Tuesday, May 2, 2017


Cybercrime :

Comprehensive guidelines referred to in Letter No. 55019/17/2017-Legal Cell, dated ______ of Internal security Division, Ministry of Home Affairs regarding service of summons/notices/judicial process on persons residing abroad. --

1. Section 105 of Criminal Procedure Code (CrPC) speaks of reciprocal arrangements to be made by Central Government with the Foreign Governments with regard to the service of summons / warrants / judicial processes. The Ministry of Home Affairs has entered into Mutual Legal Assistance treaty/Agreements with 22 countries which provide for serving of documents. These countries are Switzerland, Turkey, United Kingdom, Canada, Kazakhastan, United Arab Emirates, Russia, Uzbekistan, Tajikistan, Ukraine, Mongolia, Thailand, France, Bahrain, South Korea, United States of America, Singapore, South Africa, Mauritius, Belarus, Spain and Kuwait. In other cases the ministry makes a request on the basis of assurance of reciprocity to the concerned foreign government through the mission / Embassy. The difference between the two categories of the countries is that the country having MLAT has obligation to consider serving the documents whereas the non-MLAT countries does not have any obligation to consider such a request.Summons/notices/judicial processes issued by the Indian Courts.

2. The summons/warrants/judicial processes received by MHA are forwarded to the concerned Indian Missions/Embassies which in turn, takes up the matter with the designated authority in that country. In case of MLAT countries, the manner of communication is as laid down in MLAT and can be either directly between MHA and the Central Authority or can be through the diplomatic channel. The designated authority after considering the request directs its agency to serve the document on the concerned person and the report of the service, if any is also received through the same chain. This is broadly the system in majority of the countries. However, in some countries private companies/NGOs have also been entrusted with the service of judicial papers.

3. Based on the experience gained, some guidelines are given below which may be followed while making a request to MHA for service of judicial processes. It may, however, be noted that it is the discretion of the requested country to serve the documents and any time frame for a positive response cannot be predicted.

a) All requests for service of summons / notices / judicial processes on persons residing abroad shall be addressed to the Under Secretary(Legal), IS-II Division, Ministry of Home Affairs, 9th Floor, Lok Nayak Bhawan, New Delhi- 110003. 
All requests shall be forwarded through post only with a covering letter from the  Court official giving the following information: 
a) Material facts of the criminal matter including purpose of the request and the nature of the assistance sought. 
b) The offences alleged to have been committed, a copy of the applicable laws and maximum penalties for these offence. 
c) Name, designation, telephone and fax number of the person/officer who will be able to give any clarification, if required. 
d) The complete address of the issuing authority to which the judicial papers/service reports may be returned. 
e) Approval of the competent authority to bear any expenditure, which they be charged by the foreign government/agency for the service of the documents. 
f) Degree of confidentiality required and the reasons therefore(in case of confidentiality requirement). g) Any time limit within which the request should be executed. 
This will be subject to allowance of sufficient margin of time by the requesting agency, as indicated in para 3(iv) of the guidelines b) MHA, on receipt of request, will examine it in view of the provisions of treaty, if exists, with the requested country and as per the provision of CrPC in case of non-treaty country. 
c) MHA requires at least a period of 12 weeks times for service of such notices in the concerned countries. It is, therefore imperative that a date of hearing/appearance may be decided accordingly. 
d) In the case of non English speaking countries, the notices should be accompanied with the certified/authenticated translation(in duplicate) in the official language of the country where the notice is proposed to be served. 
e) Name and address of the individual/organization should be complete in all respect and PO BOX no. and Passport no. will not suffice as address of the individual. 
f) Ministry of Home Affairs responsibility to service the summons is only in Criminal Matters. Hence, summons in Criminal matters only may be sent to the Ministry for service abroad. 
g) MHA does not undertake service of the non-bailable warrants of arrest. The service of non-bailable arrest warrents amounts to the extradition of the individual. 
The request for extradition are based on certain legal procedures contained in applicable treaties negotiated on the basis of the International Principle of Extradition. 
Such requests are to be forwarded to the Ministry of External Affairs, CPV Division, Patiala House Annexe, Tilak Marg, New Delhi – 110001."

Cyber Security Questions for Board of Directors

Cyber Security Questions for Board of Directors.

