Crimes in Cyberspace: Right to Privacy and Other Issues

By Mohak Rana NMIMS, School of Law, Mumbai 

Editor’s Note: The present era is marked by two things: heavy reliance on technology and virtual space. But behind the interfusion of these two there exists a world of potent threat and risks. These threats and risks are very much latent in nature and mostly the one committing it or the one upon whom it is committed are extremely difficult to be identified. For instance in crimes like cyber phishing, where a user shares his credentials to a disguised trustworthy site but subsequently becomes a victim of fraud. The pace with which such crimes are evolving is very striving yet a country like India lacks far behind when it comes to laws and rules regulating cyber world. Much to our surprise there is no definition of cyber crimes in India. Although we have come up with IT Act, 2000 and the subsequent amendment to it in 2008 yet we are not able to cover the complete ambit of cyber crimes. Like a very crucial issue of right to privacy. It has almost no relevance when the cyber crimes in India are investigated. This only shows the imbalance between age old procedure adopted in India and the advancement which Indian society has made. However liability can also be found under criminal and tort law which has maintained their coordination with the procedural part.  

INTRODUCTION

 “When a man is denied the right to live the life he believes in, he has no choice but to become an outlaw.”

― Nelson Mandela

What does crime mean?

Crime, in modern times this term doesn’t have any universally accepted definition, but one can define crime, also called an offense as an act harmful not only to some individual,  but also to the community or the state also known as a public wrong. Such acts are forbidden and punishable by law. What is a criminal offense is defined by criminal law of each country? While many countries have a crime catalog known as the criminal code however in some common law countries no such comprehensive statute exists.

The state has the power to severely restrict one’s liberty for committing a crime. Modern societies, therefore, adopt and adhere a criminal procedure during the investigation and trial of the offense and only if found guilty, the offender may be sentenced to various punishments, such as life imprisonment or in some jurisdictions like in India even death.

To be classified as a crime, the act of doing something bad also called as actus reus must be usually accompanied by the intention to do something bad i.e. mens rea, with certain exceptions like strict liability.

What is cybercrime?

Cybercrime is any criminal activity in which a computer or network is the source, target or tool or place of crime. According to The Cambridge English Dictionary, cyber crimes are the crimes committed with the use of computers or relating to computers, especially through the internet. Crimes which involve use of information or usage of electronic means in furtherance of crime are covered under the ambit of cybercrime. Cyberspace crimes may be committed against persons, property, government and society at large.

The common types of cyber crimes are:-

  1. Hacking – An unauthorized user who attempts to or gains access to an information system is known as a hacker. Hacking is a cyber crime even if there is no visible damage to the system because it is an invasion in to the privacy of data.

There are 3 different classes of Hackers.

a)      White Hat Hackers – They are those hackers who believe that information sharing is good, and that it is their duty to share their expertise by facilitating access to information. However there are some white hat hackers who are just “joy riding” on computer systems.

b)      Black Hat Hackers – Black hat hackers cause damage after intrusion. They may steal or modify data or insert viruses or worms which damage the system. They are also known as crackers.

c)      Grey Hat Hackers – These type of hackers are typically ethical but occasionally they can violate the hacker ethics. They will hack into networks, stand-alone computers and software. Network hackers try to gain unauthorized access to private computer networks just for challenge, curiosity, and distribution of information.

2. Cyber Stalking – Cyber stalking involves use of internet to harass someone. The   behavior includes false accusations, threats etc. Normally, majority of cyber stalkers are men and the majority of victims are women.

3. Spamming – Spamming is sending of unsolicited bulk and commercial messages over the internet. Although irritating to most email users, it is not illegal unless it causes damage such as overloading network and disrupting service to subscribers or creates negative impact on consumer attitudes towards Internet Service Provider.

 4. Cyber Pornography – With the increasing approach of internet to the people, there is also a increase in the victimization of Women and children for sexual exploitation through internet. Pedophiles (a person 16 years of age or older who is primarily or exclusively sexually attracted to children who have not begun puberty) use the internet to send photos of illegal child pornography to targeted children so as to attract children to such funs and later they are sexually exploited for gains.

5. Cyber Phishing – It is a criminally fraudulent process in which cyber criminal acquires sensitive information such as username, passwords and credit card details by disguising as a trustworthy entity in an electronic communication.

6. Software Piracy – It is an illegal reproduction and distribution of software for business or personal use. This is considered to be a type of infringement of copy right and a violation of a license agreement. Since the unauthorized user is not a party to the license agreement it is difficult to find out remedies. There are numerous cases of software piracy. Infact according to one report New Delhi’s Nehru market is the Asia’s largest market where one can easily find pirated software.

7. Corporate Espionage – It means theft of trade secrets through illegal means such as wire taps or illegal intrusions.

8. Money Laundering – Money laundering basically means the moving of illegally acquired cash through financial and other systems so that it appears to be legally acquired. This is possible prior to computer and internet technology and now times electronic transfers have made it easier and more successful.

9. Embezzlement – Internet facilities are misused to commit this crime. It is the unlawful misappropriation of money, property or any other thing of value that has been entrusted to the offender’s care, custody or control.

10. Password Sniffers – These are programs that monitor and record the name and password of network users as they log in, jeopardizing security at a site. Whoever installs the sniffer can impersonate an authorized user and log in to access on restricted documents.

11. Spoofing – Spoofing is the act of disguising one computer to electronically “look” like another compute, in order to gain access to a system that would be normally is restricted.

12. Credit Card Fraud – In U.S.A. half a billion dollars have been lost annually by consumers who have credit cards and calling card numbers. These are stolen from on-line databases. In present world this cyber crime is emerged as a major threat as numerous cases had been filed in almost every major developed and developing country.

