To master the Bar Council of India (BCI) syllabus for Cyber Law, one must bridge the technical definitions of cybersecurity with the legal framework of the Information Technology Act, 2000. The syllabus, as prescribed for exams like the All India Bar Examination (AIBE), focuses heavily on the interplay between statutes, digital forensics, and electronic evidence.

Compiled by Adv. Shoeb Hakim, this guide bridges the gap between technical cybersecurity and Indian legislative statutes for AIBE candidates and practitioners.

[SECTION 1: IT ACT & LEGAL FRAMEWORK]

1. On which date did the Information Technology Act, 2000 officially come into force in India?

Ans: 17th October 2000.

2. Which international model law served as the basis for the Indian Information Technology Act, 2000?

Ans: UNCITRAL Model Law on Electronic Commerce (1996).

3. Which specific section of the IT Act defines the term “Electronic Record”?

Ans: Section 2(1)(t).

4. What is the legal definition of “Access” under Section 2(1)(a) of the IT Act?

Ans: Gaining entry into, instructing, or communicating with the logical, arithmetical, or memory function resources of a computer system.

5. Under Section 2(1)(w), who is categorized as an “Intermediary”?

Ans: Any person who receives, stores, or transmits electronic records on behalf of another (e.g., ISPs, Search Engines, Cyber Cafes).

6. What type of security system utilizes a secure pair consisting of a private key and a public key?

Ans: Asymmetric Crypto System.

7. Which section of the IT Act 2000 provides legal recognition to electronic records?

Ans: Section 4.

8. Which section provides for the legal recognition of electronic signatures?

Ans: Section 5.

9. Who is the head of the office responsible for regulating and licensing Certifying Authorities in India?

Ans: The Controller of Certifying Authorities (CCA).

10. Which Chapter of the IT Act 2000 specifically deals with Electronic Governance?

Ans: Chapter III.

[SECTION 2: CYBER CRIMES & PENALTIES]

11. Which section deals with the offense of “Tampering with computer source documents”?

Ans: Section 65.

12. Which controversial section was struck down by the Supreme Court in the Shreya Singhal v. Union of India case?

Ans: Section 66A.

13. Which section provides punishment for “Cheating by impersonation by using computer resource”?

Ans: Section 66D.

14. What is the maximum punishment for “Cyber Terrorism” under Section 66F of the IT Act?

Ans: Imprisonment for life.

15. Which section penalizes the publication or transmission of obscene material in electronic form?

Ans: Section 67.

16. Which section specifically addresses the publication of material depicting children in sexually explicit acts?

Ans: Section 67B.

17. What is the penalty for “Identity Theft” under Section 66C?

Ans: Imprisonment up to 3 years and a fine up to ₹1 lakh.

18. Which section deals with “Violation of Privacy” concerning the capturing or publishing of private images?

Ans: Section 66E.

19. What is the civil compensation limit for damage to a computer or computer system under Section 43?

Ans: Damages by way of compensation not exceeding ₹1 crore.

20. Which section deals with “Hacking” as a criminal offense?

Ans: Section 66 (often read in conjunction with Section 43).

[SECTION 3: EVIDENCE & FORENSICS (BSA 2024)]

21. Which section of the Bharatiya Sakshya Adhiniyam (BSA) 2024 governs the admissibility of electronic records?

Ans: Section 63 (which replaces the old Section 65B of the Evidence Act).

22. Is a certificate mandatory for admitting secondary electronic evidence in a court of law?

Ans: Yes, a certificate is mandatory under Section 63(4) of the BSA 2024.

23. What is a “Mirror Image” in the context of digital forensics?

Ans: A bit-for-bit, forensic duplicate of the original storage media that includes all data, including deleted files.

24. What is the “Hash Value” (e.g., SHA-256) used to prove in court?

Ans: It is used to prove the integrity of the digital evidence, ensuring it has not been altered since acquisition.

25. Which landmark case established that Section 65B certification is a condition precedent for admissibility?

Ans: Anvar P.V. v. P.K. Basheer.

26. What does the term “Chain of Custody” refer to?

Ans: The chronological, timestamped documentation showing the seizure, custody, control, and transfer of evidence.

