When it comes to the uncertain rules of the cyber realm, threats are inherently reflective of the presence of gaps in security mechanisms. It is naturally crucial to have a panoptic overview of digital and cyber threats to enforce a safe and secure cyberspace without any weaknesses. The Internet is admittedly a fascinating realm that continues to grow and has proven its usefulness, especially in recent times, in aiding human connection and contact.
But like anything else, the digital realm is a double-edged sword and comes with some cons. Since the digital realm or the Internet is so limitless and knows no boundaries, attempting to bring it under specific areas of jurisdiction is an enormous challenge for various governing bodies who seek to make it a secure space for users.
There are currently similar attempts by foreign bodies that seek to enforce legislative arenas of jurisdiction within the digital realm. Consider the two theories below:
Minimum Contact Theory
The United States Supreme Court, in the case of International Shoe Co. v. Washington, held that the forum court should have jurisdiction over a defendant who is not carrying any business inside the designated jurisdiction. The plaintiff must first show that the defendant had sufficient minimal contacts in the forum, according to the first condition. A corporation must have had some contact with the state in order to be subject to its laws and sued in the state court, according to the minimum contact rule.
Effects Test Theory
A website operator who puts information on a forum and aims to have an impact there can take advantage of the opportunity to do business there. An instance of it can be found in the case of Spacey v. Burger, wherein a California non-resident set up a domain registration system that contained registered trademarks. The defendant exploited the domains for his own personal benefit. The Ninth Circuit sustained a finding of personal jurisdiction in federal court in California. The court determined that the defendant could have foreseen harm done in California by fulfilling the main standards to establish jurisdiction.
Jurisdiction in its popular sense, as O. W. Holmes puts it, is the authority to apply the law to the acts of men. Ordinarily, jurisdiction is exercised over defendants residing or carrying on business or personally working for gain within the territorial jurisdiction of the court. Naturally, jurisdictional law has always been contained by territorial boundaries that are physical in nature and it is only in the growing relevance of the internet age that it has become a grey area when it comes to cyberspace delinquencies.
To exemplify the issue: consider that a person in Switzerland breaks into the private servers of a major national bank in India and siphons crores of rupees to an account in Barbados. Several borderlines have been crossed without the person moving out of Switzerland since this is all occurred digitally. The legal knots arising out of this cyber act are almost impossible to undo because of the various disparities arising out of the differing legislation of countries and their various jurisdictions over cybercrime cases.
When it comes to India, jurisdiction has been defined in Sections 15 to 20 of the Code of Civil Procedure 1908 and relates to the location where there is a particular suit/claim in civil matters against a certain individual. Similarly, Sections 177 to 179 of the Code of Criminal Procedure 1973 defines the scope of jurisdiction qua criminal offences. However, the Information Technology Act 2000 is silent on the aspect of jurisdiction for cyber offences. The Act defines the components as to what would constitute a cyber offence but unfortunately, does not throw much light on jurisdiction for the bar or the bench to seek recourse for.
It is vital to point out that defining and limiting the ambit of jurisdiction is an especially herculean task when it comes to cyber offences since, as mentioned above, any individual from any location is capable of breaking the digital laws of several areas at the same time merely by using a proxy server. However, Indian courts have time and again, by way of a catena of judgments, laid down certain aspects/guidelines on the jurisdiction question.
(1) The non-resident defendant must execute some act or consummate some transaction with the forum, to invoke benefits and protections;
(2) The claim must arise from the defendant's forum-related activity; and
(3) Jurisdiction must be reasonably.
When the plaintiff is not carrying on business within the jurisdiction of a court, and in the absence of a long-arm statute; the plaintiff would have to show that the defendant ‘purposefully availed' itself of the forum court's jurisdiction. It would have to be established prima facie that the defendant's use of the website was done with the goal of concluding a commercial transaction with the website user and that the defendant's explicit targeting of the forum state resulted in an injury or detriment to the plaintiff inside the forum state.
- If the defendant is sued on the basis that its website is accessible in the forum state, what is the plaintiff's burden of proof that the forum court has jurisdiction to hear the matter in passing off or infringement proceedings?
For Section 20(c) CPC regarding the forum state, the plaintiff must show prima facie that the said website – whether euphemistically referred to as "passive plus" or "interactive" – was specifically targeted at viewers in the forum state for commercial transactions. Just having an interactive website is not sufficient to make the defendant amenable to the jurisdiction of the forum court. Applying the principle of intentional targeting, the plaintiff has to show the intention of the defendant to conclude a commercial transaction.
All in all, the citizens of India have entrusted the legislature for the creation of laws and the judiciary often opines that if the legislature has intentionally and wilfully not used a particular word in a statute or has not defined a particular aspect – and if the same is the result of a deeper and thoughtful action. The Information Technology Act 2000 is dubiously silent on the aspect of jurisdiction and this can often cause perplexing situations for bar and bench alike. However, the positive aspect of such a situation is that Indian courts are free to apply their interpretations when assessing the question of jurisdiction in a particular matter.
It can only be deduced that the legislature – by omitting the aspect of jurisdiction from the IT Act 2000 – has bestowed a higher power on the judiciary and has entrusted the same qua with the responsibility of fair and effective decision making.