13. Web Jacking – The term refers to forceful taking of control of a web site by cracking the password.

14. Cyber terrorism – The use of computer resources to intimidate or coerce government, the civilian population or any segment thereof in furtherance of political or social objectives is called cyber terrorism. Individuals and groups quite often try to exploit anonymous character of the internet to threaten governments and terrorize the citizens of the country. [1]

EVOLUTION & PRESENT DEVELOPMENT

“Cyber bullies can hide behind a mask of anonymity online, and do not need direct physical access to their victims to do unimaginable harm.”     -Anna Maria Chavez

Crime is both a social as well as an economic phenomenon. Its history is as old as human society. Many books right from the pre-historic days, and mythological stories have spoken about crimes committed by individuals be it against another individual like ordinary theft and burglary or against the nation like spying, treason etc. Kautilya’s Arthashastra which is written around 350 BC, considered to be an authentic administrative treatise in India, discusses the various crimes, security initiatives to be taken by the rulers, possible crimes in a state etc. and also advocates punishment for the list of some stipulated offenses. Different kinds of punishments have been prescribed for listed offenses and the concept of restoration of loss to the victims has also been discussed in it.

Crime in any form adversely affects all the members of society. In developing economies, cybercrime has increased at rapid strides, due to the rapid diffusion of the Internet and the digitization of economic activities. Thanks to the huge penetration of technology in almost all walks of society right from corporate governance and state administration, up to the lowest level of petty shop keepers computerizing their billing system, we find computers and other electronic devices pervading the human life. The penetration is so deep that man cannot spend a day without computers or a mobile. Snatching some one’s mobile will tantamount to dumping one in solitary confinement!

The Internet is the fastest technique on earth that one can find these days and for everything, it is the best solution that people consider looking into. It has all the benefits and advantages like communication, advertisement, online movie and songs downloads, emailing, instant messaging and searching out the concerns and issues there are plenty of things that internet has got wrong as well. There are different kinds of internet scams and frauds that are happening and one needs to be very careful. This is something that has been bothering individuals and organizations ever since the internet was introduced and many a time, simple things could make you a victim even when you are unaware of it.

It is rightly said that technological development in every area is likely to cause drastic effects in every walk of life. The scientific and technological advancement, especially in the field of communication and information have created havoc thus, opening new vistas for the human beings including the criminals. Today’s crime reports reveal that many cyber crimes are committed by assistance of internet and cell phones. On the other hand, legislatures have been compelled to frame exclusive enactments to deal with crimes committed with the help of concerned device.

If one is to believe newspaper reports, many scandals such as C.D. rackets were busted by the police. It is other side of revolution in the field of information and technology. Under the Information Technology Act, 2000, there is a apparatus defined as “computer” which means “Any electronic magnetic, optical or other high speed data processing device or system which performs logical arithmetical and memory functions by manipulations of electronic magnetic or optical impulses and all input, output, processing storage, computer software, or communication facilities which are connected and related to the computer in a computer system or computer network”. [2]

Development of Cyber Crime:-

CyberCrime is neither defined in the IT Act 2000 nor in the I.T. Amendment Act 2008 nor in any other legislation in India. To define cybercrime, we can say, it is just a combination of crime and computer. To put it in simple terms ‘any offense or crime in which a computer is used is a cybercrime’. Interestingly even a petty offense like stealing or pick-pocket can be brought within the broader purview of cybercrime if the basic data or aid to such an offense is a computer or information stored in a computer used (or misused) by the fraudster. It could be hackers vandalizing one’s site, viewing confidential information or stealing trade secrets or intellectual property with the use of the internet. It can also include ‘denial of services’ and viruses attacks preventing regular traffic from reaching your site.

Cyber crimes also includes criminal activities done with the use of computers which further perpetuates crimes i.e. financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail, spoofing, forgery, cyber defamation, cyberstalking, unauthorized access to Computer system, theft of information contained in the electronic form, e-mail bombing, physically damaging the computer system etc. In a cybercrime, computer or the data itself is the target or the object of offense or a tool in committing some other offense, providing the necessary inputs for that offense. All such acts of crime will come under the broader definition of cybercrime.

In the past, cybercrime has been committed by individuals or small groups of individuals. However, we are now seeing an emerging trend with traditional organized crime syndicates and criminally minded technology professionals working together and pooling their resources and expertise.

This approach has been very effective for the criminals involved. In 2007 and 2008 the cost of cybercrime worldwide was estimated at approximately USD 8 billion. As for corporate cyber espionage, cybercriminals have stolen intellectual property from businesses worldwide worth up to USD 1 trillion.

Categories of Cyber Crimes

Cyber crimes can be classified into the following different categories:

i) Crimes Against Persons:

  • Harassment via E-Mails:  Harassment through sending letters, attachments of files & folders i.e. via e-mails. At present harassment is common as usage of social sites i.e. Orkut, hangout, zapak, Facebook, Twitter etc. increasing day by day.
  • Cracking: It is amongst the gravest cyber crimes known till date. In this a cyber criminal broke into your computer systems without your knowledge and consent and Tampere with your precious confidential data and information.
  • Cyber-Stalking: It means expressed or implied a physical threat that creates fear through the use to computer technology such as internet, e-mail, phones, text messages, webcam, websites or videos.
  • Hacking: It means unauthorized control/access over computer system and act of hacking completely destroys the whole data as well as computer program. Hackers usually hacks telecommunication and mobile network.
  • Dissemination of Obscene Material: It includes Indecent exposure/ Pornography (basically child pornography), hosting of web site containing these prohibited materials. These obscene matters may cause harm to the mind of the adolescent and tend to deprave or corrupt their mind. This can create a huge blunder in the society.
  • SMS Spoofing: Spoofing is a blocking through spam which means the unwanted uninvited messages. Here a offender steals identity of another in the form of mobile phone number and sending SMS via internet and receiver gets the SMS from the mobile phone number of the victim.
  • Assault by Threat: it refers to threatening a person with fear for their lives or lives of their families through the use of a computer network i.e. E-mail, videos or phones.
  • Page jacking: when a user, click on a certain link and an unexpected website gets opened through that link then the ser is said to be ‘pagejacked’. This happens when someone steals part of a real website and uses it in a fake site. If they use enough of the real site, Internet search engines can be tricked into listing the fake site and people will visit it accidentally. Unfortunately one cannot prevent page jacking but only can deal with it.
  • Advance fee scams: An advance fee scam is fairly easy to identify as you will be asked for money or goods upfront in return for giving you credit or money later. These advance fee scams can seem convincing and have taken in many people.
  • Defamation: It is an act of imputing any person with intent to lower down the dignity of the person by hacking his mail account and sending some mails with using vulgar language to unknown persons mail account.
  • E-Mail Spoofing: A spoofed e-mail may be said to be one, which misrepresents its origin. It shows it’s origin to be different from which actually it originates.
  • Child Pornography: It involves the use of computer networks to create, distribute, or access materials that sexually exploit underage children.
  • Carding: It means false ATM cards i.e. Debit and Credit cards used by criminals for their monetary benefits through withdrawing money from the victim’s bank account mala-fidely. There is always unauthorized use of ATM cards in this type of cyber crimes.
  • Cheating & Fraud: It means the person who is doing the act of cybercrime i.e. stealing password and data storage has done it with having guilty mind which leads to fraud and cheating.

ii) Crimes Against Persons Property:

As a result of rapid growth in the international trade where businesses and consumers are increasingly using computers to create, transmit and to store information in the electronic form instead of traditional paper documents there are some of the offenses which affect person’s property:

  • Intellectual Property Crimes:  Any unlawful act by which the owner is deprived completely or partially of his rights is an offense. The common form of IPR violation may be said to be software piracy, infringement of copyright, trademark, patents, designs and service mark violation, theft of computer source code, etc.
  • Cybersquatting: It means where two persons claim for the same Domain Name either by claiming that they had registered the name first on by right of using it before the other or using something similar to that previously. For example two similar names i.e. www.yahoo.comand www.yaahoo.com.
  • Cyber Vandalism: Vandalism means deliberately destroying or damaging property of another. Hence cyber vandalism means destroying or damaging the data when a network service is stopped or disrupted. It may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral attached to the computer.
  • Hacking Computer System:  Due to the hacking activity there will be loss of data as well as computer. Also research especially indicates that those attacks were not mainly intended for financial gain too and to diminish the reputation of particular person or company.
  • Transmitting Virus: Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worm attacks plays major role in affecting the computerize system of the individuals.
  • Cyber Trespass: It means to access someone’s computer without the right authorization of the owner and does not disturb, alter, misuse, or damage data or system by using wireless internet connection.
  • Internet Time Thefts: Basically, Internet time theft comes under hacking. It is the use by an unauthorized person, of the Internet hours paid for by another person. The person who gets access to someone else’s IP user ID and password, either by hacking or by gaining access to it by illegal means, uses it to access the Internet without the other person’s knowledge. You can identify time theft if your Internet time has to be recharged often, despite infrequent usage.

iii) Cyber Crimes Against Government:

There are certain offenses done by group of persons intending to threaten the international governments by using internet facilities:

  • Cyber Terrorism: Cyber terrorism is a major burning issue in the domestic as well as global concern. The common form of these terrorist attacks on the Internet is by distributed denial of service attacks, hate websites and hate e-mails, attacks on sensitive computer networks etc. Cyber terrorism activities endanger the sovereignty and integrity of the nation.
  • Cyber Warfare: It refers to politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare although this analogy is controversial for both its accuracy and its political motivation.
  • Distribution of pirated software: It means distributing pirated software from one computer to another intending to destroy the data and official records of the government.-25
  • Possession of Unauthorized Information: It is very easy to access any information by the terrorists with the aid of internet and to possess that information for political, religious, social, ideological objectives.

iv) Cybercrimes Against Society at large:

An unlawful act done with the intention of causing harm to the cyberspace will affect large number of persons:

  • Child Pornography: It involves the use of computer networks to create, distribute, or access materials that sexually exploit underage children. It also includes activities concerning indecent exposure and obscenity.
  • Cyber Trafficking: It may be trafficking in drugs, human beings, arms weapons etc. which affects large number of persons. Trafficking in the cyberspace is also a gravest crime.
  • Online Gambling: Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyberspace. There are many cases that have come to light are those pertaining to credit card crimes, contractual crimes, offering jobs, etc. [3]
  • Financial Crimes: This type of offence is common as there is rapid growth in the users of networking sites and phone networking where culprit will try to attack by sending bogus mails or messages through internet. Ex: Using credit cards by obtaining password illegally. [4]
  • Forgery: It means to deceive large number of persons by sending threatening mails as online business transactions are becoming the habitual need of today’s life style. [5]

NEED FOR CYBER LAWS

Information technology has spread throughout the world. As the user of cyberspace grows increasingly diverse and the range of online interaction expands, there is expansion in the cyber crimes i.e. breach of online contracts, perpetration of online torts and crimes etc. Due to the consequences, there was need to adopt a strict law by the cyberspace authority to regulate criminal activities relating to cyber and to provide better administration of justice to the victim of cybercrime. In the modern cyber technology world it is very much necessary to regulate cyber crimes and most importantly cyber law should be made stricter in the case of cyber terrorism and hackers.

Cyber law, it is a term that encapsulates the legal issues related to use of communicative, transactional, and distributive aspects of networked information devices and technologies. It is less a distinct field of law than property or contract law, as it is a domain covering many areas of law and regulation. IT Law is a set of recent legal enactments, currently in existence in several countries, which governs the process and dissemination of information digitally. These legal enactments cover a broad gamut of different aspects relating to computer software, protection of computer software, access and control of digital information, privacy, security, internet access and usage, and electronic commerce. These laws have been described as “paper laws” for “paperless environment”.