27. Define “Metadata” in a techno-legal forensic context.

Ans: It is “data about data”—hidden information that reveals the file’s creator, creation date, and edit history.

28. Which forensic process prevents any data from being written to a suspect device during analysis?

Ans: Write Blocking (using a hardware or software write-blocker).

29. Can a police officer seize a mobile device without a warrant in India?

Ans: Yes, under certain emergency conditions for the preservation of evidence as provided in the BNSS.

30. What is “Steganography”?

Ans: The art of concealing secret information (text or files) within a non-secret carrier file, such as an image.

[SECTION 4: INTERMEDIARIES & PRIVACY]

31. What is “Safe Harbor” protection for intermediaries?

Ans: Legal immunity from liability for third-party content provided they follow due diligence under Section 79.

32. Which authority is the national nodal agency for responding to computer security incidents?

Ans: CERT-In (Indian Computer Emergency Response Team).

33. Which 2023 Act now serves as the primary legislation for Personal Data Protection in India?

Ans: Digital Personal Data Protection (DPDP) Act, 2023.

34. Who is a “Data Fiduciary” under the DPDP Act?

Ans: An entity that determines the purpose and means of processing personal data.

35. Which landmark case declared the Right to Privacy as a Fundamental Right under Article 21?

Ans: Justice K.S. Puttaswamy v. Union of India.

✓

Adv Shoeb Hakim

Techno-Legal Strategist

Ex-Credit Suisse & J.P. Morgan

📞 +91 94296 93100

💻 29Y IT

🏦 25Y Fin

⚖️ 15Y Law

🏠 Master Bio & Strategy Hub

Cyber Fraud Emergency: Dial 1930 immediately to report financial fraud on the National Cyber Crime Portal.

[SECTION 5: E-COMMERCE & CONTRACTS]

36. Which section of the Information Technology Act, 2000 validates the formation of E-Contracts?

Ans: Section 10A.

37. What is the legal name for a contract where a user must click “I Agree” to accept the terms?

Ans: A Click-wrap Agreement.

38. Where is an electronic contract deemed to be concluded under the IT Act?

Ans: At the place where the acceptance is received by the originator.

39. Can a Digital Signature be used to execute a Will under the current Indian legal framework?

Ans: No, Wills and Codicils are currently excluded from the scope of the IT Act 2000.

40. What is the “Public Key Infrastructure” (PKI) primarily used for?

Ans: It is the framework used to manage digital certificates and public-key encryption to ensure secure communication.

41. What is the primary role of a “Certifying Authority” (CA) in India?

Ans: To issue Digital Signature Certificates (DSC) after verifying the identity of the subscriber.

42. Define “Electronic Governance” (E-Governance) as per the Act.

Ans: It is the use of information technology by the government to provide services and information to the public.

43. What is a “Smart Contract”?

Ans: A self-executing contract where the terms are written directly into lines of code and executed automatically on a blockchain.

44. Which section deals with the “Legal recognition of electronic signatures”?

Ans: Section 5.

45. What is “Electronic Data Interchange” (EDI)?

Ans: The electronic transfer of business information using a standardized format between computer systems.

[SECTION 6: ADVANCED TECHNO-LEGAL TERMINOLOGY]

46. What is “Ransomware”?

Ans: A type of malware that encrypts a victim’s data and demands payment for the decryption key.

47. Define “Social Engineering” in the context of cybersecurity.

Ans: The psychological manipulation of individuals into divulging confidential information such as passwords.

48. What is a “DoS” (Denial of Service) attack?

Ans: An attack intended to make a computer or network resource unavailable to its intended users by overwhelming it with traffic.

49. What is the general term for any software intentionally designed to cause damage to a computer or network?

Ans: Malware.

50. What is “SQL Injection”?

Ans: A web security vulnerability that allows an attacker to interfere with the queries an application makes to its database.

51. Define a “Botnet.”

Ans: A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge.

52. What is “Two-Factor Authentication” (2FA)?

Ans: A security process that requires two different forms of identification to access a digital account.

53. What is the primary purpose of a “VPN” (Virtual Private Network)?

Ans: To create a secure, encrypted tunnel over the internet to protect data transmission and user privacy.

