By Abhas Srivastava and Shriya Agarwal
Editor’s Note: Cyber-crime is emerging as a serious threat and is perhaps the most complicated problem in the virtual world. This paper is an attempt to provide a glimpse on cyber-crime in society. It revolves around the origin of the cyber-crimes, how they are committed and what adverse effects they have on the victim and society at large. It also states and analyses some key reasons, why cyber-crime is firming its roots in society at such a rapid rate. This paper briefly touches upon the statutory provision against cyber-crime in India and discusses its implications and loopholes (if any) to prevent cyber-crime in India.
Cyber-crime is defined as crimes committed on the internet using the computer as either a tool or a targeted victim. Worldwide Governments, police departments and intelligence units have started to react, realising the potential of the damage it can cause to society. Today cyber-crime has taken several forms. It can be committed as a crime against individual, a crime against individual property and as a crime against society at large. No matter in which form it is committed, the ultimate victim is the society. The paper will highlight and analyse one crime of each of the above mentioned type and will also speculate on the challenges to prevent cyber-crime and discuss briefly few prospects to prevent it. Cyber-crime is the outcome of high innovations and development in the field of Information Technology and therefore to prevent and nullify the effects of this crime, technology has to play a major role. The researchers will discuss some of the latest technologies developed primarily to prevent cyber-attacks. Keeping in my mind the quantum of damage cyber-crime can cause, it is a question of global concern that how cyber-crimes must be regulated and how that regulation should be carried out most effectively?
The world of internet today has become a parallel form of life and living. It has become inseparable in such a way, that life without internet is beyond imagination. Internet has enabled the use of website communication, email and a lot of anytime anywhere IT solutions for the betterment of human kind. One cannot question the significance and utility of this virtual space but at the same time one also cannot deny the threats and dangers to which we are exposed due to internet. Invention of computer and evolution of internet in modern times has almost become a parallel form of life and living. It is rightly said that development comes with a cost. Crime today remains elusive and hides itself in the face of development. Every crime leaves a social and negative impact and so does the most recently evolved crime.
In most common parlance cybercrime is defined as crimes committed on the internet using the computer as either a tool or a targeted victim.[i] Technically – “Cyber Crime can be said to those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime”.[ii] Earlier it was very difficult to categorise these crimes into a particular specified fashion because everyday a different type of crime was witnessed. Now, since we have studied nature of each crime specifically we are able to categorise them. Statistics show that in 21st century cyber-crime has grown at an alarming rate owing to new innovations in Information Technology.
Realising the quantum of loss and insecurity it can cause, worldwide Governments, Police Departments and Intelligence units have started to respond strictly to such happenings. Different laws have been formulated with the help of cyber experts and professionals to prevent and penalise cyber-crime. In India, the cyber world is regulated by the Information Technology Act, 2000. It was an outcome of the recommendations of United Nations Commission on International Trade Law (1996) through the Model Law on Electric Commerce. It came into force from the year 2000. It defines and penalises the offences relating to computer.
COMMISSION OF CYBER CRIME
Most of the cyber-crimes are committed through internet except few in which the malicious data or the protected data is shared, distributed or accessed through non-networking means. Person committing these crimes is well-versed with the technology. The victim or the targeted victim is not in all cases a person of technical background and therefore easily becomes vulnerable to such crimes. It has been found that usually people are unaware or ignorant towards various fraudulent instruments on internet and hence authorise by themselves the un-authorised access. Once access is granted to the computer system, or any such sensitive personal information of the user; entire data of the system or that sensitive information becomes vulnerable to exploitation. This accessed data can be used for any wrongful purpose. It is left at the disposal of the victim to take any efficient step of prevention and retaliation in these situations.
TYPES OF CYBER CRIME
Cyber-crimes can broadly be classified into three types namely- crime against individual, crime against individual property and crime against an organisation or society. This section will deal with one detailed study of each type of above mentioned crime.
