamentary standing committee, based on the requests and
recommendations of MPs. One debated proposal is that the owner of his web cafe should keep
track of the names and addresses of all his cafe's guests, as well as a list of the websites he has
visited. This proposal is made to control cybercrime and make the quick search for
cybercriminals less demanding. But at the same time, he was criticized for abusing the right to
protect Internet users and was not conservative. In the end, the proposal was rejected by the IT
department in the final draft. 4

Summary of Important Articles of the IT Act

3 Hardik Mishra, Cyber Laws in India available at . https://legaldesire.com/cyber-law-in-india-meaning-

introduction-history-need-important-terms-and-amendments

4 Hardik Mishra, Cyber Laws in India available at. https://legaldesire.com/cyber-law-in-india-meaning-

introduction-history-need-important-terms-and-amendments
Adjudication:- The term "arbitration" is defined in Section 46 of the Act, and the Secretary of
the Government of India, or an equivalent, serves as the arbitrator and is expected to be handled
by state governments in accordance with set protocols. The Act establishes a procedure for
making decisions in which applicants are afforded a fair opportunity to present their cases and,
following a thorough investigation by a designated official, are subject to the penalties outlined
in Section of the Act if the officer determines that a crime has been committed. The Act also
details the Cyber Central Administrative Court's establishment procedure. The Code of Civil
Process vests the civil courts and the online court of appeals with the authority to decide cases.
His ICICI bank fraud lawsuit in India was the first case to be resolved. In that case, the plaintiff
said that he had suffered financial losses owing to the bank's lax security measures.

E-commerce:- The expansion of India's e-commerce industry in recent years has been
phenomenal. There has been a dramatic transition in commerce in India from traditional
marketplaces to online ones. The IT Act establishes a regulatory framework for all aspects of
electronic commerce, guaranteeing the validity of digital signatures and electronic records,
safeguarding customers' private information, and placing special emphasis on the security of
such records. Its other goals are to make electronic trade easier and more secure, to crack down
on fraud and counterfeiting, and to punish offenders severely.

Electronic Governance:- Section 4, followed by Electronic Records, Storage, and Electronic

Records, provides a thorough discussion of the concerns, processes, and legal recognition of
electronic records discussed in Chapter 3 of the IT Act of 2000. Here's how the process goes
down. The following parts provide processes relating to electronic signatures and regulatory
rules for agency authentication and apply throughout contract maintenance and after the validity
of an electronically completed contract has been recognized. 5

Digital Signature:- The phrase "digital signature" as used in Section 3 refers to the subscriber's
electronic or procedural authentication of each electronic record. Digital signatures with
attachments are generated in two distinct procedures. To protect the authenticity of the
information included in an electronic record and guarantee its transmission, a mathematical
function known as a "hash function" is first used to turn the record into a message digest. If the

5 Raj, Aijaj & Rahman, Wazida. (2016). E-commerce Laws and Regulations in India: Issues and Challenges.
data in an electronic record is altered in any way, the signature becomes invalid. Second, the
message digest contains the digital signature's creator's private key, whose identity can be
verified by anybody with access to their public key. Anybody with access to the digital signature
may then confirm the authenticity and integrity of the signed electronic record. 6

Now, more than ever, knowledge is critical. Under the Information Technology Act of 2000, a
firm would be entitled to legal recourse if a hacker gained access to its computer system or
network and damaged it or copied data. 7

The Cybersecurity Policy of 2013

In 2013, the Indian government devised a new framework to create legislation to prevent
cyberattacks in response to the IT industry's phenomenal growth and the startling increase in
such attacks. The policy establishes standards for safe online activity in India and a framework
for conducting secure electronic transactions. Coordination between the public and private
sectors is essential for securing private data and improving India's cyber environment. The
judgment orders Cert-In to carry out Section 70 of the IT Act, which among other things
mandates that it conduct prediction and warning studies of cyber security risks, analyze and
publish data on cyber events, and offer emergency support to deal with such occurrences.
They've begun to take action. Noteworthy is CERT-function In's as an electronic publisher of
security flaws and security warnings. With the support of CERT-In, you may lawfully combat
cybercrime.