54. Define a “Zero-day Vulnerability.”

Ans: A software security flaw that is unknown to the vendor and for which no patch or fix has been created.

55. What is “Cryptocurrency”?

Ans: A digital or virtual currency that uses cryptography for security and operates on a decentralized network.

[SECTION 7: JURISDICTION & INTERNATIONAL LAW]

56. Does the IT Act 2000 apply to offenses committed by a person outside India?

Ans: Yes, if the offense involves a computer, computer system, or network located in India, as per Section 75.

57. What is “Cyber Jurisdiction”?

Ans: The power of a court to hear and determine cases involving internet-related activities and cross-border digital crimes.

58. What is the “Zippo Test” used for by courts?

Ans: To determine jurisdiction over a foreign defendant based on the level of “interactivity” of their website.

59. What is the “Long-arm Statute” concept?

Ans: A legal principle allowing local courts to exercise jurisdiction over foreign defendants who have “minimum contacts” with the forum state.

60. What is the “Budapest Convention”?

Ans: The first international treaty specifically addressing internet and computer crime by harmonizing national laws.

61. Is India a signatory to the Budapest Convention on Cybercrime?

Ans: No, India is currently not a signatory.

62. What is “Data Localization”?

Ans: The legal requirement that data about a country’s citizens be collected, processed, and stored physically within that country.

63. Define “Extradition” in the context of cybercrime.

Ans: The formal legal process where one country surrenders a suspected criminal to another country for trial.

64. What is a “Mutual Legal Assistance Treaty” (MLAT)?

Ans: An agreement between two or more countries for gathering and exchanging information in an effort to enforce criminal laws.

65. What is “Cross-border Data Flow”?

Ans: The movement or transfer of personal data across national borders for processing or storage.

[SECTION 8: BCI RULES & ETHICS FOR ADVOCATES]

66. Are Indian advocates permitted to advertise their legal services on social media platforms?

Ans: No, the Bar Council of India (BCI) Rules strictly prohibit solicitation and advertising by advocates.

67. What information is an advocate allowed to display on a professional website?

Ans: Basic information such as name, address, contact details, and areas of practice, without any promotional language.

68. What constitutes “Professional Misconduct” in a digital context?

Ans: Any digital action, such as online solicitation or sharing confidential client data, that brings disrepute to the profession.

69. Can an advocate use Artificial Intelligence (AI) to draft legal pleadings?

Ans: Yes, but the advocate remains personally and professionally liable for the accuracy and ethical compliance of the content.

70. Is “Cyber Ethics” a mandatory part of modern legal training under BCI guidelines?

Ans: Yes, it is increasingly being integrated as a critical component of professional ethics and legal education.

To complete your study set for the Bar Council of India (BCI) syllabus, here are the remaining 30 questions. Each question is separated from the answer by a full empty line, ensuring the clear “line-separated” format you requested.

[SECTION 9: DIGITAL FORENSICS & ELECTRONIC EVIDENCE]

71. What is the “Golden Hour” in a cybercrime investigation?

Ans: The first 60 minutes after a breach is discovered, during which the preservation of volatile data (like RAM) is most critical.

72. Define the term “Bit-stream Image” used in digital forensics.

Ans: A sector-by-sector copy of a physical storage device, including unallocated space and slack space.

73. What is “Write Blocking” and why is it mandatory during forensic acquisition?

Ans: It is a technique that prevents any data from being written to the original evidence drive, ensuring the evidence remains untainted.

74. Which section of the Bharatiya Sakshya Adhiniyam (BSA) 2024 defines “Document” to include electronic records?

Ans: Section 2(1)(d).

75. What is “Slack Space” on a hard drive?

Ans: The unused space in a disk cluster between the end of a file and the end of the cluster, which often contains fragments of deleted data.

76. Define “Cloud Forensics.”

Ans: The application of digital forensic techniques to retrieve and analyze data stored in cloud computing environments.

77. What is the role of a “Cyber Forensic Examiner” in a criminal trial?

Ans: To act as an expert witness, testifying to the integrity, acquisition, and analysis of digital evidence.