CRIME AGAINST INDIVIDUAL
Recent years have seen a series of “moral panics” regarding information accessible on the Internet and its use for criminal activity. A new form of harassment has increased these days known as stalking. Stalking is when an individual targets his victim and threatens him/her. Some examples of stalking is unwanted telephone calls regardless of content, death threat, walking past the target’s home or workplace and sending letters or flowers. Cyber stalking is a virtual or electronic form of physical stalking. Stalking generally involves harassing or threatening behaviour that an individual engages in repeatedly or persistent unwelcome contact with another individual.[iii] Unsolicited e-mail is one of the most common forms of harassment, including hate, obscene, or threatening mail. Other forms of harassment include sending the victim viruses or high volumes of electronic junk mail (spamming).[iv]
A 1999 report from the United States Department of Justice suggests, there might be tens of thousands of cyber stalking incidents each year.[v] Through research it has been observed that high proportion of stalkers previously had some type of intimate relationship with the victims or any form of relationship existing prior to stalking. With such a rapid rate of technological development, internet has created a possibility for the internet users including the cyber stalker to hide their original identity. In most cases of online stalking, offenders use an internet protocol (IP) address and anonymous ‘re- mailers’; that is, mail serves that purposefully strip identifying information and headers showing where the message came from.[vi]
A cyber stalker can communicate directly with their target as soon as the target computer connects in any way to the Internet. The stalker can assume control of the victim’s computer and the only defensive option for the victim is to disconnect and relinquish their current Internet “address”.[vii] There had been many cases of cyber stalking reported in India like Manisha Kathuria was stalking Rity Kohli by illegally chatting on a chat website called MIRC using her name, he used obscene, obnoxious language and distributed her residence telephone number, inviting people to chat with her on the phone.[viii] A recent case of Akbar Khatri, who was kidnapped from his school by a paedophilic lady ‘chat friend’ of his, in order to sell him to child traffickers at Pakistan.[ix] These crimes needs to be stopped, proper manner has to be taken and the internet users especially the youngsters need to be educated about the disadvantages of posting information on the Net.
AGAINST INDIVIDUAL PROPERTY
IPR Violations on Internet–
Intellectual property assets is an important asset for any business which require substantial investment of time, money, and creative input and may or may not be tangible. In the Information Technology age, the protection of Intellectual Property Rights (IPR) requires great attention and dedicated strategy for its protection. IPR protected information including music, computer programs, databases can be easily copied and pirated using instantaneous means of reproduction, publication, and dissemination causing serious financial loss to rightful owners. Traditional principles of Intellectual Property Law which apply to the real world also apply to the virtual world.[x]
There are following branches of intellectual property rights e.g. copyright, patent, trademarks, design, geographical indications etc.[xi] The prime reason for rampant privacy of intellectual property on the internet is because it is very easy to copy proprietary and Intellectual Property protected materials and the anonymity that exists in the cyberspace does not deter a party from using the protected materials without due permission from the owner.[xii] Many laws like, the law of copyright, patent law, trade mark law, law of trade secrets are made to protect original forms of expression and include protection of literary work, music, computer software, sound recordings amongst other categories of works. Every country through some legislation seeks to protect these Intellectual Property Rights of people and entities.[xiii] The very frequent way of infringing Intellectual Property right is through Caching (sometimes known as “mirroring”, usually when it involves storage of an entire site or other complete set of material from a source).[xiv]
According to the recent report of the Indian Federation of Phonographic Industry (IFPI), among the top 10 nations where music piracy has reached unacceptable levels are India, China, Brazil, Indonesia and Pakistan.[xv] Under the Indian Law, the Copyright Act, 1957 confers on the author of a work including literary, artistic and cinematographic work the right to prevent a party from unauthorised reproducing, modifying or distributing the copyrighted work.[xvi] The case law in India begins with the 1999 Delhi High Court judgement in Yahoo!, Inc. v Akash Arora & Anr. This case dealt with the alleged passing off for the services rendered by a party on the internet through a domain name. The plaintiff sought a permanent injunction restraining the defendants, from dealing in any services or goods on the internet or otherwise under the trademark/ domain name “yahooindia.com” or any other domain name which is identical with or deceptively similar to the plaintiff’s trademark “Yahoo!”.[xvii]
In a recent ruling in India, CIT v Oracle Software India Ltd.[xviii] the court held that duplicating a CD at home may account to privacy and violation of Section 14 of the Copyright Act, 1957. Duplicating is a process of copying data from source medium to a destination medium which has the same physical form. For instance copying a music file from one CD to another is duplication.[xix] The other cases that have been filed under the infringement of Intellectual Property rights are Acqua Minerals Limited v Mr. Pramod Borse& Anr[xx], Eicher Limited and Anr. v. Web Link India and Anr[xxi]. Many websites today offer freeware installations, sell pirated software copies and engage in other criminal activities. Although many measures have been taken, combating copyright infringements continues to be a major challenge in cyberspace.