Cyber Crimes

"Cyber crimes" are not specified in any laws or statutes in India. The term "cyber" is frequently
used in relation to computers, data innovation, etc. Crimes committed using electronic means
(such as computers, data innovations, the internet, and virtual reality) are appropriately termed

6 Overview of Cyber Laws in India available at https://taxguru.in/wp-content/uploads/2012/10/cyber-laws-

overview.pdf

7 Dugal P, Cyberlaw In India: The Information Technology Act 2000 - Some Perspectives - Media, Telecoms, IT,
Entertainment available at . https://www.mondaq.com/india/it-and-internet/13430/cyberlaw-in-india-the-
information-technology-act-2000--some-perspectives
"cyber-crimes" 8. Since the world has come to rely more and more on the internet for basic
necessities, cybercrime has also developed at a rapid rate in recent years. Cybercrimes have
evolved to the point that they occur almost daily today. Even the most secure government
websites are routinely breached, much less the social media accounts of average people. Eight
out of ten people, according to the research, fall for cybercriminals' traps of various kinds. 9
Information held by the government was included in over a thousand of the most serious data
breaches. Aadhaar, India's one-of-a-kind system of citizen-recognized evidence, was affected by
one of these security vulnerabilities. In the early months of 2018, hackers broke into the Aadhaar
system, exposing the personal information of over a billion People. The victims of cyberbullying
and other forms of cyber misuse suffer additional harm beyond the financial losses caused by
cybercrime. More than 4,000 women and children in India were victims of cyberbullying and
4,444 cybercrime incidents including sexual badgering were reported in 2018. Although a large
percentage of Indians acknowledged that both clients and social media platforms were liable for
damaging conduct on social media, growing awareness of the problem of cyberbullying may be
driving this high number of incidents. In 2018, the government moved to establish a nationwide
cybercrime reporting system, allowing individuals to register concerns over the internet.

Types of Cyber Crime

Criminals have found new methods to take advantage of individuals on the Internet as a result of
the development of technology and the ongoing progress of science. Some of the more frequent
and scary forms of cybercrime are described here.

a) Identity Theft:- Using a false identity to trick someone into believing you are someone else.
Using another person's identity to steal or commit fraud According to Section 66-C of the
Information Technology (Amendment) Act of 2008, the theft of identity is described as follows.
The offender risks a fine of up to 10 million Indian rupees and a prison sentence of up to three
years. 10

8 Cyber Crimes Under The IPC And IT Act - An Uneasy Co-Existence - Media, Telecoms, IT, and Entertainment -
India available at. https://www.mondaq.com/india/it-and-internet/13430/cyberlaw-in-india-the-information-
technology-act-2000--some-perspectives
9 Varsha, An Analysis on Cyber Crime in India available at www.legalserviceindia.com/legal/article-797-an-
analysis-on-cyber-crime-in-india.html

10 Kumar S, Present scenario of cybercrime in INDIA and its preventions

b) Getting to networks or computers without authorization: Although the term "hacking" is
often used to describe this behavior, Indian law considers hacking to be merely one kind of
"unauthorized access" and hence defines it more broadly. By definition, "hacking" refers to the
illegal deletion or modification of data, whether it be immaterial or physical, held in a computer
asset. Except as provided in Section 66, anyone who deletes, alters, or otherwise disposes of
information in a change with the intent to or knowledge that doing so would result in illegal loss
or harm to the public or any other person will be subject to criminal prosecution. Reduce the
value or utility of computer resources, cause damage to the computer, or engage in hacking
activities. Hacking offenses are punishable by up to three years in prison, a fine of up to Rs 2
lakh, or in some cases both. 11

c) Cyberterrorism: In Section 66F of the Information Technology Act, the Indian government
explicitly defined "cyberterrorism" following the terrorist attacks on September 11, 2001.
Cyberterrorism includes hacking, poisoning, and preventing access to information that is
required by law. Attacking vital government databases online is a primary goal of
cyberterrorism. National security and diplomatic sensitivity need the secrecy of this information.
These violent activities endanger national security in order to extract money from the
government. Create fear among the Indian populace by disrupting public order or spreading false
information. It threatens not just vital public services but also vital information infrastructure,
which may lead to loss of life, injury, and property. 12

d) Cyberstalking: To cyberstalk is to harass, stalk, or make covert approaches toward another

person through the Internet or other electronic methods. One example is making repeated threats
or sending harassing messages because you posted sexually explicit content online. Anyone who
engages in cyberbullying or cyberharassment of another person, who send or use sexually
explicit information, or who publishes obscene content about victims should face criminal
penalties under Section 67 of the Information Technology Act of 2000. As the usage of social
media increased, Section 67B of the Information Technology Act of 2000 was passed to protect

11 Overview of Cyber Laws in India.

12
www.researchgate.net/publication/228192670_Information_Technology_Act_and_Cyber_Terrorism_A_Critical_Re
view
children from cyberbullying and cyberstalking. The promotion of material on the site that is
terrifying to children's brains is also penalized in this part. 13

