Dishonestly receiving stolen computer resource or communication device - Sec.66B

Section 66B of the IT Act targets the dishonest receipt or retention of stolen computer resources. This post explains the legal implications, the definition of "dishonest," and how businesses can protect themselves from hardware-related fraud.

May 21, 2012

Understanding Section 66B of the Information Technology Act

In the physical world, receiving stolen property has always been a criminal offence. Section 66B of the Information Technology (IT) Act extends this principle to the digital realm. It specifically targets anyone who dishonestly receives or retains a stolen computer resource or communication device, knowing or having reason to believe it was stolen.

Whether it is a high-end server, a company laptop, or a smartphone containing sensitive data, the law is clear: possession of stolen hardware is a serious risk. For businesses, this means that tracking assets and validating the chain of custody for second-hand equipment is not just good practice—it is a legal necessity.

The Definition of "Dishonest" and "Stolen" in Digital Context

To secure a conviction under Section 66B, the prosecution must prove that the individual acted "dishonestly." In legal terms, this usually means an intent to cause wrongful gain to oneself or wrongful loss to another. Simply holding a device is not enough; there must be knowledge or a clear reason to suspect the device's illicit origin.

Consider a scenario where an employee purchased a cut-price laptop from an unverified vendor without any paperwork. If that laptop was stolen from another firm, the buyer could face scrutiny. The lack of an invoice or a suspicious price point often serves as "reason to believe" the item was stolen. This is why managed security protocols should always include strict inventory controls for all hardware brought into the corporate environment.

Punishments and Legal Implications

The penalties for violating Section 66B are substantial. A person found guilty can be punished with imprisonment for a term of up to three years, a fine of up to one lakh rupees, or both. Unlike some minor technical violations, this is a substantive criminal offence reflected in the police record.

Beyond the legal penalty, there is the massive risk of data exposure. If you are in possession of a stolen device, you are likely holding someone else's unencrypted data. This can trigger a cascade of issues under data protection laws and damage your professional standing. Engaging in professional cyber crime investigation can help trace the origin of suspicious hardware before it enters your network.

How to Protect Your Organisation

Preventing hardware-related legal trouble requires a proactive approach to procurement and disposal. We recommend the following steps to ensure compliance and security:

  • Verify All Vendors: Only purchase hardware from authorised dealers or verified secondary markets with clear ownership documentation.
  • Asset Tagging: Use physical and digital asset tags for every device. If a device is lost or stolen, it should be immediately entered into a "stolen" database.
  • Remote Wipe Capabilities: Ensure all company communication devices can be wiped remotely to prevent stolen hardware from being a gateway to your network.
  • End-of-Life Disposal: When disposing of hardware, use certified data destruction services that provide a certificate of destruction.

If you suspect that your organisation has inadvertently acquired stolen hardware, or if you need to recover assets stolen from you, digital forensics can provide the necessary evidence to resolve the matter legally.

Secure Your Hardware Infrastructure Today

Managing the lifecycle of computer resources is a critical pillar of any security strategy. If you need help auditing your current hardware inventory or implementing a secure procurement policy, contact our security consultants for a comprehensive hardware security audit.

Found this helpful?

Share this page with others