Although Board of directors have added cybersecurity risk to their agendas, there is no standard way for boards to think about cybersecurity, much less time-tested guidelines to help them navigate the issue.
For boards, cybersecurity is an issue of enterprise risk. As with all enterprise risks, the key focus is mitigation, not prevention. This universally understood enterprise risk guideline is especially helpful in the context of cybersecurity because no one can prevent all cyber breaches. Every company is a target, and a sufficiently motivated and well-resourced adversary can and will get into a company’s network.
Consequently, terms like “cyber defense” are insufficient descriptors of an effective posture because they evoke the image that corporations can establish an invincible perimeter around their networks to prevent access by bad actors. Today, it’s more accurate to think of the board-level cybersecurity review goal as “cyber resilience.” The idea behind the cyber resilience mindset is that, because you know network breaches will happen, it is more important to focus on preparing to meet cyberthreats as rapidly as possible and on mitigating the associated risks.

1. How do we integrate Cybersecurity with the current business direction and planning? 
2. What are our main Cybersecurity risks? 
3. Is the right amount of Cybersecurity risk accepted? 
4. Is our process for identifying, assessing and managing Cybersecurity risks effective? 
5. Do we have Cybersecurity culture in our organisation ? Do people in this organisation have a common understanding of the term "Cybersecurity"? 
6. How do we ensure that Cybersecurity risk management is an integral part of the planning and day-to-day operations of individual business units? 
7. How do we ensure that the Board’s expectations for Cybersecurity risk management are communicated to and followed by the employees in the company? 
8. Do we have process to manage Electronic evidence? How do we ensure that our executives and employees act in the best interests of this organisation's Cybersecurity posture? 
9. How is Cybersecurity risk management coordinated across the organisation and vendors?
10. How do we ensure that the organisation is performing according to the business plan and within appropriate Cybersecurity risk tolerance limits? 
11. How do we monitor and evaluate changes in the external environment and their impact on the organisation's strategy and Cybersecurity risk management practices? 
12. What information about the Cybersecurity risks targeting the organisation does the Board get to help it fulfil its stewardship and governance responsibilities? 
13. How do we know that the information the Board gets on Cybersecurity risks or threats and vulnerabilities is timely, accurate and reliable? 
14. How do we decide what information on Cybersecurity risks we should publish? 
15. How do we take advantage of the organisational learning that results from the Cybersecurity risk management corrective actions and/or preventive action plans? 
16. What are our priorities as a Board in the oversight of Cybersecurity risks? 
17. How does the Board handle its responsibility for the oversight of opportunities that introduce Cybersecurity risks to the organisation? 
18. How does the Board ensure that at least some of its members have the requisite knowledge and experience to address Cybersecurity risks and one of the member serves as an expert ?
19. How do we, as a Board, help establish the "tone at the top" that reinforces the organisation's values and promotes a "Cybersecurity culture"? 
20. How many grades the Board wish to give itself for overseeing Cybersecurity risk? 
The board is accountable for the organisation’s investment strategy. In years past, information security spending was part of a larger IT-related budget. Not anymore. Gartner estimates that by 2020, IT security spending will grow from $75 billion to $170 billion. With such levels of spending, boards will be more apt to scrutinize investments and actively manage budgets. 
To manage the risk associated with a cyber attack, leadership must bring together key components of an organisation to develop joint ownership of risks and a comprehensive approach to cybersecurity. Having a policy isn’t enough. Companies also need tools, processes, and up-to-date information on the ever changing threats to their enterprises. 

The Author is Chevening Cyber Security Fellow (UK) and participant of IVLP (USA) on Linking Digital Policy Cyber Crime Law Enforcement Program. He is a Practising Lawyer of Bombay High court. 
He regularly Advices Top Corporate Companies and Government Agencies on Cybersecurity Technical and Legal Issues.

Thursday, April 20, 2017

Online impersonation and Sending bomb hoax email - Section 66D Cybercrime

                         On 20-04-2017, the sleuths of Commissioner’s Task Force, West Zone team with the assistance of S.R Nagar police, on credible information made sustained efforts and solved the mystery behind hoax mail which was generated from Hyderabad.
  Details of apprehended Accused :-
Motaparthi Vamshi Krishna @ vamshi chowdary S/o. M.A.sV. Prasad, age. 32 yrs, Occ. Transport agent  R/o. Flat no.G-1, TP Sanjana  Amrutha Residency, Miyapur, R.R.Dist, N/o.  Dendullur (village & Mandal), West Godavari Dist, A.P.