Cyberattacks in India

On Friday, 10 February, Rajeev Chandrasekhar, India's minister of state for electronics and IT,
informed parliament that the country had recorded 13.91 crore cyber incidents in 2022. Although
these findings do include data documented and monitored by India's Computer Crisis Response
Group (CERT-In), they still do not provide a comprehensive picture of cyberattacks inside the
country. Nonetheless, there were fewer targeted cyberattacks in 2022 than his Rs 14.02 crore in
2021. According to official statistics, 11.58 lakh cybersecurity events were reported to CERT-In
in 2020, up from 2.08 lakh the previous year. The results of a specialist study on cyber attacks
conducted by AIIMS Delhi were also disseminated by the minister. According to Chandrasekhar,
the attack was carried out by an unidentified risk performer and was the result of a dishonorable
organization division. According to the analysis, a server inside the AIIMS IT arranges was
hacked by a mysterious attacker because of shameful arrange division, resulting in a disruption
of commerce since fundamental programs stopped working. According to the response, "CERT-
In and other partners have prompted the necessary remedial activities in this respect." The
massive cyberattack on the country's primary therapeutic institution last November damaged the
basic national framework.

Ultimately, the Intelligence Fusion and Strategic Operations (IFSO) department of the Delhi
Police filed complaints of extortion and cyber terrorism. The matter is now being probed by
CERT-In, the Central Bureau of Investigation (CBI), and the National Investigation Agency
(NIA).

MoS was informed by his representative, Sushil Modi, that a National Cybersecurity Strategy
has been created by the Secretariat of the National Security Council (NSCS) to deal with
concerns about the safety of the nation's cyberspace. I addressed your other query as well.

13 Keswani M, CYBER STALKING: A CRITICAL STUDY.

http://docs.manupatra.in/newsline/articles/Upload/455C1055-C2B6-4839-82AC-5AB08CBA7489.pdf
The government stated it was "fully aware" of many cyberattacks and was working to "enhance
its cybersecurity posture and mitigate cybersecurity events." a rice paddy.

Remedies for Cyber Crime Casualties in India

If a person or business has fallen victim to cybercrime, they may file a report at any local police
station and get a response from Cyber Cell within 24 hours. In response to the complaint, they
will move swiftly to put the site together to predict, aid in accessing, and attempt to retrieve
information. Several laws and regulations from various government agencies also include
provisions criminalizing cybercrime. The Information Technology Act of 2000 and the Indian
Penal Code of 1860 both provide legal sanctions for certain cybercrimes.

Sections of the 2000, IT Act Offenses Penalties

43 Damage to computers or its Compensation not exceeding

system 1 crore.

43A Failure of the body corporate Compensation for the affected

to protect data individual not to exceed more
than Rs. 5 crores.

45 If no punishment has been A penalty of not more than

specified individually twenty-five thousand rupees
or compensation for the
person who was harmed by
the violation, whichever is
greater.
66 Computer system hacking, A sentence of up to three
data modification, etc. years in jail, a fine of up to
five lakh rupees, or a
combination of the two.

66A Using communication A sentence that may last up to

facilities to send hateful three years and a fine and in
IPC 378
messages, etc. IPC: either a sentence of up to
three (three) years in prison or
a fine, or both.

66C Usage of an electronic Imprisonment for a time that

signature fraudulently may last three years, as well
as being subject to a fine that
may amount to 1 lakh rupees.

66F Internet-Based terrorism Life imprisonment is a

possibility for punishment.

66D Tricks by impersonating and Imprisonment over a period

accessing resources from that may last three years, as
computers well as being subject to a fine
that may amount to 1 lakh
 rupees.

70 Access to the protected system Imprisoned to a period that

without authorization might last 10 years, as well as
being subject to a fine.

The following are the cyberattack remedies covered under the IPC:-

Sending threatening emails over the Internet Section 503 of

the IPC

Using email to send offensive messages Section 499 of

the IPC

Counterfeiting of digital Records Section 463 of

 the IPC

False Websites and Online fraud Section 420 of

the IPC

Data thievery Section 378 of

the IPC

Sharing of offensive content Section 292 of

the IPC

Cyber Terrorism Section 121of

the IPC

Fraudulent Personification Section 419 of

the IPC
 Email forgery Section 463 of
the IPC

Phishing- Attack Section 383 of

the IPC

Email Violence Section 500 of

the IPC

India and the United States: Understanding the Law on Cyberspace from a Comparative
International Perspective

The concept of privacy is vague and open to numerous interpretations. A person's or a group's
capacity to shield their private lives and activities from public view and exert control over the
dissemination of information about them. An individual's, a community's, or an organization's
right to control the timing, manner, and scope of the dissemination of information about itself is
known as privacy. To be left alone in peace and quiet is to enjoy the right to privacy. It may also
indicate keeping one's distance from the spotlight so as to escape unwanted attention. To be left
alone is a basic human need, and the right to privacy is an implied duty. 14

Privacy Rights Under Indian Cyber Law

The idea that one's personal information is like any other kind of property has to be protected.
So, an individual has the same legal right to protection for his or her identity and associated
information as they have for their property. Despite the absence of explicit data protection laws
in India, Article 21 of the Indian Constitution, which covers personal liberties, has been properly
interpreted in several cases concerning privacy rights and the protection of sensitive information.