IT legislation in India: Mid 90’s saw an impetus in globalization and computerization, with more and more nations computerizing their governance, and e-commerce seeing an enormous growth. Previously, most of international trade and transactions were done through documents being transmitted through post and by telex only. Evidences and records, until then, were predominantly paper evidences and paper records or other forms of hard-copies only. With much of international trade being done through electronic communication and with email gaining momentum, an urgent and imminent need was felt for recognizing electronic records i.e. The data what is stored in a computer or an external storage attached thereto. The United Nations Commission on International Trade Law (UNCITRAL) adopted the Model Law on e-commerce in 1996. The General Assembly of United Nations passed a resolution in January 1997 inter alia, recommending all States in the UN to give favorable considerations to the said Model Law, which provides for recognition to electronic records and according it the same treatment like a paper communication and record.

Objectives of I.T. legislation in India: It is against this background the Government of India enacted its Information Technology Act 2000 with the objectives as follows, stated in the preface to the Act itself. “to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce”, which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers’ Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.”

The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000, got President’s assent on 9 June and was made effective from 17 October 2000.

The Act essentially deals with the following issues:

  • Legal Recognition of Electronic Documents
  • Legal Recognition of Digital Signatures
  • Offenses and Contraventions
  • Justice Dispensation Systems for cyber crimes. [6]

Amendment Act 2008: Being the first legislation in the nation on technology, computers and ecommerce and e-communication, the Act was the subject of extensive debates, elaborate reviews and detailed criticisms, with one arm of the industry criticizing some sections of the Act to be draconian and other stating it is too diluted and lenient. There were some conspicuous omissions too resulting in the investigators relying more and more on the time-tested (one and half century-old) Indian Penal Code even in technology based cases with the I.T. Act also being referred in the process and the reliance more on IPC rather on the ITA.

Thus the need for an amendment – a detailed one – was felt for the I.T. Act almost from the year 2003-04 themselves. Major industry bodies were consulted and advisory groups were formed to go into the perceived lacunae in the I.T. Act and comparing it with similar legislations in other nations and to suggest recommendations. Such recommendations were analyzed and subsequently taken up as a comprehensive Amendment Act and after considerable administrative procedures; the consolidated amendment called the Information Technology Amendment Act 2008 was placed in the Parliament and passed without much debate, towards the end of 2008. This

Amendment Act got the President assent on 5 Feb 2009 and was made effective from 27 October 2009.

Some of the notable features of the ITAA are as follows:

  • Focusing on data privacy
  • Focusing on Information Security
  • Defining cyber café
  • Making digital signature technology neutral
  • Defining reasonable security practices to be followed by corporate
  • Redefining the role of intermediaries
  • Recognizing the role of Indian Computer Emergency Response Team
  • Inclusion of some additional cyber crimes like child pornography and cyber terrorism
  • Authorizing an Inspector to investigate cyber offences (as against the DSP earlier)

INDIAN PERSPECTIVE

Talking about Indian scenario of cyber space crimes and cyber space laws, there was no statute in India for governing Cyber Laws involving privacy issues, jurisdiction issues, intellectual property rights issues and a number of other legal questions. With the tendency of misusing of technology, there arisen a need of strict statutory laws to regulate the criminal activities in the cyber world and to protect the true sense of technology IT ACT, 2000 was enacted by Parliament of India to protect the field of e-commerce, e-governance, e-banking as well as penalties and punishments in the field of cyber crimes. The above Act was further amended in the form of IT Amendment Act, 2008. Also certain sections of IPC and as some cyber space crime are invading right to privacy, article 21 of Indian constitution are some governing laws for cyber space crime which imposes various liabilities in India.

CONSTITUTIONAL LIABILITY

Hacking into someone’s private property or stealing some one’s intellectual work is a complete violation of his right to privacy. The Indian constitution does not specifically provide the “right to privacy” as one of the fundamental rights guaranteed to the Indian citizens but it is protected under IPC.

Right to privacy is an important natural need of every human being as it creates boundaries around an individual where the other person’s entry is restricted. The right to privacy prohibits interference or intrusion in others private life. The apex court of India has clearly affirmed in its judicial pronouncements that right to privacy is very much a part of the fundamental right guaranteed under article 21 of the Indian constitution.

Thus right to privacy is coming under the expended ambit of article 21 of Indian constitution. So whenever there is some cyber crime which is related to the persons private property or its personal stuff then the accused can be charged of violation of article 21 of Indian constitution, and prescribed remedy can be invoked against the accused.

CRIMINAL LIABILITY

Criminal liability in India for cyber crimes is defined under the Indian Penal Code (IPC). Certain Following sections of IPC deal with the various cyber crimes:

  • Sending threatening messages by e-mail  (Sec .503 IPC)
  • Word, gesture or act intended to insult the modesty of a woman (Sec.509 IPC)
  • Sending defamatory messages by e-mail (Sec .499 IPC)
  • Bogus websites , Cyber Frauds (Sec .420 IPC)
  • E-mail Spoofing (Sec .463 IPC )
  • Making a false document (Sec.464 IPC)
  • Forgery for purpose of cheating (Sec.468 IPC)
  • Forgery for purpose of harming reputation (Sec.469 IPC)
  • Web-Jacking (Sec .383 IPC)
  • E-mail Abuse (Sec .500 IPC)
  • Punishment for criminal intimidation (Sec.506 IPC)
  • Criminal intimidation by an anonymous communication (Sec.507 IPC)
  • Obscenity (Sec. 292 IPC )
  • Printing etc. of grossly indecent or scurrilous matter or matter intended for blackmail (Sec.292A IPC)
  • Sale, etc., of obscene objects to young person (Sec .293 IPC)
  • Obscene acts and songs (Sec.294 IPC )
  • Theft of Computer Hardware (Sec. 378 )
  • Punishment for theft (Sec.379 )
  • Other then the IPC some other piece of legislations also imposes criminal liability on the accused and these legislations are:-
  • Online Sale of Drugs  (NDPS Act )
  • Online Sale of Arms (Arms Act )
  • Copyright infringement (Sec.51 of copyright act, 1957)
  • Any person who knowingly infringes or abets the infringement of (Sec.63 of copyright act, 1957)
  • Enhanced penalty on second and subsequent convictions (Sec.63 A of copyright act, 1957)
  • Knowing use of infringing copy of computer program to be an offence (Sec.63B of copyright act, 1957)

The applications of these sections are subject to the investigating style of investigating officer and charge sheet filed by the investigating agency and nature of cyber crime.