 Brief facts
On 15-04-2017 at 1647 hours commissioner of police,Mumbai received a mail from a mail ID ununn0801@gmail.com  claimed to be woman in the email and stated that she overheard six men chating in a hotel and stating that all 23 people have to split from here and board flights in three cities i.e Hyderabad, Chennai and Mumbai to hijack planes at a time tomorrow. 
On the tip of Mumbai Police alerted and sent the information to the concerned Airport Security agencies about a gang planning to hijack flights from three Airports.
  Basing on the information CISF pressed into service and quick reaction commando teams under taken sanitisation drill at Airport and Airlines have been asked to remain extra vigilant. Extra care has been given to passenger checks, baggage scanning, pre embarkation checks and started special patrols to thwart any bid to storm the Airport.    
As a mail generated from Hyderabad, considering the seriousness and sensitivity of the issue, the Commissioner of Police, Hyderabad instructed the Task Force team to   check the veracity of the mail. 
During the enquiry traced the IP address and found it is a net cafe at Madhura Nagar, S.R.Nagar styled as “E netzone” and enquired with the owner of net cafe and found the register of the visitors and filtered eight persons at the time of generating mail. Since the net cafe did not have CCTV footages and there were no proper records maintained at net cafe centre, The Task Force Police made sustained efforts based on the available of CC footage nearby net cafe and lead to the identification of   accused by name Vamsi Krishna.
During the interrogation the accused revealed that he used to chat with his girlfriend who stays at Chennai. Few days back she proposed a trip to Mumbai & Goa. As he is facing financial problems, he unable to bare expanses for their tour,  he requested her to withdraw the trip proposal, but she denied his request, forced him to go to trip to Mumbai & Goa.   In this process to cancel the trip, he hatched a plan to make her believe that flights have been cancelled because of High Alert at airports.

                            In this connection he created a fake flight booking Ticket on her name dt. 16-04-2017 from Chennai to Mumbai, sent the fake ticket to his girl friend through his mail Id my3softcreations@gmail.com to her mail id on 15-04-2017 to believe her.  If she knows about the fake ticket, she will avoid him.  On that he went to one internet centre styled as “E Net zone” at Madhura Nagar, SR.Nagar on 15-04-2017 at about 1600 hrs. In this net zone he created a fake mail id “ununn0801@gamil.com”  and secured the Mail Ids of Mumbai police commissioner and others and prepared fake message as ‘’hi sir am female here am doing this mail frim Hyderabad as i don’t want to revel my details couse am a female and scared of issues, and mailing u this couse in the after noon around 2pm while having lunch there were 6 guys talking those guys are musclims, they were talking abt plane hijack tommarrow in Hyderabad chennai and Mumbai airport they were talking very slowly but unfortunately i heard few conversations abt this, they were saying all us 23 people have to split from here and have to board flights in 3 cities and hijack them at a time. They spoke some other things also but i couls not hear them as i heard only these few sentences from them, i dont know do am i doing correct or not and they are true or not but heard this so kindly go through this and as i informed this as a duty and a citizen of india and pls dont make me to get into issues’’

On further questioning he revealed that   previously he  was involved in two cases Cr.No. 411/2010, U/s. 420, 458,506 R/w. 34 IPC of S.R.Nagar PS & Cr.No. 32/2013, U/s. 66(D) of ITA Act-2008 & 420 IPC of CCS, Cyber crimes.
The apprehended accused along with seized material being handover to SHO, S.R.Nagar PS for taking further action under 66D of IT act and sec 419, 182 IPC.

Wednesday, April 19, 2017

Is Credit or Debit Card PIN a Electronic Signature as per the Law ?

Is Credit or Debit Card  PIN a Electronic Signature as per the Law ?