That's the situation; as a result of the ongoing debate, numerous nations have established new
laws and utilized new technology to better protect individuals' privacy online.

Numerous international agreements protect persons' right to privacy. Article 17 of the Covenant
on the Protection of Human Rights and Fundamental Freedoms.

Article 8 of the Covenant on Fundamental European Rights. Twenty nations have so far signed
the Convention on Human Rights for the Protection of Privacy Relating to Information
Technology, which was adopted by the Council of Europe in 1985.

Data protection, cross-border information sharing, advisory committee composition, and EU

Agreement amendment processes are all spelled out in the accord. The EU Data Protection
Directive of 1998 reinforced the principles set out in the EU treaties. In 2000, India approved the
Information Technology (IT) Act to regulate the country's IT sector in the face of widespread
cybercrime.

14 Debesh, Understanding Cyber Law: International Perspective Comparative Study - India And USA available at
https://www.legalserviceindia.com/legal/article-8855-understanding-cyber-law-international-perspective-
comparative-study-india-and-usa.html
Damages resulting from computer intrusion, hacking, privacy and confidentiality breaches
brought on by computer contamination, and the release of counterfeit digital signature
certificates are covered by this statute. Definitions of terminology like "transmission,"
"collection," "private domain," and "public" may be found in Section 66E of the Information
Technology Act of 2000. The Information Technology Act of 2000 includes penalties for
violations of confidentiality under section 72. Confidentiality and privacy are inextricably linked.
As only authorized officials are covered by this provision, its reach is limited. This means that
the arrangements described in this section remain in effect for approved information gatherers.
Although these agreements are meant to address crimes perpetrated by professionals like
arbitrators, members of the Cyber Regulatory Offers Tribunal (CRAT), and certifying
organizations, their applicability is severely limited by the Act. Unauthorized access to computer
systems is penalized by fines and jail time under Section 43 of the Information Technology Act
of 2000. Those who gain unauthorized access to a computer system and steal data or introduce
viruses shall be held accountable under this section.

India's New Privacy and Data Protection Regulation

India's information technology system has been updated with the passage of the Information
Technology (Amendment) Act, 2009. All parties (including middlemen) who provide services
according to a valid contract should perform such services in accordance with the terms of the
contract and shall not be responsible for wrongful loss or unlawful conduct under Section 72A of
this Act, you shouldn't give out any information that might put you at risk financially. If this
obligation is broken, the criminal might spend up to three years in jail and/or pay a fine of up to
Rs. 5 lakhs. Furthermore, there are certain constraints on how subscribers may use their privacy
rights under Articles 67 and 69, which ban things like pornographic content and interference
with national security, sovereignty, and direction from the controller. Decoding deployment
information is one of the few exceptions to this rule. The Information Technology
(Amendments) Act of 2009 amended Section 69 to cover legitimate instances of Internet
censorship. The federal government or the government of a state and its authorized
representatives may intercept, monitor, or decrypt any information created, transmitted, received,
or stored in a computer resource under this provision if doing so is necessary or advantageous for
defending India, preserving the sovereignty of India and integrity, assuring the state's security,
maintaining friendly and peaceful relations with other states, upholding public order, or
preventing an emergency. Websites that include material listed in Section 69 may also be
blocked under Section 69A. If it is determined that it is essential to put reasonable limits on basic
rights guaranteed by the Constitution of India to safeguard public order, national integrity,
sovereignty, and allied interests, then this clause is in line with such restrictions. Section 69B
gives the Central Government the authority to permit any government agency to monitor and
collect traffic data or information generated, transmitted, or received by, or stored in, any
computer resource in order to further strengthen cyber security and to identify, analyze, and
prevent the intrusion of computer contaminants.

The US of America, the UK, and Australia's Privacy Laws on Cybersecurity

There are various industry-specific cyber regulations protecting critical infrastructure in the
United States, and each federal agency has its own cybersecurity requirements that must be
adhered to. Despite this, the rate of cyberattacks and cybercrimes in the United States remains
15
the highest in the world. Other state and federal legislation are also included in the statutes .
The following legislation has noteworthy provisions. Furthermore, a substantial amount of both
federal and state laws are covered by the act. The aforementioned acts contain some significant
clauses. The Counterfeit Access Device and Computer Fraud and Abuse Act of 1984 governs
frauds or attacks on the federal computer system or any banks, interstate access to sensitive
information pertaining to overseas trade, and trade between nations.