In India there are number of cases filed under these IPC provisions related to the cyber crime. According to the report of Home Ministry, in 2012 there are 601 cases filed under the various provisions of IPC. [7]

 TORTIOUS LIABILITY

Basic liability in cyber crime is established through the principle of neighborhood established from the case of Donoghue v. Stevenson. But the major tortuous liability in cyber crimes is through Information Technology Act, 2000 (as amended).

In India the Information Technology Act 2000 was passed to provide legal recognition for transactions carried out by means of electronic communication. The Act deals with the law relating to Digital Contracts, Digital Property, and Digital Rights Any violation of these laws constitutes a crime. The Act prescribes very high punishments for such crimes. The Information Technology (amendment) Act, 2008(Act 10 of 2009), has further enhanced the punishments. Life imprisonment and fine upto rupees ten lakhs may be given for certain classes of cyber crimes. Compensation up to rupees five crores can be given to affected persons if damage is done to the computer, computer system or computer network by the introduction of virus, denial of services etc.

The following sections are dealing with the cyber crimes:

  • Penalty and Compensation for damage to computer, computer system, etc (sec. 43 IT act)
  • Compensation for failure to protect data (sec. 43A IT Act)
  • Tampering with computer source Documents (sec. 65 IT Act)
  • Hacking with computer systems, Data Alteration (sec. 66 IT Act)
  • Sending offensive messages through communication service, etc (sec. 66A IT Act)
  • Dishonestly receiving stolen computer resource or communication device (sec. 66B IT Act)
  • Identity theft (sec. 66C IT Act)
  • Cheating by personating by using computer resource (sec. 66D IT Act)
  • Violation of privacy (sec. 66E IT Act)
  • Cyber terrorism (sec. 66F Act)
  • Publishing or transmitting obscene material in electronic form (sec. 67 IT Act)
  • Publishing or transmitting of material containing sexually explicit act, etc. in electronic form (sec. 67A IT Act)
  • Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form (sec. 67B IT Act)
  • Preservation and Retention of information by intermediaries (sec.67C IT Act)
  • Powers to issue directions for interception or monitoring or decryption of any information through any computer resource (sec. 69 IT Act)
  • Power to issue directions for blocking for public access of any information through any computer resource (sec. 69A IT Act)
  • Power to authorize to monitor and collect traffic data or information through any computer resource for Cyber Security (sec. 69B IT Act)
  • Un-authorized access to protected system (sec. 70 IT Act)
  • Penalty for misrepresentation (sec. 71 IT Act)
  • Breach of confidentiality and privacy (sec. 72 IT Act)
  • Publishing False digital signature certificates (sec. 73 IT Act)
  • Publication for fraudulent purpose (sec. 74 IT Act)
  • Act to apply for offence or contraventions committed outside India (sec. 75 IT Act)
  • Compensation, penalties or confiscation not to interfere with other punishment
  • (sec. 77 IT Act)
  • Compounding of Offences (sec.77A IT Act)
  • Offences with three years imprisonment to be cognizable (sec. 77B IT Act)
  • Exemption from liability of intermediary in certain cases (sec. 79 IT Act)
  • Punishment for abetment of offences (sec. 84B IT Act)
  • Punishment for attempt to commit offences (sec. 84C IT Act)
  • Offences by Companies (sec. 85 IT Act)

The applications of these sections are subject to the investigating style of investigating officer and charge sheet filed by the investigating agency and nature of cyber crime.

In India there are number of cases filed under these IT provisions related to the cyber crime. According to the report of Home ministry of India, In 2012 there are 2876 cases filed under the various provisions of IT act. [9]

ANALYSIS OF INDIAN CYBER LAWS AND POLICING SYSTEM

Noted cyber law expert in the nation and Supreme Court advocate Shri Pavan Duggal, “While the lawmakers have to be complemented for their admirable work removing various deficiencies in the Indian Cyberlaw and making it technologically neutral, yet it appears that there has been a major mismatch between the expectation of the nation and the resultant effect of the amended legislation. The most bizarre and startling aspect of the new amendments is that these amendments seek to make the Indian cyber law a cybercrime friendly legislation; – a legislation that goes extremely soft on cybercriminals, with a soft heart; a legislation that chooses to encourage cyber criminals by lessening the quantum of punishment accorded to them under the existing law; ….. a legislation which makes a majority of cybercrimes stipulated under the IT Act as bailable offences; a legislation that is likely to pave way for India to become the potential cybercrime capital of the world……”  [11]

Let us not be pessimistic that the existing legislation is cyber criminal friendly or paves the way to increase crimes. Certainly, it does not. It is a commendable piece of legislation, a landmark first step and a remarkable mile-stone in the technological growth of the nation. But let us not be complacent that the existing law would suffice. Let us remember that the criminals always go faster than the investigators and always try to be one step ahead in technology.