For Lawyers across the world, click and wrap agreement i.e. the act of ticking an icon in the shape of a box to accept the terms of a contract can hardly count as a form of signature. In the physical world, that must be right. Similarly, it might be questioned that a personal identity number (PIN) can also be considered to be an electronic signature.
Arguably, the PIN combines two functions. Before considering the two functions, consider the requirements of the bank. The bank needs to satisfy itself that:
1. The card is legitimate (this is difficult to achieve, as the reports about fraud demonstrate), and
2. The card is in the possession of the customer to whom it was issued, or a person authorised by the customer to use the card.
If the bank satisfies itself that its computer systems are interacting with the card issued to the customer (which is not always the case), then the computer system requests the purported customer to undertake one further act to confirm they (or a person authorised by them) have physically inserted the card into the ATM or the point of sale terminal, by keying in the correct PIN. Generally, if the computer systems receive positive results from both interactions, then the bank will permit the person at the ATM or the point of sale terminal to undertake whatever activity they are permitted to do within the terms of the mandate.
The first function of the PIN acts as a means of authentication. The PIN purports to demonstrate that the person that keyed in the PIN knew the correct PIN (there are some forms of attack that do
The first function of a PIN
Prefacenot need the correct PIN – any combination of numbers will act vii to deceive the card issuer that the correct PIN has been keyed in).

Once the computer systems of the bank are satisfied that the card is legitimate and the PIN is the correct PIN of the customer, then the person at the ATM or the point of sale terminal can undertake any activity on the account that is permitted within the mandate and within the limitations of the technology.
The second function of a PIN
The PIN, even though it is offered to the machine before a transaction is effected, acts as a signature to verify a payment or other form of transaction. This means that the presentation of a card to an ATM, and the input of a PIN, is similar to a cheque that is written out by the account holder, signed, and then presented to the cashier at the bank. The customer completes the action necessary to request a payment in advance of the payment being made by the cashier, and then signs the cheque in the presence of the cashier – all before receiving acknowledgment that a transaction has been authorised. This means the PIN is a form of electronic signature.
It might be considered that the action of clicking the ‘I accept’ icon or box, or typing in a PIN are merely a means by which the person agrees to conclude the contract, but the act is not that of appending their electronic signature.
This analysis might be right, but we must recall that the digital world is different to the physical world. Conceptually, some of the forms of electronic signature may not strictly be considered ‘signatures’ in the physical world. Nevertheless, it is a convenient shorthand to refer to some forms of agreeing to enter a contract as an ‘electronic signature’ – at least we can all understand the meaning behind these words, even if the form is not quite what we expect.

Case Law:

Standard Bank London Ltd v. Bank of Tokyo Ltd [1995] CLC 496; [1996] 1 C.T.L.R. T-17 and Industrial & Commercial Bank Ltd v. Banco Ambrosiano Veneto SpA [2003] 1 SLR 221, where a message using an authentication code sent through the SWIFT (Society for Worldwide Interbank Financial Telecommunication) system has the legal effect of binding the sender bank according to its contents, and where a recipient bank undertakes further checks on credit standing or other aspects, it does not detract from this proposition. 

What is ones responsibility as a cardholder?
You, and all your supplementary cardholders, must take all reasonable precautions to prevent the card and the card number, the PIN, or any other security details for the card or account (the “card security details”) from being misused or being used to commit fraud. These precautions include:
  • sign the card as soon as it is received and comply with any security instructions;
  • protect the card, the PIN, and any card security details;
  • do not allow anyone else to have or use the card;
  • do not write down the PIN or the card security details nor disclose them to anyone else including the police and/or banks staff;
  • do not allow another person to see your PIN when you enter it or it is displayed;
  • do not tamper with the card;
  • regularly check that you still have your card;
  • keep card receipts securely and dispose of them carefully; and
  • contact bank about any suspicious matter or problem regarding the use of the card at a terminal.
You must notify bank immediately if:
  • your card is lost or stolen; or
  • your PIN may have been disclosed; or
  • your card is retained by an ATM; or
  • your address or contact details have changed

Definition of Electronic Signature in various Countries

Electronic Signatures in Global and National Commerce Act, 15 U.S.C. §§ 7001-7003. 
ELECTRONIC SIGNATURE. – The term “electronic signature” means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record. 
The Uniform Electronic Commerce Act provides a single, media neutral, definition of an electronic signature in s1(b):
(b) “electronic signature” means information in electronic form that a person has created or adopted in order to sign a document and that is in, attached to or associated with the document.
Order No. 24 of the President of the People’s Republic of China, promulgated on and effective since 4 April 2015, amending the 2004 law.  
Electronic Signatures Law of the People’s Republic of China of 2015. Article 2 provides a definition of electronic signature and data message, both of which are widely drafted:
“Electronic signature” in this law means data in electronic form in or affixed to a data message, which may be used to identify the signatory in relation to the data message and to indicate the signatory’s approval of the information contained in the data message.
“Data message” means information generated, sent, received or stored by electronic, optical, magnetic or similar means.