• The Computer Security Act of 1987 created the National Institute of Standards and Technology
(NIST), which is responsible for developing secure systems, upholding security standards,

15 Federal Laws Relating to Cybersecurity: Overview of Major Issues, Current Laws, and Proposed Legislation
available at https://sgp.fas.org/crs/natsec/R42114.pdf
reducing cybercrime to an alarming degree, and establishing programs to raise awareness about
cybersecurity. However, topics pertaining to national defense are exempt from this.

• The Documentation Reducing Act of 1995 was one of the reasons for wanting enhanced
cybersecurity regulations.

• According to the 2002 Homeland Security Act (HSA), the Department of Homeland Security
was given responsibility for defining the requirements for cybersecurity.

• The National Science Foundation (NSF) and the National Institute of Standards and
Technology (NIST) were given the task of developing a research agency to combat cyberattacks
and improve the United States cyberspace infrastructure in 2002, thanks to the Cyber Security
Research and Development Act.

• The Electronic Government Act of 2002 is a landmark piece of legislation. Federal information
technology principles and regulations are included in the legislation, and stringent requirements
for cyber security are established.

The federal government has recently enacted new cybersecurity legislation and altered existing
ones to create a more robust security environment.

1) The Act of Sharing Cybersecurity Information (CISA)– To enable the sharing of worries
about cybersecurity across several government authorities, this legislation was introduced in
2015. Its main objective was to enable the development of a robust cyberinfrastructure for the
immediate exchange of cybersecurity issues, disruptions, and other concerns among various
government agencies.

2) 2014’s Cybersecurity Enhancement Act: As suggested by its name, this Act will enhance
cyberinfrastructure, develop better regulation of cybersecurity issues, raise awareness of
cyberattacks, and reduce cyberattacks. It was launched to help victims and apply measures
against cybercrime. Encourage voluntary public-private relations and research and development
in this field.

3) Government Trade Information Breach Notice Act of 2015: The statute mandates that
patients be notified of a data breach within 60 days of the incident and provides victims with
rights for their well-being to cover the disappointment. sets stringent guidelines for the section
and directs. Doing so will result in serious punishments beneath the law. Right now, the joined
together states have 50 government and state statutes beneath this act, and it is evident that the
nation is continually working to overhaul modern cyber approaches and superior frameworks.
But despite persistent endeavors, the government is still incapable to contain cyberattacks in
America. This also applies to the private segment with the most excellent frameworks input,
protection breaches, and phishing assaults within the private segment happen on a day-by-day
premise 16.

Within the Joined together States, in expansion to the assurances given by government law, an
individual's data is additionally ensured by state laws. Numerous states have buyer assurance and
extortion laws that frequently address attacks of protection and unlawful information collection
hones. For illustration, Virginia has consolidated information collected through the web into its
protection law. Appropriately, companies that collect information over the Web may be held at
risk beneath a few or all of these directions in purviews where the information is accessible over
the Web. In countries like India and the Joined together States, proper protection isn't
unequivocally cherished in lawful terms, but it is recognized as a verifiable right within the
constitutions of these two nations. The Electronic Communications Security Act of 1986 (ECPA)
gives due thought to information subject permission, as the need for educated consent may be
used as a court defense. From a security viewpoint, India's Data Innovation (Correction) Act,
2009 presents a qualification from wrongdoing by presenting a component of human common
sense to recognize between encroachment (infringement) and wrongdoing 17.

United Kingdom

There is no overarching legislation in the UK managing IT or cyber security, and instead, based
on laws like the Security Services Act of 1989 and the Civil Emergency Act of 2004, several
government entities are subject to various legal obligations. It offers a great deal of leeway for
the creation of novel cyber shielding techniques. The year 2009 saw the Office of Cyber
16 Hardeep Singh, A Glance At The United States Cyber Security Laws https://www.appknox.com/blog/united-
states-cyber-security-laws
17 Debesh, Understanding Cyber Law: International Perspective Comparative Study - India And USA available at
https://www.legalserviceindia.com/legal/article-8855-understanding-cyber-law-international-perspective-
comparative-study-india-and-usa.html
Security's establishment. By 2010 it has expanded its remit to include Information Assurance
(OCSIA). Collaborate with businesses to establish shared norms and information sharing. When
it comes to enforcing national cybersecurity standards, the National Cyber Security Center
(NCSC) has all the power. Advising and coordinating government and private sector
cybersecurity activities. NCSC was established in 2016, and its responsibilities encompass those
of the communications-electronics security group, CERT-UK, and GCHQ, the National Security
Agency of the UK's intelligence division. The National Infrastructure Protection Center and
Network and Information Security Regulations 2018 oversee the cyber evaluation center and
18
other essential infrastructure security responsibilities (NIS) . The Privacy and Electronic
Communications (EC Directive) Regulations of 2003, the Communications Act of 2003, the
Computer Misuse Act of 1990, the Financial Conduct Authority, the Prudential Regulation
Authority Rules, the common law, and the common law tort of misuse of private information are
all examples of other laws and regulations that may be applicable.

