The Legality of Using Automated Scripts on Indian Government Portals

by

Advocate Rohit
in
The Legality of Using Automated Scripts on Indian Government Portals

Mr. Sameer, a software developer from a metro city, was meticulously tracking his personal finances. To streamline the process, he considered developing a small software script. The purpose of this script was to automatically log into the government’s National Provident Scheme portal using his own unique credentials and the one-time password (OTP) sent to his phone. The script would then retrieve his account statement for his personal records. He was not trying to access anyone else’s information. However, he started wondering about the legal implications of this act. His main concern was whether creating such a script, even for personal use, was permissible under Indian law, and what would happen if he decided to make the script publicly available for others to use.

Advice in such cases

  • Review the Website’s Terms of Service: Before attempting any automated access, thoroughly check the website’s “Terms and Conditions” or “Terms of Use”. Most government and financial portals explicitly prohibit the use of automated scripts, bots, spiders, or scrapers. Violating these terms constitutes a breach of the usage policy.
  • Personal Use vs. Public Distribution: There is a significant legal difference between a script for personal, private use and one that is distributed publicly. While personal use carries a lower risk, making the script available to the public dramatically increases your potential liability, as you cannot control how others might use or modify it.
  • Understand the Security Risks: Creating such a script, especially if made public, can inadvertently expose security loopholes in the government portal. If your script is used for malicious activities by others, you could be implicated in a larger investigation.
  • Consult with Lawyer: The very basic and important step to start is talk to Lawyer / advocate. You should not hesitate in paying his consultation fee i.e. might be in range of Rs. 10,000 to 50,000 depends case to case. He is helping you in this situation of come out. He is expert in the domain and can help you explain the procedure which you might have never explored. A good lawyer can get the issues resolved much faster than you think.

Applicable Sections of Law

  • The Information Technology Act, 2000: This is the primary legislation governing cyber activities in India. The following sections are particularly relevant.
  • Section 43 of the IT Act, 2000: This section deals with penalties and compensation for damage to a computer or computer system. Accessing a computer system without the permission of the owner is prohibited. Even if you use your own login credentials, the *method* of access (i.e., an automated script instead of a web browser) can be considered “unauthorized” if it violates the site’s terms of service. This can make you liable to pay damages to the affected party.
  • Section 66 of the IT Act, 2000: This section pertains to computer-related offenses. If any act under Section 43 is committed dishonestly or fraudulently, it is punishable with imprisonment and a fine. While your intent might be purely personal, if the script is made public and used for fraud, establishing your innocent intent can become a complex legal battle.
  • Bharatiya Nyaya Sanhita (BNS), 2023: While the IT Act is the special law for such cases, if the act involves fraudulent intent to cause wrongful gain or loss, provisions of the BNS related to cheating could potentially be invoked, although prosecution under the IT Act is more direct and common.

If you are the complainant

This advice applies to the government agency or entity whose portal is being accessed.

  • Gather Technical Evidence: The first step is to document all evidence of unauthorized automated access. This includes server logs, IP addresses, user-agent strings, and traffic patterns that indicate non-human activity.
  • Review Terms of Service: Ensure your website’s Terms of Service explicitly forbid automated access. This forms the legal basis for your complaint.
  • File a Formal Complaint: A complaint should be filed with the jurisdictional Cyber Crime Police Station, detailing the unauthorized access and providing all collected evidence. The complaint can be filed under relevant sections of the Information Technology Act, 2000.
  • Consult with Lawyer: The very basic and important step to start is talk to Lawyer / advocate. You should not hesitate in paying his consultation fee i.e. might be in range of Rs. 10,000 to 50,000 depends case to case. He is helping you in this situation of come out. He is expert in the domain and can help you explain the procedure which you might have never explored. A good lawyer can get the issues resolved much faster than you think.
The Legality of Using Automated Scripts on Indian Government Portals

If you are the victim

This advice applies to the individual who created the script and is now facing legal action.

  • Cease the Activity Immediately: If you receive a notice or become aware of a complaint, immediately stop running the script. If the code is published online (e.g., on a platform like GitHub), take it down. This demonstrates cooperation and lack of malicious intent.
  • Preserve Your Records: Keep a copy of the source code and any notes or communication that can prove the script was intended for personal, non-malicious use. This is crucial for your defense.
  • Do Not Tamper with Evidence: Do not delete any data from your computer or devices, as this can be construed as the destruction of evidence and will severely weaken your case.
  • Consult with Lawyer: The very basic and important step to start is talk to Lawyer / advocate. You should not hesitate in paying his consultation fee i.e. might be in range of Rs. 10,000 to 50,000 depends case to case. He is helping you in this situation of come out. He is expert in the domain and can help you explain the procedure which you might have never explored. A good lawyer can get the issues resolved much faster than you think.

How the police behave in such cases

Cyber Crime cells are specialized units that handle such cases. Their approach depends on the perceived intent and impact of the script. They will investigate whether the act was a simple case of personal convenience or if it had a fraudulent or dishonest motive, such as data theft or causing disruption to the government service.

The police will likely issue a notice under the Bharatiya Nagarik Suraksha Sanhita (BNSS), 2023, requiring you to appear for questioning. They have the authority to seize electronic devices like laptops and mobile phones for forensic analysis to determine the script’s functionality and purpose. The seriousness of their response will correlate with the sophistication of the script and the potential damage it could cause.

FAQs people normally have

  • Is it illegal even if I only access my own data with my own password?

    The illegality arises not from the data being accessed but from the *method* of access. If the website’s terms and conditions, which you implicitly agree to by using the site, prohibit automated tools, then using a script is an unauthorized method of access under Section 43 of the IT Act.
  • What if the government website has no clear Terms of Service?

    While unlikely for a major government portal, the absence of explicit terms does not automatically permit automated access. The intended method of use is through a web browser. A court can still consider the use of a script as unauthorized access not intended by the owner of the computer resource.
  • What is the actual risk for a simple, personal script?

    The risk of detection and prosecution for a purely personal and limited-use script is relatively low. However, the risk is not zero. The primary danger emerges when the script is shared or made public. At that point, you lose control over its use, and you could be held responsible for the actions of others who use your code for illegal purposes.
The Legality of Using Automated Scripts on Indian Government Portals

What evidence is required?

For the Complainant (The Government Agency):

  • Digital evidence such as server logs showing rapid, systematic requests from a single IP address.
  • A copy of the website’s usage policy or Terms of Service that were violated.
  • If obtained, a copy of the script itself to demonstrate its function.
  • A forensic report detailing the impact, if any, on the server’s performance or security.

For the Accused (The Script Creator):

  • The source code of the script to prove its limited scope and non-malicious nature.
  • Personal records (e.g., financial spreadsheets) showing that the data retrieved was used for the stated personal purpose.
  • Any communication or documentation that establishes the absence of dishonest intent.

How long will the investigation take?

Investigations into cyber offenses can be time-consuming due to their technical nature. The initial inquiry by the police, including forensic analysis of seized devices, can take several months.

If a First Information Report (FIR) is registered and the case proceeds to trial, the judicial process can be lengthy, often taking several years to reach a final verdict due to the complexities of presenting technical evidence and the existing caseload in the courts.

Advocate Sudhir Rao, Supreme Court of India

Rate this post