There are several loopholes in IT Act as:-

  • The hurry, in which the legislation was passed, without sufficient public debate, did not really serve the desired purpose. Experts are of the opinion that one of the reasons for the inadequacy of the legislation has been the hurry in which it was passed by the parliament and it is also a fact that sufficient time was not given for public debate. But many problems of the act were amended by the amended act of 2008. [12]
  • Uniform law
    Mr. Vinod Kumar holds the opinion that the need of the hour is a worldwide uniform cyber law to combat cybercrime. Cybercrime is a global phenomenon and therefore the initiative to fight it should come from the same level. [13]
  • Lack of awareness
    The Act of 2000 is not achieving complete success because of the lack of awareness among the masses about their rights. Further most of the cases are going unreported. If only the people are vigilant about their rights, can the law protect their rights.
  • Raising a cyber army
    There is a need for a well equipped task force to deal with the new trends of hi tech crime. The government has taken a leap in this direction by constituting cyber crime cells in all metropolitan and other important cities. Further the establishment of the Cyber Crime Investigation Cell (CCIC) of the Central Bureau of Investigation (CBI).
  • Cyber savvy bench
    Cyber savvy judges are the need of the day. Judiciary plays a vital role in shaping the enactment according to the order of the day. One such stage, which needs appreciation, is the P.I.L., which the Kerala High Court has accepted through an email.
  • Dynamic form of cybercrime
    Speaking on the dynamic nature of cybercrime FBI Director Louis Freeh has said, “In short, even though we have markedly improved our capabilities to fight cyber intrusions the problem is growing even faster and we are falling further behind.” The (de)creativity of human mind cannot be checked by any law. Thus the only way out is the liberal construction while applying the statutory provisions to cybercrime cases.
  • Hesitation to report offenses
    As stated above one of the fatal drawbacks of the Act has been the cases going unreported. One obvious reason is the non-cooperative police force. “The police are a powerful force today which can play an instrumental role in preventing cybercrime. At the same time, it can also end up wielding the rod and harassing innocents, preventing them from going about their normal cyber business.” For complete realization of the provisions of this Act a cooperative police force is required. [14]

Apart from these loopholes and problems the present form of police system and many police officials are not familiar with the cyber crimes and they need training to be familiar with the “Modus operandi” of cyber crimes though the existing relevant act is comprehensive legislation but from the practical point of view there are some shortcomings in the errant form of the act. It is the need of the hour that the efficiency of police system at all ranks should be upgraded in terms of cyber crimes. The immoral, lethal minds of criminals take advantages of inefficient police system.

Both bench and Bar should realize the extent of cyber crimes. They should familiarize themselves with the intricacies of cyberlaw, otherwise they would find it extremely difficult to deal with cybercrime cases.

CYBER CRIME CASES IN INDIA

  • Pune Citibank Mphasis Call Center Fraud

It is a case of sourcing engineering. US $ 3, 50,000 from City bank accounts of four US customers were dishonestly transferred to bogus accounts in Pune, through internet. Some employees of a call centre gained the confidence of the

US customers and obtained their PIN numbers under the guise of helping the customers out of difficult situations. Later they used these numbers to commit fraud. By April 2005, the Indian police had tipped off to the scam by a U.S. bank, and quickly identified the individuals involved in the scam. Arrests were made when those individuals attempted to withdraw cash from the falsified accounts, $426,000 was stolen; the amount recovered was $230,000.

Court held that Section 43(a) was applicable here due to the nature of unauthorized access involved to commit transactions.

  • State of Tamil Nadu Vs Suhas Katti

The case related to posting of obscene, defamatory and annoying message about a divorcee woman in the yahoo message group. E-Mails were also forwarded to the victim for information by the accused through a false e-mail account opened by him in the name of the victim. The posting of the message resulted in annoying phone calls to the lady in the belief that she was soliciting.  Based on a complaint made by the victim in February 2004, the Police traced the accused to Mumbai and arrested him within the next few days. This is considered as the first case in the state of Tamil Nadu, in which the offender was convicted under section 67 of Information Technology Act 2000 in India.

  • The Bank NSP Case

The Bank NSP case is the one where a management trainee of the bank was engaged to be married. The couple exchanged many emails using the company computers. After some time the two broke up and the girl created fraudulent email ids such as “Indian bar associations” and sent emails to the boy’s foreign clients. She used the banks computer to do this. The boy’s company lost a large number of clients and took the bank to court. The bank was held liable for the emails sent using the bank’s system.

  • SMC Pneumatics (India) Pvt. Ltd. v. Jogesh Kwatra

In this case, the defendant Jogesh Kwatra being an employee of the plaintiff company started sending derogatory, defamatory, obscene, vulgar, filthy and abusive emails to his employers as also to different subsidiaries of the said  company all over the world with the aim to defame the company and its Managing Director. The Delhi High Court restrained the defendant from sending derogatory, defamatory, obscene, vulgar, humiliating and abusive emails either to the plaintiffs or to its sister subsidiaries all over the world including their Managing Directors and their Sales and Marketing departments. Further, Hon’ble Judge also restrained the defendant from publishing, transmitting or causing to be published any information in the actual world as also in cyberspace which is derogatory or defamatory or abusive of the plaintiffs. This order of Delhi High Court assumes tremendous significance as this is for the first time that an Indian Court assumes jurisdiction in a matter concerning cyber defamation and grants an injunction restraining the defendant from defaming the plaintiffs by sending defamatory emails.

  • Sony.Sambandh.Com Case

A complaint was filed by Sony India Private Ltd, which runs a website called www.sonysambandh.com, targeting Non Resident Indians. In May 2002, someone logged onto the website under the identity of Barbara Campa and ordered a Sony Colour Television set and a cordless head phone. She gave her credit card number for payment and requested that the products be delivered to Arif Azim in Noida. After one and a half months the credit card agency informed the company that this was an unauthorized transaction as the real owner had denied having made the purchase. The company lodged a complaint for online cheating at the Central Bureau of Investigation. The court convicted Arif Azim for cheating under Section 418, 419 and 420 of the Indian Penal Code. This was the first time that a cyber crime has been convicted. The judgment is of immense significance for the entire nation. Besides being the first conviction in a cyber crime matter, it has shown that the Indian Penal Code can be effectively applied to certain categories of cyber crimes which are not covered under the Information Technology Act 2000.