The UK's business sector is under strict restrictions under the General Data Protection
Regulation (GDPR) and the Cybercrime Act of 2018 (Act) to take action to prevent third parties
from violating data security and to take further measures to combat cybercrime. We advocate for
the establishment and maintenance of several cyber hygiene measures. All suppliers of essential
services, including hospitals, transportation systems, and online marketplaces, are subject to the
law's cyber security provisions 19.

Australia

The Cybercrime Act is a comprehensive law that addresses computer and online crime. The
sending of commercial electronic communications, including emails, has been subject to
regulation under various laws, such as the Spam Act. Limit the sending of spam and other
unwanted electronic communications, with a few caveats. The Australian Communications and

18 Joshi., A comparison of legal and regulatory approaches to cybersecurity in India and the United Kingdom
Shared under Creative Commons Attribution 4.0 International license available at https://cis-india.org/internet-
governance/files/india-uk-legal-regulatory-approaches.pdf

19 Cybersecurity and the UK legal landscape available at https://www.whitecase.com/insight-alert/cybersecurity-

and-uk-legal-landscape
Media Authority is in charge of enforcing this legislation 20. The Preventive Privacy and Security
Structure and the Privacy and Information Secu Handbook are only two of the rules and
regulations the Australian government has in place to safeguard public privacy. Recently, the
Australian government published its strategy for enhancing cybersecurity by 2020. Its goals
include reducing cybercrime and raising awareness of the issue, as well as providing cyber
assistance to individuals and small companies. Although similar to the United States in terms of
basic cyber regulation, Australia lacks specific legislation in several sectors, including health,
personal, and commercial insurance.

Comparative Analysis of Russian and Indian Cyber Laws

The special connection between Russia and India was established after the Soviet Union's fall
because Russia inherited India's preexisting good ties with the Soviet Union. There are five key
areas of collaboration between India and Russia: politics, military, civil energy, counter-
terrorism cooperation, and space exploration. The sixth dimension, which focuses on economics,
has been trending in recent years. The largest project in this field, the Integrated Long-Term
Cooperation Program (ILTP) between India and Russia, comprises ongoing research and
technological partners. Organizing the ILTP are the Indian Academy of Sciences, the Indian
Ministry of Science and Technology, the Indian Ministry of Science and Education, and the
Indian Ministry of Industry and Commerce. The SARAS Duet aircraft, semiconductor goods,
supercomputers, poly vaccines, laser-based technology, seismography, highly pure supplies,
applications, and its IT & Ayurveda are among the priority areas for partnership under the ILTP.
In August 2007, a memorandum of understanding was signed in Moscow by the Ministry of
Science and Technology and The Russian Fund for Basic Research.

The Viewpoint of Russia on Cyber Laws

The civil law of the European Union is the cornerstone of Russian law. Both civil law and
indigenous law exist, albeit civil law would take precedence in a dispute. Although data
sequestration is governed on a federal level, and several areas of Russia have yet to pass regional

20A Glance At Australia’s Cyber Security Laws. available at https://www.appknox.com/blog/glance-australias-