The Regulation provides the definition of an electronic signature in article 3(10)
‘electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;
Sec 2 (ta) of Information Technology Act 2000 had defines electronic signature as
“Authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature.”
The definition of electronic signature includes digital signature and other electronic technique which may be specified in the second schedule of the Act, thus an electronic signature means authentication of an electronic record by a subscriber by means of electronic techniques. The adoption of ‘electronic signature’ has made the Act technological neutral as it recognizes both the digital signature method based on cryptography technique and electronic signature using other technologies.

Friday, March 31, 2017

Navy man in Jail for 2 years for Child Pornography, cyber crime in India

Navy man gets 2 years Jail for Child Pornography, cyber crime in India : Cyber crime conviction
By Prashant Mali

In the case of Dilip Kumar Vs State of Telangana 
the accused (who is working in Navy then) is convicted for two years rigorous imprisonment and Rs 15,000 fine.
The story:
Accused has same Family name "Sinha" as the Victim from Hyderabad. Accused, a Navy Personnel belong to State of Bihar and was posted on INS Shikra, Mumbai. Accused had sent a facebook request to this victim minor girl, who also happens to be a child of high ranking defence personnel . The victim after finding the same surname was obliged to accept the facebook friend request. Accused then proposes the victim minor girl for a online relationship, to which she refuses. Accuses starts enticing and harassing the victim by sending her obscene, vulgar, abusing and insulting chat messages. Victim then confides this to her parent, who also tries to persuade the accused not to repeat such actions, but the accused remains adamant. The complaint is filed with the police and the cyber crime wing, CID of Telangana Police (Then AP Police) investigates the crime, to find the accused to be an Indian Navy man.

The Court Proceedings and Order :
Pronouncing judgment today, after examining 11 prosecution witnesses, including outstation witnesses, FSL experts etc., Hon,ble Ist Addl Chief Metropolitan Magistrate, Hon’ble Moka Suvarna Raju (I/c VI ACMM Court) at Nampally convicted the accused to undergo rigorous imprisonment (RI) for 2 years concurrently and Rs. 15,000/- fine for the offences punishable under Sections 67, 67-B (c) (d) of The Information Technology Act 2000 (Cyber Law) and Section 509 of The Indian Penal Code.The case was investigated and trial was monitored by B. Ravi Kumar Reddy, Inspector of Police, Cyber Crimes, CID.

Other Facts of the Case :
1. Certificate under Section 65B was not used in the said case, instead of this prosecution an court relied on confession of accused under section 313 of CRPC. The confession was that the facebook account belongs to himself.
Prosecution relied on forensics report of Victims computer where enticing and abusing text was found in the facebook conversation.
2. There was sexually explicit pictures or videos sent (transmitted), it was pure text messages.
3. Accused by himself went to High Court and got a order to expedite the matter, it was his mistake and why was he misguided ? still remains the Question.
4.This was a rare case where in 2010, evidence was asked from California office of Facebook and they had responded positively to Indian police.
5. This is 24th conviction in a cyber crime matter, in the state of Telangana in India.

My comments & Analysis of the Judgement :
I congratulate the team of Telangana police and Government Lawyers for the conviction, as getting more convictions in cyber crime matter is the need of the hour. I would also congratulate Mr. U.Ramamohan Superintendent of Police, Cyber Crimes in CID AP Hyderabad.  As a defence lawyer, i would say that if lower judiciary only has acted under pressure of the higher courts order, then appreciation of the evidence would not have been done satisfactorily and the accused can be left scot free if he goes in appeal. I also see this is not an isolated case from defence forces, where some sexually frustrated defence personnel try to find relationships online. They feel they are behind the secure wall of defence organisations. An awareness training in the defence induction with example of such cases is the need of the hour. Personnel from Navy may be separated on a high sea from civilians on land, but they should remember cyber space has no boundary and cyber crimes today are investigated by sophisticated police officers. So Janata should not go on their uniform or the old perception about them.
Advice for Common Man : Don't talk Dirty Online with Girls below age of 18 Years.

