Cyber-crime and Bulli Bai App:

Where do we draw the line?

Priyanshi Jain & Preeti Bohra


India’s internet user population is increasing tremendously. However, the gender imbalance on the internet is an ever-existing challenge. Patriarchy operates consistently when a woman often comes across as invading a man’s cyberspace, primarily when they express their views on politically sensitive issues. At the end of March 2021, the Telecom Regulatory Authority of India (TRAI) estimated that India had over 825 million internet users. The majority of them are legitimate users. However, some deviant users can trigger havoc on society, its polity, economy, and personal and professional lives, as seen in the case of Sulli Deals and Bulli Bai Application, which is an open-source programme for “auctioning Muslim women” posted on the web platform GitHub and presenting them as “deals of the day.”

This article elaborates on the cyber laws concerning the recent cases of Sulli Deals and Bulli Bai Application. It also touches upon the right to privacy and highlights counterproductive policing in such cases. Finally, the article concludes by suggesting measures for reform with the hope that this violation can be eliminated efficiently.    

Sulli Deals and Bully Bai: Violation of Privacy

The Information Technology (IT) Act, 2000 deals with India’s cyberspace-related legislation. In addition, the Act is not privacy-focused legislation. However, it includes specific measures for dealing with invasions of privacy. For instance, Section 66E of the IT Act makes it illegal if someone intentionally or knowingly captures, publishes, or transmits an image of a person’s private area without their consent in circumstances that violate that person’s privacy. Furthermore, the Act does not address the issue of data privacy in any way. The Indian government introduced the Personal Data Protection Bill, 2019 before the parliament. The Indian parliament will likely pass the bill in the upcoming sessions of the parliament, presumably by the monsoon session in July/August of 2022. The Art. 17 of the International Covenant on Civil and Political Rights establishes that no persons’ privacy, family, home, or correspondence shall be invaded arbitrarily or unlawfully, nor should anyone’s honour or reputation be attacked arbitrarily or unlawfully.

The Hon’ble SC in KS Puttaswamy vs UOI declared the right to privacy as a fundamental right under Art. 21 of the constitution. The right to privacy for women is always narrowly construed as being synonymous with the right to gain protection against sexual predators in cyberspace. An often-reported cyber-crime against women is posting a woman’s photo and contact information on a pornographic site, claiming she is a sex worker seeking sexual services. Apart from defaming and harassing the woman, such acts also infringe on her privacy because her personal information, such as contact information, is made public. The “Bulli Bai” and “Sulli Deal” cases were a blatant violation of the data security and privacy rights of over 100 Muslim women. These applications targeted women based on their religion and political ideologies; and reduced them to marketable items. The lewd comments and objectionable behaviour towards these women violated their right to life, liberty and security by making them susceptible to online abuse.

Counterproductive Policing

            The number of cybercrimes reported in India increased significantly in 2020 compared to the previous year. Over 50 thousand cybercrime occurrences were reported in that year. Criminal justice authorities require data for use as evidence in criminal cases. Procuring electronic evidence for crimes becomes all the more difficult because of the transnational nature of the evidence. Such electronic evidence may be retained in foreign jurisdictions even in cases that are often entirely domestic; this allows any crime involving such evidence to imply international investigative cooperation.

The Cybercrime Convention Committee has been investigating these issues for quite some time. It established a set of recommendations in 2014 to improve the efficiency of MLA requests. A Mutual Legal Assistance Treaty is a treaty between two or more countries that makes it easier to gather and share information to enforce criminal or public laws.

There are four primary parties in the case of Bulli Bai App and Sulli Deals: the women, GitHub, the app’s developers, and the police. The police must approach the platform and obtain data to investigate. They need to verify that they have all of the necessary proof on the complaints made by women against the perpetrators of obscene content. Though the app’s developers have been arrested recently, the procedure may have been expedited if GitHub had provided the Delhi Police with the accused’s registrant and IP details faster through MLAT. Because GitHub is a foreign firm, the standard procedure for data sharing requests is via the MLAT process. Twitter has also been instructed to restrict and ban inappropriate information relating to the occurrence. The mutual legal assistance method is inefficient due to the volatility of e-evidence. MLA requests appear to take anything from six to 24 months to be processed. Many requests go unanswered, and as a result, investigations are halted.

Inadequacies in the IT Law

Section 67B of the IT Act makes it illegal if a person records, publishes, or transmits images of a child engaged in sexually explicit conduct or induces anybody under the age of 18 to engage in a sexual act. Firstly, there are specific provisions for women under the Indian Penal Code 1860; however, its co-existence with the IT Act as been complex due to overlapping punishments. Furthermore, the country’s poor condition of cyber policing does nothing to deter such illicit activity. Looking into obscenity,  the offences under sections 292 and 294 of the IPC are bailable offences whereas the offences committed under sections 67, 67A, and 67B of the IT Act are non-bailable. The discrepancy between the IPC and the IT Act was highlighted in the landmark judgement  Sharat Babu Digumarti v. Government of NCT of Delhi, wherein The Supreme Court held that, if an offence involved an electronic record, the IT Act alone would apply because that was the legislative intent. It is a well-established rule of interpretation that special laws will take precedence over general laws. Furthermore, section 81 of the IT Act specifies that the provisions of the IT Act will apply notwithstanding anything in any other law currently in force that is inconsistent with them. 

Secondly, the Section is being overused and depleted. The IT Act does not cover many crimes, such as cyber-stalking, defamation, email spoofing, and morphing, punishable under IPC. In the Bulli Bai app case, the offenders will be booked under Section 67 (publishing or transmitting obscene material), followed by provisions mentioned in IPC. While there is a clear depiction of ‘cyber trafficking’ here, there is no legal provision under the IT Act to charge the offenders with.

Thirdly, the laxity in the working mechanism of the police force is a prima facie to the situation. In the Vinupriya Suicide case,  a 21-year-old woman committed suicide after obscene photographs were posted on Facebook. There was a delay in the officials’ investigation and exploitation of the victim’s family. Similarly, in the Sulli Deals case, there was no development in the investigation for six months after the FIR was registered; this delay cannot be ignored.


Through the course of the article, it has been well established that the IT Laws present in India are far from being efficient enough to protect women’s rights. The Sulli Deals and Bulli Bai App case is evidence of this lacking system. The alleged criminals are now arrested; however, the delay in the police response compromised the targeted women’s digital security and the right to privacy. Moreover, the procedure under MLAT has proven to be time consuming and tedious which hampers the investigation process of the law enforcement system. The IT Act is infested with grey areas concerning several matters, as mentioned above in the article. The cyber policing system fails to deter such criminal activities; moreover, the delay in response encourages the criminals to pursue their objectives.

In order to deal with these grey areas, it is essential to increase the punishment for the commission of cybercrimes to create deterrence. Emphasis must be laid on cross-border investigations and MLAT to ensure that the investigations are carried out without any roadblock. In order to deal with the issues in the “Bulli Bai” and “Sulli Deals” cases, the Standing Committee on Communications and Information Technology should open an investigation regarding data security and privacy breaches in these cases. It will assist us in recognizing technological and legal loopholes that must be addressed during cybercrime investigations.

Crimes against women are growing another branch of their own in the much pervasive cyberspace; this internet space gives them even more power, anonymity and access than before. Inability to act, investigate and punish would only become a motivation for more significant crimes to be undertaken in the future while hampering the rights of women and jeopardizing their security.

[Priyanshi Jain is a second year student from Institute of Law, Nirma University and Preeti Bohra is a first year student from Institute of Law, Nirma University.]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s