cyber-security-laws
rules. The Russian Constitution was amended in 1993 to add the right to privacy and to personal
and family confidentiality. Despite this, they are protected by the right to the privacy of their
communications, and any restrictions on this right must be approved by a judge. Information
concerning an individual's private life should only be gathered, utilized, kept, and shared with
their consent. Certain laws and other rules established concerning these laws govern the
safeguarding of these initial rights. In 2000, the FBI uncovered a widespread hacking campaign
that had penetrated the computer networks of thousands of businesses throughout the United
States. The FBI has identified two Russian nationals, Vasiliy Gorshkov, and Alexey Ivanov, as
the hackers responsible for previous similar operations. The Invita Corporation was founded on a
plan to entice them to the United States. They were both allowed to interview for the position.
During the interview, Gorshkov and Ivanov were put to the test by showing off their hacking
skills. A laptop was provided as an entry point into their private networks; these networks were
located on their own PCs. The Russians had no idea that the FBI had gotten the hacker's stoner id
and word via some kind of style. Gorshkov and Ivanov were immediately detained after the
incident. In addition, the FBI illegally downloaded information from the Russian homes of
Gorshkov and Ivanov using the stoner ID and password. Gorshkov filed a motion to suppress the
evidence after they were convicted, claiming that their rights had been violated in breach of both
Russian law and the Fourth Amendment. The FBI argued that since downloading from an online
source did not quaify as a hunt, it was not necessary to obtain permission from the Russian
government. The Fourth Amendment's prohibition on unwarranted searches and seizures served
as the court's justification for rejecting Gorshkov and Ivanov's petition in response. However,
because the defendant had a possessory interest in the data, the FBI agent's actions to copy it
from the Russian computers did not amount to a search or seizure. Data protection has been a
contentious issue since at least 2014. As sequestration approached, the administration took a
more protectionist stance. The Personal Information Law (The Database Local Law) was
changed by the Russian parliament in a manner reminiscent of Indian law, limiting data
collectors to exclusively access Russian databases. The Data Localization Law was implemented
on September 1, 2015, despite widespread opposition from businesses and the press. Russia has
updated its Data Localisation Law as well as its Information and Information Technology
Federal Laws and its Information Protection Federal Law. Businesses that offer video, audio, or
text-based communication services must now register with the government, retain call records
for not more than six months, and give the government decryption keys if translated discussions
are retained. Russian data privacy laws have recently faced certain difficulties. On May 5, 2014,
Russian lawmakers passed Federal Law Number, 97- FZ, which made major changes to
additional legislation, including Federal Law Number, 149-FZ, enacted on July 27, 2000. In
recent years, major revisions have been made to the Information Law, which went into effect on
July 1, 2018. The amendments, known as the Yarovaya Law, were written by Irina Yarovaya and
had a significant impact on Russian telecommunications and internet regulation. Particularly,
mobile device drivers were mandated to spend a lot of money storing all call recordings and
textbook dispatch content for six months, and internet service providers were mandated to spend
a lot of money storing all call recordings and textbook dispatch content for six months. The
Yarovaya Law mandates that, if requested by Russian law enforcement or intelligence agencies,
drivers must provide overall communications of a similar kind, create specific systems to
conduct investigations, and provide decryption keys if the communications are translated. The
DPA compiled a list of illegal sites using the Data Localisation Act as the legal basis. Under the
law, a detailed procedure for "notice and takedown" is specified. To comply with Russian law,
any databases holding personal information about Russian people must be located inside Russia.
Recently, lawmakers have proposed changes that would significantly raise penalties for
violations. Russian cybercrime is on the increase for two reasons, according to the country's
preeminent computer security firm, Group- IB.The legal structure in place in Russia to combat
cybercrime is insufficient, and the country's laws are highly lenient when it comes to punishing
offenders. Decisions on computer-related offenses are often sometimes delayed or made
interminably quickly in addition, a variety of hacking groups get together to pool resources for
their unethical training. Although the word "cyber" is often kept for the medical and academic
sectors in Russia, the phrase "informatization" is commonly employed by the authorities, and it
alludes to the aggressive disquisition and use of digital technologies for social and commercial
progress. Despite the concepts of "cyber-crime" and "cyber-warfare" or "cyber-attack" are not
mentioned in any official public documents, it is evident that the government distinguishes
between common cybercrimes and cyber-warfare through the use of terms like the security of
information, computer data crime, electronic crime, and instructional resistance to the virus. Data
sequestration issues were legislated in Russia in 2007. Federal Law No. 152-FZ on Personal
Data, enacted on July 27, 2006, is known as the Personal Data Law, almost all aspects of data
security are covered, including the definition of "personal data" and the categories of data that
may be gathered and utilized. The methods by which such data may be collected and reused, the
conditions under which such data may be collected and reused, and the protections that must be
enforced by the agencies conducting such collection. Data processors and data regulators are
treated equally under the Private Data Law. Hence, the provisions of this Law apply to anybody
or any organization handling specific data. The requirements of the Personal Data Law may be
better understood concerning a variety of other laws that regulate more specific areas of data
processing. Similar rules are enforced by the Federal Service for Supervision in the Field of
Communication, Information Technology, and Mass Dispatches (DPA), the Russian
Government's Data Protection Authority, and/or other security organizations like the Federal
Service for Technical and Export Control (FSTEK) or the Russian Federal Security Service.

