5
indicating the communication’s origin, destination, route, time, date, size, duration, or
type of underlying service.
PART II - OFFENCES
3.

Unauthorised access to computer data
(1)

Subject to subsections (2) and (3), any person who causes a computer system to
perform a function, knowing that the access he intends to secure is unauthorised,
shall commit an offence and shall on conviction be liable to a fine not exceeding
50,000 rupees and to penal servitude not exceeding 5 years.

(2)

A person shall not be liable under subsection (1) where –

(3)

(4)

(a)

he is a person with a right to control the operation or use of the computer
system and exercises such right in good faith;

(b)

he has the express or implied consent of the person, empowered to
authorise him, to have such an access;

(c)

he has reasonable grounds to believe that he had such consent as
specified in paragraph (b);

(d)

he is acting pursuant to measures that can be taken under Part III of this
Act; or

(e)

he is acting in reliance of any statutory power arising under any enactment
for the purpose of obtaining information, or of taking possession of, any
document or other property.

An access by a person to a computer system is unauthorised where the person –
(a)

is not himself entitled to control access of the kind in question; and

(b)

does not have consent to access by him of the kind in question from any
person who is so entitled.

For the purposes of this section, it is immaterial that the unauthorised access is
not directed at (a)

any particular program or data;

(b)

a program or data of any kind; or

(c)

a program or data held in any particular computer system.

Select target paragraph3