There exists an interrelationship between terrorism and the internet. The internet came after 1990s when computer services became cheaper, quicker and readily available. The internet came with the main purpose to allow cheap communication. But these days the internet has become a popular medium between terrorist group and individual terrorist to communicate their message of hatred and violence. They use the Internet, encrypted E-mail to plan their acts of terrorism and to spread propaganda. The fear surrounding Cyber Terrorism is that terrorists and criminals penetrate infrastructure computer systems and endanger human lives by disrupting military networks, telecommunications, etc. Cyber terrorist create chaos and anarchy by attacking banking and financial computer networks.[xxii]
Cyber Terrorism may involve the same type of terrorist which may be involved in some other type of terrorist attack. Many a times, even after the penetration, attacks on computer systems go unnoticed and even the attacks are delayed like a bomb timer, which is set to execute at a certain time. Terrorism mainly occurs where we are more vulnerable, reliant and depends on the system. Nowadays more sophisticated terrorist bombs are on the horizon as computers provide the ability for multiple devices to communicate autonomously. The terrorist may adopt the means of bombing, hijacking, kidnapping a political leader etc. These offences are given a colour of political offence and the objectives sought to free the society from the political, social, economic exploitation of the citizen from the established authority in the state.
In India, Rajiv Gandhi’s assassination by female suicide bomber Dhanu was first major accident of suicide attack.[xxiii] We all remember the terrorist attack on Mumbai on November 26, 2008 where the terrorist used the most advanced technology in order to carry out the attacks. They used remailer service to send emails, while maintain anonymity which revealed the sophisticated technologies used by the terrorist to carry out their attacks.[xxiv] Subsequently, it was discovered that all calls which were made to plan the attacks were made by using the Voice over Internet Protocol (VOIP).[xxv]
There have been many attacks by Pakistan as they have bitterness over losing two wars with India over Kashmir issue. The Pakistan Cyber Army hacked into the website of the Indian Institute of Remote Sensing, the Centre for Transportation, Research and Management, the Kendriya Vidyalaya of Ratlam (schools run by the Indian Army)- and the Oil and Natural Gas Corporation of India.[xxvi] On December 15, 2009, computers in the Indian Prime Minister’s Office (PMO) and the Ministry of External Affairs in New Delhi were hacked by planting a ‘Trojan virus’ from a mail purportedly sent from China. The Trojan virus allowed the attackers to access delete the personal Gmail accounts of Government officials.[xxvii] Though India is considered slow in developing corrective measures for curbing web-attack and even has failed many times, still it is making continuous efforts to reduce down the same.
CHALLENGES OF FIGHTING CYBER CRIME
Innovations in IT have led to evolution of new criminal methods. Cyber offenders are using new tools to prevent identification and hamper investigations. The nonfigurative nature of cyber-crime poses tough challenges to prevent it at first place; and then to investigate it. These challenges can be broadly categorised as- General Challenges and Legal Challenges.
Dependency on IT–
Today we have become slaves to internet services in all aspects of life because everything is available in just a click. Many scholarly intellectual material related to academics is available online. Many financial services including e-commerce and e-banking are online. To bring transparency in governance Governments also uses internet as medium to share with citizens certain information of governance through its official websites. This information can be easily accessed and can be used to commit cyber-crimes.
Easy Availability of Crime Devices–
Only basic equipments are needed to commit Cyber-crime such as- Hardware, Software, and Internet Access.[xxviii] These inputs are available at a very nominal cost. For internet access, offenders try to use services that do not require verified registration. Such services include- Public internet terminals, Wireless networks and Hacked Networks.[xxix]
Independence of Location–
The physical presence of cyber offenders at the site of crime scene is completely immaterial. They can commit it sitting at any part of the world. This is the biggest problem to investigating agencies as it complexes the investigation and makes tracing of offenders very difficult.