78. What is “Metadata” and how does it assist in legal investigations?

Ans: Metadata is “data about data” (such as GPS coordinates in a photo) that helps establish the timeline and origin of an electronic record.

79. What is a “Logical Acquisition” of a mobile device?

Ans: A forensic copy of only the objects present in the file system (like contacts and messages), excluding deleted data or system files.

80. How is a “Hash Value” used to verify the “Chain of Custody”?

Ans: By comparing the hash value taken at the time of seizure with the hash value at the time of trial; if they match, the evidence is proven unchanged.

[SECTION 10: PRIVACY & DATA PROTECTION (DPDP ACT 2023)]

81. Who is a “Data Principal” under the DPDP Act 2023?

Ans: The individual to whom the personal data relates.

82. What is the “Right to Correction” for a Data Principal?

Ans: The right to request the data fiduciary to correct, complete, or update their personal data.

83. Define “Personal Data Breach” as per the new 2023 Act.

Ans: Any unauthorized processing, disclosure, or destruction of personal data that compromises its confidentiality or integrity.

84. What is the “Consent Manager” framework in the DPDP Act?

Ans: A platform that allows individuals to manage, withdraw, or give consent for data processing through a single interface.

85. What is the penalty for a significant data breach under the DPDP Act 2023?

Ans: Financial penalties can extend up to ₹250 crore, depending on the severity and nature of the breach.

86. What is “Data Portability”?

Ans: The right of a user to receive their personal data in a structured, machine-readable format to move it to another service provider.

87. What is a “Significant Data Fiduciary”?

Ans: An entity designated by the government based on the volume of sensitive data it processes or the risk it poses to national security.

88. Does the DPDP Act apply to data processed outside India?

Ans: Yes, if the processing is in connection with offering goods or services to persons within the territory of India.

89. What is “Privacy by Design”?

Ans: An approach where privacy and data protection are embedded into the design and operation of IT systems and business practices.

90. What is the “Right to Erasure” (Right to be Forgotten)?

Ans: The right of an individual to have their personal data deleted by a data fiduciary when it is no longer necessary for the purpose it was collected.

[SECTION 11: RECENT TECHNO-LEGAL TRENDS]

91. What is “Deepfake” technology and its primary legal risk?

Ans: AI-generated synthetic media used to replace a person’s likeness; the primary risks include defamation, fraud, and identity theft.

92. Define “Blockchain” in the context of legal evidence.

Ans: A decentralized ledger that provides an immutable record of transactions, increasingly used to prove the existence and timing of digital documents.

93. What is “Cyberstalking” and which section of the IT Act is often used to prosecute it?

Ans: Repeatedly following or harassing a person online; it is often prosecuted under Section 66D (Cheating by impersonation) or Section 67.

94. What is “SQL Injection” and how does it affect data security?

Ans: A type of cyberattack where malicious code is inserted into a database query to steal or delete sensitive information.

95. What is a “Botnet” and its role in DDoS attacks?

Ans: A network of hijacked computers (zombies) used by a central controller to flood a target website with traffic until it crashes.

96. Define “Phishing” and “Vishing.”

Ans: Phishing is stealing data via fraudulent emails; Vishing is doing so via fraudulent voice calls or VoIP.

97. What is “Two-Factor Authentication” (2FA) and why is it a standard for cyber hygiene?

Ans: A security layer requiring two forms of ID (e.g., password + OTP), making it significantly harder for hackers to gain unauthorized access.

98. What is the “Dark Web”?

Ans: A part of the internet that is not indexed by search engines and requires specific software (like Tor) to access, often used for illicit activities.

99. What is “Cyber Bullying”?

Ans: The use of digital communication to intimidate, threaten, or humiliate individuals, especially minors.

100. What is the “Human Firewall” concept?

Ans: A security philosophy where individuals are trained to be the first line of defense against social engineering and cyber threats.

✓

Adv Shoeb Hakim

Techno-Legal Strategist

Ex-Credit Suisse & J.P. Morgan

📞 +91 94296 93100

💻 29Y IT

🏦 25Y Fin

⚖️ 15Y Law

🏠 Master Bio & Strategy Hub

Cyber Fraud Emergency: Dial 1930 immediately to report financial fraud on the National Cyber Crime Portal.