  • Nasscom v. Ajay Sood & Others

The plaintiff in this case was the National Association of Software and Service Companies (Nasscom), India’s premier software association. The defendants were operating a placement agency involved in head-hunting and recruitment. In order to obtain personal data, which they could use for purposes of head-hunting, the defendants composed and sent e-mails to third parties in the name of Nasscom. The High court recognised the trademark rights of the plaintiff and passed an injunction restraining the defendants from using the trade name or any other name deceptively similar to Nasscom. According to the terms of compromise, the defendants agreed to pay a sum of Rs1.6 million to the plaintiff as damages for violation of the plaintiff’s trademark rights. The Delhi HC stated that even though there is no specific legislation in India to penalize phishing, it held phishing to be an illegal act by defining it under Indian law as “a misrepresentation made in the course of trade leading to confusion as to the source and origin of the e-mail causing immense harm not only misused.” The court held that, to the consumer but even to the person whose name, identity or password is act of phishing as passing off and tarnishing the plaintiff’s image.

This case achieves clear milestones: It brings the act of “phishing” into the ambit of India laws even in the absence of specific legislation; It clears the misconception that there is no” damages culture” in India for violation of IP rights.

  • Bazee.com case

On 9 December 2004 a news item appeared with the Headline “DPS sex video at baazee.com”. The news item stated: “India’s biggest online trading portal baazee.com had listed the said MMS clip under the title ‘DPS girls having fun’ with the member ID of 27877408. CEO of the website Baazee.com was summoned by the Delhi High Court for having allowed this clip to be listed for auction under sections 67 and 85 of the IT Act, 2000. While Section 67 prohibits publishing obscene information in electronic form, Section 85 allows the prosecution of a person responsible for the business of a company over violations. This incident caused a sudden panic across the country and many discussions regarding the inefficiency of the IT Act, 2000 and the need to amend it started. Also, after this scandal, owing to debates around culpability, liability and prosecution of material on the internet, several key judgments were passed including banning the use of mobile phones in college and school campuses across India.

  • PNB, Pune case

In the largest compensation awarded in legal adjudication of a cyber crime dispute, Maharashtra’s IT secretary Rajesh Aggarwal has ordered Punjab National Bank to pay Rs 45 lakh to Manmohan Singh Matharu, MD of Pune-based firm Poona Auto Ancillaries. A fraudster had transferred Rs 80.10 lakh from Matharu’s account in PNB, Pune after Matharu responded to a phishing email. Matharu has been asked to share the liability since he responded to the phishing mail. Matharu’s is one of 13 e-fraud cases, all originating in Maharashtra and with an imprint across six states, in which the state’s IT secretary, serving as an adjudicating officer under the IT Act 2000, last month passed critical orders against nine banks, four telecom firms and two mobile recharge portals. These cases cover e-fraud committed through illegal data access, hacking bank accounts, cloning credit cards, issuing duplicate SIM cards and phishing, among others.

  • Syed Asifuddin and Ors. Vs. The State of Andhra Pradesh

In this case, Tata Indicom employees manipulated the electronic 32- bit number (ESN) programmed into cell phones theft were exclusively franchised to Reliance Infocomm. Court held that tampering with source code invokes Section 65 of the Information Technology Act.

  • Bomb Hoax mail

In 2009, a 15-year-old Bangalore teenager was arrested by the cyber crime investigation cell (CCIC) of the city crime branch for allegedly sending a hoax e- mail to a private news channel. In the e-mail, he claimed to have planted five bombs in Mumbai, challenging the police to find them before it was too late.

The Mumbai police have registered a case of ‘cyber terrorism’—the first in the state since an amendment to the Information Technology Act—where a threat email was sent to the BSE and NSE on Monday. The MRA Marg police and the Cyber Crime Investigation Cell are jointly probing the case. The suspect has been detained in this case.

The MRA Marg police have registered forgery for purpose of cheating, criminal intimidation cases under the IPC and a cyber-terrorism case under the IT Act.

COMPARATIVE STUDY

As against the alone legislation ITA and ITAA in India, in many other nations globally, there are many legislations governing e-commerce and cyber crimes going into all the facets of cyber crimes. Data Communication, storage, child pornography, electronic records and data privacy have all been addressed in separate Acts and Rules giving thrust in the particular area focused in the Act.

United States of America

USA have the Health Insurance Portability and Accountability Act popularly known as HIPAA which inter alia, regulates all health and insurance related records, their upkeep and maintenance and the issues of privacy and confidentiality involved in such records.The Sarbanes-Oxley Act (SOX) signed into law in 2002 mandated a number of reforms to enhance corporate responsibility, enhance financial disclosures, and combat corporate and accounting fraud. Besides, there are a number of laws in the US both at the federal level and at different states level like the Cable Communications Policy Act, Children’s Internet Protection Act, and Children’s Online Privacy Protection Act etc.

United Kingdom

In the UK, the Data Protection Act and the Privacy and Electronic Communications Regulations etc are all regulatory legislations already existing in the area of information security and cybercrime prevention, besides cybercrime law passed recently in August 2011.

Similar to these countries we also have cybercrime legislations and other rules and regulations in other nations like Australia, New Zealand, China etc.

