Introduction
As the 21st century rapidly moves into an era dominated by digital infrastructure, questions of
Security, privacy, and accountability in cyberspace are more urgent than ever. While laws dealing
with hacking, identity theft, and cyber fraud receive due attention, a less-discussed yet equally
critical provision is Section 66B of the Information Technology Act, 2000. This section
specifically penalises the act of dishonestly receiving or retaining stolen computer resources
or communication devices. It brings into the legal fold not just the primary offenders but also
those who indirectly benefit from cybercrime. In an environment where stolen data and
compromised digital assets are increasingly commodified; Section 66B offers a powerful legal
mechanism to disrupt the market for stolen digital goods.
Text and Scope of Section 66B
The provision, as contained in the IT Act, reads:
“Whoever dishonestly receives or retains any stolen computer resource or
communication device knowing or having reason to believe the same to be stolen
Computer resource or communication device, shall be punished with imprisonment
of either description for a term which may extend to three years, or with a fine which
may extend to one lakh rupees or with both.”
The language of the section is both specific and comprehensive. It criminalizes the receipt or
retention of a stolen digital asset, as long as the person had dishonest intent and knowledge or
reasonable belief that the asset was stolen. Unlike mere possession, the element of intent plays
a crucial role in triggering liability under this provision.
Understanding Key Terms and Legal Elements
Section 66B introduces certain legal terms that carry weight under Indian criminal jurisprudence.
The term “dishonestly” is borrowed from Section 24 of the Indian Penal Code (IPC) and
implies an intention to cause wrongful gain to one person or wrongful loss to another. This ties
the provision to broader criminal law principles and ensures that mere possession, absent
dishonest intent is not punishable.
Further, the provision applies to two broad categories: “computer resources” and
“communication devices.” Computer resources include software, databases, email systems, and
cloud-based platforms. Communication devices can include mobile phones, laptops, routers, and
other network-enabled hardware. These categories are defined in the IT Act and are intentionally
wide to capture the diversity of tools and platforms used in digital transactions.
Importantly, the law also mandates a mental element; the accused must either know or have
reason to believe that the resource was stolen. This ensures that innocent purchasers or users are
not unfairly prosecuted, and only those who wilfully or negligently ignore red flags are held
accountable.
The Rationale Behind Section 66B
While the IT Act deals with several cyber offences, including unauthorised access (Section 66),
hacking (Section 66C), and identity theft (Section 66D), Section 66B is unique because it
criminalises secondary involvement, i.e., dealing in the spoils of cybercrime rather than
committing the initial act.
The rationale is similar to the philosophy behind Section 411 of the IPC, which punishes the
dishonest reception of stolen physical property. In the digital world, where information is easily
copied and distributed without physical constraints, the risk of stolen data being reused or
monetized increases exponentially. Section 66B acts as a deterrent against this downstream crime
by creating legal accountability for those who seek to profit from digital theft, even if they are
not the original hackers.
Application in the Real World
The practical application of Section 66B has become increasingly relevant with the rise in data
breaches, ransomware attacks, and illegal online marketplaces. Consider the case of an
individual who buys a used phone preloaded with pirated software, or a marketing agency that
purchases a large database of consumer details from an unknown source. If it can be shown that
these parties knew or should have known that the assets were obtained illegally; they can be
prosecuted under Section 66B.
Similarly, if a company knowingly purchases stolen proprietary code or trade secrets from a
competitor through an intermediary, Section 66B provides the legal foundation to hold them
criminally liable. This applies not just to individuals, but also to entities that benefit, directly or
indirectly, from stolen digital goods.
The provision has also proven useful in tackling emerging forms of cyber-enabled crimes,
including the resale of hacked OTT accounts, use of cracked versions of paid apps, and even
purchase of fake documents from dark web sources. The breadth of this provision ensures
that both high-profile cybercrimes and common digital offenses are covered.
Mens Rea and Evidentiary Challenges
A central feature of Section 66B is the requirement of mens rea, or guilty mind. Unlike strict
Liability offences, where intent is irrelevant, Section 66B insists that the prosecution prove the
The accused knew or had reason to believe the digital resource was stolen.
This leads to important evidentiary challenges. The courts may examine
❖ The price paid for the item (was it suspiciously low?),
❖ The source from which it was obtained (was it credible?),
❖ The circumstances under which it was received,
❖ Any communications or transactions suggesting awareness of illegality.
While this adds a layer of complexity, it also ensures fairness in prosecution. Innocent users such
as someone who purchases a second-hand laptop without knowledge of its stolen status, are
protected.
Technological Advancements and Investigative Tools
As cybercrimes become more sophisticated, so do the methods to trace them. Advances in
digital forensics have significantly aided enforcement under Section 66B. Today, investigators
can use:
❖ IP logs, to track digital trails,
❖ Blockchain analysis, to follow the flow of cryptocurrency used to purchase stolen digital
goods,
❖ Metadata, to authenticate document origins,
❖ Device imaging and memory dumps, to uncover hidden software or encrypted data.
Such tools help prosecutors establish both the act of receipt and the mental element of
knowledge, ensuring more successful convictions.
Contemporary Relevance in India’s Cyber Ecosystem
The importance of Section 66B has only grown with India’s digital expansion. From
mobile-based payment systems and cloud-based education to e-commerce, artificial intelligence,
and health-tech, vast amounts of sensitive data are now stored and transferred electronically.
In such a landscape, data is not just an asset; it is currency. Ensuring its lawful use and
Distribution is vital. Section 66B complements broader data protection efforts by holding
accountable not just hackers, but also those who perpetrate digital illegality by consuming or
distributing stolen assets.
With increased collaboration between law enforcement agencies, data protection authorities, and
private sector cybersecurity firms, the framework for identifying and prosecuting offenses under
This section is becoming more robust and responsive to real-world needs.
Conclusion
Section 66B of the Information Technology Act, 2000, plays a vital role in India’s cybercrime
framework. While other provisions target hackers, fraudsters, and data thieves, Section 66B
ensures that the chain of digital crime is broken at every link, especially at the stage of use and
benefit. Criminalising the dishonest receipt or retention of stolen computer resources and
communication devices reinforces the idea that digital property must be respected and
protected just like physical property.
As India continues its digital transformation, laws like Section 66B will remain crucial in
ensuring ethical use of technology and strengthening public trust in digital systems. It reminds
individuals and institutions alike that benefiting from a cybercrime is, in itself, a crime, and the
law is equipped to deal with it firmly yet fairly.
Contributed by Paridhi Bansal (Intern)