Analysis of The Judgement Delivered : (This Para added on 6th April)
While Analysing the judgment some startling revelations happened to me about the judge being naive or not updated.
1. The Hon. Court has erred in punishing the accused under a section 66A of The IT Act,2000 which was stuck down by the Hon. Supreme Court in Shreya Singhal v. Union Of India [AIR 2015 SC 1523]
2. The Hon. Court has not appreciated the fact that prosecution 
had failed to confiscate Hard Disk from the computer allegedly 
used by the accused in the cyber cafe and thus was not 
available for further digital forensics examination.
3. The Hon. Court in order to ascertain the location of the 
accused on the date of crime has not appreciated the evidence
of "Call Data Record" of the accused mobile phone number , 
which the prosecution has failed to produce 
4. The Hon. Court has failed to appreciate the fact the facebook 
thou have replied to prosecution, but have not revealed 
the ip address, which binds the computer to the accused 
or his location.
5. Certificate under Section 65(B) as required by The Indian 
Evidence Act was not furnished by the prosecution. 
The effect of the same on the evidence thus produced 
was not appreciated the Hon. Court.
6. In my personal view in the age of Information Technology
concluding that the accused was present on the crime location 
only based on statements of witness doesnt sound fair and 
still raises doubts,
7. Accused agreeing that the profile and email belongs to him 
doesn't bind to crime, it just binds him to the weapon of crime.
8. Hon. Court has failed to appreciate the fact that The screenshot of the girl's Facebook profile shows the birthday written there is 19 Aug 1990, which makes her Adult at the time of Crime, whoever wants to send her friend request or chat. She May have faked her Birthday. This gives benefit of doubt in the favour of the accused 
Laws and Sections used
Offences under Information Technology Act 2000.

 67A. Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form. – Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.
67B. Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form.- Whoever,-
(a) publishes or transmits or causes to be published or transmitted material in any electronic form which depicts children engaged in sexually explicit act or conduct or
(b) creates text or digital images, collects, seeks, browses, downloads, advertises, promotes, exchanges or distributes material in any electronic form depicting children in obscene or indecent or sexually explicit manner or
(c) cultivates, entices or induces children to online relationship with one or more children for and on sexually explicit act or in a manner that may offend a reasonable adult on the computer resource or
(d) facilitates abusing children online or
(e) records in any electronic form own abuse or that of others pertaining to sexually explicit act with children, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with a fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees:
Provided that the provisions of section 67, section 67A and this section does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic form-
(i) The publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper writing, drawing, painting, representation or figure is in the interest of science, literature, art or learning or other objects of general concern; or
(ii) which is kept or used for bonafide heritage or religious purposes
Explanation: For the purposes of this section, “children” means a person who has not completed the age of 18 years.
Section 509 of The IPC.  Word, gesture or act intended to insult the modesty of a woman
Whoever, intending to insult the modesty of any woman, utters any word, makes any sound or gesture, or exhibits any object, intending that such word or sound shall be heard, or that such gesture or object shall be seen, by such woman, or intrudes upon the privacy of such woman, shall be punished with simple imprisonment for a term which may extend to three years, and also with fine
Section 313 of The Code Of Criminal Procedure, 1973
313. Power to examine the accused.
(1) In every inquiry or trial, for the purpose of enabling the accused personally to explain any circumstances appearing in the evidence against him, the Court-
(a) may at any stage, without previously warning the accused, put such questions to him as the Court considers necessary;
(b) shall, after the witnesses for the prosecution have been examined and before he is called on for his defence, question him generally on the case: Provided that in a summons- case, where the Court has dispensed with the personal attendance of the accused, it may also dispense with his examination under clause (b).
(2) No oath shall be administered to the accused when he is examined under sub- section (1).
(3) The accused shall not render himself liable to punishment by refusing to answer such questions, or by giving false answers to them.
(4) The answers given by the accused may be taken into consideration in such inquiry or trial, and put in evidence for or against him in any other inquiry into, or trial for, any other offence which such answers may tend to show he has committed.

Navy man in Jail for 2 years for Child Pornography, cyber crime in India

Navy man gets 2 years Jail for Child Pornography, cyber crime in India : Cyber crime conviction By Prashant Mali In the case of D...