INTERPOL’S ROLE:-

INTERPOL’s cybercrime programme is built around training and operations and works to keep up with emerging threats. It aims to:

¾    Promote the exchange of information among member countries through regional working parties and conferences;

¾    Deliver training courses to build and maintain professional standards;

¾    Coordinate and assist international operations;

¾    Establish a global list of contact officers available around the clock for cybercrime investigations (the list contained 134 contacts at the end of 2012);

¾    Assist member countries in the event of cyber-attacks or cybercrime investigations through investigative and database services;

¾    Develop strategic partnerships with other international organizations and private sector bodies;

¾    Identify emerging threats and share this intelligence with member countries;

¾    Provide a secure web portal for accessing operational information and documents.

Cyber crimes cases in other Countries

  • Worm Attack: First person to be prosecuted under the ‘Computer and Fraud Act, 1986’ was the Robert Tappan Morris well Known as First Hacker. His worm was uncontrollable due to which around 6000 computer machines were destroyed and many computers were shut down until they had completely malfunctioned. He was ultimately sentenced to three years probation, 400 hours of community service and assessed a fine of $10500.
  • Hacker Attack:  A Ph.D. student of the University of Southern California, in the year 1983, made a short programme as an experiment that could “infect” computers, make copies of it, and spread from one machine to another. A professor of his suggested the name “virus”. Now that student runs a computer security firm.
  • Internet Hacker: Wang Qun, alias “playgirl”, was arrested making the first ever arrest of an internet hacker in China. He was a 19 year old computing student, arrested in connection with the alleged posting of pornographic material on the homepages of several government-run web sites.

CONCLUSION

Cyber crime is a new form of crime that has emerged due to the computerization of various activities in an organization in a networked environment. With the rapid growth of information technology cyber crimes are a growing threat.

Technology has a negative aspect as it facilitates commercial activity. Ordinarily the law keeps pace with the changes in technology but the pace of technological developments in the recent past, especially in the field of information and technology is impossible to keep pace with legal system. An important concern relates to modernizing penal laws of many countries which predate the advent of computers. On the one hand, the existing laws have to be change to cope with the computer-related fraud such as hacking, malicious falsification or erasure of data, software theft, software attacks etc. and on the other, new legislation is also necessary to ensure data protection and piracy. The need for a law on data protection is paramount if India is to sustain investor confidence, especially among foreign entities that send large amounts of data to India for back-office operations. Data protection is essential for outsourcing arrangements that entrust an Indian company with a foreign company’s confidential data or trade secrets, and/or customers’ confidential and personal data.

Also in the above chapters we have talked about the Indian police system for cyber crimes which is subjected to the improvisation, and a new and clear specific legislation which can fight easily against the cyber crimes. Further the proposed initiatives and amendments by government to the IT act, which are likely to be implemented, soon will be implemented as soon as possible. The proposed amendments widen the liability for breach of data protection and negligence in handling sensitive personal information. Additionally, the Government of India, with the help of the Department of Information Technology, is currently working on a holistic law on data protection based on the European Union directive. Further, the government plans to create a “Common Criterion Lab,” backed by the Information Security Technical Development Council, where intensive research in cryptography and product security can be undertaken.  As Prevention is always better than cure, a smart internet user should take certain precautions while operating the internet and should follow certain preventive measures for cyber crimes, these measures can be considered as suggestions also:

  • A person should never send his credit card number to any site that is not secured, to guard against frauds.
  • One should avoid disclosing any personal information to strangers via e-mail or while chatting.
  • One must avoid sending any photograph to strangers by online as misusing of photograph incidents increasing day by day.
  • It is always the parents who have to keep a watch on the sites that your children are accessing, to prevent any kind of harassment or depravation in children.
  • Web site owners should watch traffic and check any irregularity on the site. It is the responsibility of the web site owners to adopt some policy for preventing cyber crimes as number of internet users are growing day by day.
  • Strict statutory laws need to be passed by the Legislatures keeping in mind the interest of netizens (cybercitizen or an entity or person actively involved in online communities and a user of the Internet).
  • Web servers running public sites must be physically separately protected from internal corporate network.
  • An update Anti-virus software to guard against virus attacks should be used by all the netizens and should also keep back up volumes so that one may not suffer data loss in case of virus contamination.
  • It is better to use a security program by the body corporate to control information on sites.
  • IT department should pass certain guidelines and notifications for the protection of computer system and should also bring out with some more strict laws to breakdown the criminal activities relating to cyberspace.
  • As Cyber Crime is the major threat to all the countries worldwide, certain steps should be taken at the international level for preventing the cybercrime.
  • Special police task force which is expert in techno field will be constituted.
  • Complete justice must be provided to the victims of cyber crimes by way of compensatory remedy and offenders to be punished with highest type of punishment so that it will anticipate the criminals of cybercrime. [15]

Formatted on 15th March 2019.

Footnotes

[1] http://cybercellmumbai.gov.in accessed on 1 Dec 2013

[2] Information Technology Act, 2000A computer has multifarious functions and it is regarded as a superman. It provides information as well as communication by means of internet. It is the fastest mean for input and output of transportation of informations. In official meaning, the term “internet” is popularly known as “world wide web” (www)

[3] http://www.legalindia.in accessed on 1 Dec 2013

[4] http://cybercellmumbai.gov.in accessed on 1 Dec 2013

[5] Ibid

[6] http://jurisonline.in accessed on 2nd Dec 2013

[7] http://www.mha.nic.in accessed on 4th Dec 2013

[8] Ibid

[90 Ibid

[10] Ibid

[11] Pawan Duggal, Is this treaty a treat? Available at http://www.naavi.org/pati/pati_cybercrimes_dec03.htm

[12] Ibid

[13] Kumar Vinod, Winning the Battle against cyber Crimes available at http://www.cyberriskinsuranceforum.com/content/are-we-losing-battle-against-cyber-crime

[14] Dewang Mehta, Role of Police in Tackling Cyber Crimes available at http://www.naavi.org/pati/pati_cybercrimes_dec03.htm

[15] Ibid

Leave a Reply

Your email address will not be published. Required fields are marked *