Challenges in Drafting a National Law –
The field of Information Technology is highly dynamic with new innovations and technological development taking place regularly.[xxx] This gives potential offenders a fair chance to develop new types of crimes and widen their area of cyber-attacks. With new types of crimes emerging regularly it becomes difficult to define and codify them into the existing law. Neither it is possible to amend the existing statute each time a new crime is identified. Hence, it becomes extremely challenging to draft a national law that could encompass all possible crimes.
Impotency of laws –
Cyber laws existing today worldwide are inadequate. Most of them have weak penalties which limit deterrence.[xxxi] Secondly, self-protection remains the first line of defence.[xxxii] Precautionary measures are emphasised than punitive ones. The procedural laws and laws of evidence that govern cyber trails are often found to be inadequate in most countries.
SOLUTIONS TO TACKLE CYBER CRIME
Cyber-crime has become a part of cyber world today. Everyone accessing internet is equally vulnerable to cyber-attacks. It is always wise to us to take precaution rather than seeking remedy. This however does not mean that remedial solutions are of little use. Here, we would like to suggest three types of solutions to cyber-crime.
Precautionary solutions or pre-crime solutions wherein a user of a computer system or a network is required to do and to omit to do certain acts; the commission or omission of which can make the user an easy target of potential offenders. In brief, these measures help to prevent the commission of crimes at first place. These include-
- Avoid disclosing any information pertaining to one self to prevent cyber stalking.[xxxiii]
- Always keep backup of your data so that one may not suffer data loss because of sudden online virus attacks.
- In case of doubts on credibility of transaction through certain online financial portals, avoid giving any financial information like credit card number, bank account etc to avoid financial frauds.
- Avoid referring, storing or copying files from unknown or entrusted source such as download from internet or unauthentic e-mail attachments.[xxxiv]
Information technology is the mother of cyber-crimes. In other words cyber-crime is nothing more than wrongful use of computer technology. Hence, technological innovations are the primary and perhaps most important tool to fight cyber crime. Development of new technology to prevent, locate and investigate cyber crimes should be a continuous process. Governments should encourage research in this sector by providing financial support for developing such cyber technologies. Developers of such technologies should be rewarded. Further, cyber experts themselves should not engage in any such wrongful use of technology that could cause any form of suffering to anyone. Efforts should be made gradually to make these positive technologies accessible to all.
Law can also act as very powerful tool to fight cyber crime. As the famous “Deterrent Theory of Punishment” says- “penalties or punishment for a crime should be so strict that it prevents the offenders and potential offenders to commit the crime.” Same should be the guiding line while drafting punishment for cyber crimes. Further, judiciary should also be extra cautious while dealing with cyber cases in the courtroom. E-courts can also help in speeding the process of justice. Since new types of cyber crimes are emerging, cyber laws should be revised and updated consistently and there must be scope for trail and punishment for any crime that is new to cyber world. Study of cyber laws and cyber jurisprudence should be encouraged among law students so that our country gets better quality of lawyers, judges, and law makers who are well equipped to meet the challenges of illegal practices of cyber world.
STATUTORY PROVISIONS IN INDIA AND ITS ANALYSIS
In India, Information Technology Act, 2000 is the umbrella legislation that provides legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce.”[xxxv] The Act also sought consequential amendments in Indian Penal Code and Indian Evidence Act, Reserve Bank of India Act, 1934 and Banker’s Book Evidence Act to make them compatible with this Act.
Till 2000, India’s cyber space was unregulated in a way. But with the coming of this act, netizens[xxxvi] have heaved a sigh of relief and a number of their concerns have been the Information Technology (Amendment) Act, 2009. The act has been successful in regulating e-commerce in India. It is also a safeguard against cyber-crimes to a large extent but with certain limitations. The I.T. Act deals with various cyber-crimes in chapters IX and XI, 43, 65, 66, and 67 being the important sections. In the analysis of the act we would restrict ourselves to above said chapters. Few of the observations or loopholes of the statute are-
- The Act comprises of 94 sections and 13 chapters. But majority of sections deal with the provisions of promoting e-commerce. Cyber offences and its penalty are defined only in two (9 and 11) chapters. Hence, it seems that the primary intent of legislature was to promote and regulate e-commerce and not to prevent and penalise cyber crimes.