India’s Take on Cyber Laws

To control unlawful activities online and protect users of e-commerce, e-governance, e-banking,
etc., strict regulations are needed due to the widespread abuse of technology in India and the lack
of legislation to manage it. The Indian Parliament has given its approval to the Information
Technology Act of 2000. The Devices (Amendment) Act of 2008 was ratified to amend the Act.
The scope and breadth of the statute were both expanded by the changes. Data theft now takes
the role of hacking in Article 66, which replaced Article 3. Articles 66a through 66f have been
expanded greatly due to the changes. Some of the offenses mentioned here are: sending
harassing messages via a communication service; deceiving a donor about the origin of a similar
message; breaking into a computer or other communication device without permission; using
another person's electronic hand or identity; committing fraud through impersonation using a
computer or communication device; and publishing private information about another person.
Offenses listed in Section 66 as felonies are both cognizable and not subject to bail. According to
Section 66 of the Amendment Act, if a comparable act is carried out with criminal intent or mens
rea, it will not subject the perpetrator to criminal liability and will instead result in civil liability
with only civil penalties and compensation as remedies. The primary Indian laws were updated
when the IT Act of 2000 was enacted. By including the word " electronic " in the Indian
Criminal Code, digital records and papers are given less legal weight than their paper
counterparts. The IPC now has jurisdiction over " electronic records and electronic documents,"
which was not the case before the amendment of certain sections (such as 192, 204, 463, 464,
468 through 470, 471, 474, 476, etc.). When performing acts of fabrication of physical records in
a crime, electronic records and electronic documents are now treated the same as tangible
archives and papers. To make sure that the evidence and/or punishment can be covered and
proven under either of these or the other law, the inquiry agencies are going to submit cases
charging distance citing the appropriate sections derived from the IPC under sections,464, 468,
and 469 read with the IT Act/IT amending act under sections,43 and 66 in similar offenses after
making the following adjustments. Before the IT Act was passed, only physical documents could
be used as evidence in court. After the IT Act was enacted into law, electronic documents and
records were recognized. With a change to the Indian Substantial Act, the phrase "all papers
including electronic records" was replaced with the original wording. Words like "digital hand,"
"electronic form," "secure electronic record," and "information" were adapted from the IT Act
and given evidential weight as well. Section 65B of the Act, which recognizes electronic
recordings as admissible substantiation, is often regarded as the most consequential change.
Before the introduction of the IT Act, a bank was needed to present the original tally or other
physical documents to validate its books following the Bankers Books Substantiation Act of
1891 21. When the Information Technology Act was passed into law, the definitions section was
revised to read as follows: "Bankers' books include checks, day- books, cashbooks, account-
books, and all other books used in the ordinary business of a bank, whether kept in written form
or as printouts of data stored in droopy, slice, sellotape recording, or any other form of
electromagnetic data storehouse device." There are still a lot of cybercrime mysteries to be
solved.

21 Cyber Laws IT act available at https://www.vskills.in/certification/tutorial/cyber-laws-it-act-etc

Scope of the countries for expansion of their respective Cyber Laws

The frequency of lawsuits regarding data sequestration is on the rise in Russia, prompting
businesses there to plan for more compliance efforts and additional judicial interpretations. We
hope that including would adopt a robust public cybersecurity policy and invest heavily in this
area. Cybersecurity collaboration on a global scale is necessary for countries to develop effective
responses to cyber threats. To prevent the present restrictions from becoming paper tigers, we
must also ensure that they are properly implemented. Nations must be aware of the magnitude of
cyber dangers and the potential harm they might do to public infrastructure, enterprises, and
people notwithstanding the difficulties in recognizing cybercrime and estimating the effect of
cyberattacks. However, there is a growing perception among the public that cyberattacks are
becoming more sophisticated and pervasive. Technological advancements, the expansion of
implied profits from cybercrime, and the diminished likelihood that court rulings will be upheld
are all thought to have contributed to an overall rise in the frequency of cyber hazards over the
past few years.

Conclusion

Cybercrime has existed since the dawn of the computer, the miraculous device that
revolutionized human life. These days, we can't imagine living without our computers. They
have been put to many different uses, ranging from leisure to serious research. Because of the
widespread use and usage of computers, new forms of technology have emerged. It's hardly an
exaggeration to argue that PCs are what started the IT revolution. That's why secrecy is so
important. India can adapt to modern demands thanks to its cyber legal framework, however, this
structure might need some improvement. In particular, it is important to improve the supporting
controller's cybersecurity architecture so that it can keep up with the rapidly developing field of
technology. The government of India is constructing new political institutions to accommodate
these shifts because it recognizes the need of doing so. The flaws in this new policy framework
are tolerated as long as these persistent development challenges persist. Nevertheless, the
objectives show that India is a potential target for cybercriminals, therefore the success of these
initiatives relies on the agencies' ability to implement them in a responsible and untainted
manner. Although the USA has several programs and regulatory organizations in place to defend
cybersecurity, it still lacks essential offenders as compared to other countries.

In addition, the healthcare, insurance, and business sectors in each of these nations are
notoriously underdeveloped. And it's important that India, like every other country, be quite
strict about carrying out well-specified plans. Under Section 72 of the Information Technology
Act, 2000 in India, fines are imposed for the unauthorized disclosure of personal information.
Similar to the electronic communication Security Act (ECPA) of 1986 and the Online Privacy
Protection Act (OPPA) of 2000 in the United States, the new Section 66-E makes it unlawful to
infringe on someone else's privacy. Both the United States and India have been making progress
on this front, although the issue of privacy has been given more attention in India.