- Under section 79 of the act, Intermediaries are not to be liable under certain cases of cyber crimes. A cyber cafe is also an “Intermediary” hence the obligations under section 79 and the rules framed therein for intermediaries already apply to cyber cafe. These rules for cyber cafes are incomplete and require further rule making by state governments.[xxxvii]
- Pornography by Indian websites is strictly prohibited by the act but pornography on foreign websites is let loose and nothing is being discussed about it. This gives space to Indian cyber criminals to host their pornography related website’s content in foreign shores without being penalised.
- Police is restricted under Cr PC to search private places. Neither in this act is any special powers provided to police to search private places. Cyber criminals mostly operate from homes, where police cannot search.
It is practically impossible to eliminate cyber-crime from cyber world; but it can definitely be prevented. No legislation till now has eradicated any crime completely but they have been successful in preventing them. Similarly cyber-crime also cannot be removed completely by any law but it can be prevented through joint efforts of individual, technology and law. It is the time to make aware ourselves aware about commissions and omissions of certain act while working on internet so that we do not become a victim of any such crime. Technology has given birth to this crime and without it; it’s impossible to investigate and control cyber-crimes. Law though currently not well equipped today in India; but can act as a strong deterrent to avoid such crimes.
Edited by Hariharan Kumar
[i] Dashora Kamini, Journal of Alternative Perspectives in the Social Sciences ( 2011) Vol 3, No 1, 240-259.
[iii]Dr. Gupta & Agrawal, Cyber Laws and laws relating to Information technology.
[iv] It is important to note here that sending viruses or telemarketing solicitations are not in and of themselves indicative of stalking. However, if these communications are repetitively sent in a manner which is designed to intimidate (ie: similar to the manner in which IRL stalkers send subscriptions to pornographic magazines), than they may constitute “concerning behaviours” and hence be included as stalking.
[v] REPORT TO CONGRESS, supra note 4, at 3-4
[vi]Dr. Gupta & Agrawal, Cyber Laws and laws relating to Information technology
[vii] Jaishankar K & Uma Shankar V, Cyber Stalking: A Global Menace in the Information Super Highway,
[viii] Dr. Gupta & Agrawal, Cyber Laws and laws relating to Information technology
[x]Seth Kamika, Computers Internet and New Technology Laws, Updated edition 2013.
[xi] Dr. Gupta & Agrawal, Cyber Laws and laws relating to Information technology.
[xiii]W Fisher III William, “The Growth of Intellectual Property : A History of Ownership of Ideas in US” at http://cyber.law.harvard.edu/property00/orient.html , (accessed last on April 4, 2014 at 2:00 pm.)
[xiv]Dr. Gupta & Agrawal, Cyber Laws and laws relating to Information technology
[xv] “Top 10 Countries for Music Piracy”, Zdnet Research, 8th August, 2005, accessed at http://www.zdnet.com/blog/itfacts/top-10-countries-for-music-piracy-brazil-china-india-indonesia-mexico-pakistan-paraguay-russia-spain-and-ukrain/8613, (accessed last on March 30, 2014 at 6:00 pm.)
[xvi] R.G. Anand v Delux Films, AIR 1978 SC 1613, (1978) 4 SCC 118
[xvii] 78(1999) DLT 285
[xviii] 2010 (2) SCC 677,  1 SCR 543
[xix] CIT v Mastek Limited, 2010 (13) SCC 58
[xx] AIR 2001 Del 463
[xxii]Dr. Gupta & Agrawal, Cyber Laws and laws relating to Information technology.
http://www.livemint.com/2009/01/15222108/Tweaking-the-law-to-deal-with.html , (accessed last on March 30, 2014 at 6:00 pm.)
[xxvi] Nanda Prakash, ‘India’s Cyber Crime Challenge,’ UPI, http://www.upiasia.com/Security/2010/03/09/indias_cyber_crime_challenge/6678/ , (accessed last on March 30, 2014 at 6:00 pm.)
[xxvii] “Indian PMO, External Affairs Ministry networks ‘hacked’,” Technology Base, January 16, 2010.
[xxviii] Mali Prashant, Cyber Law and Cyber Crimes, Snowwhlte publications.
[xxx] Justice Singh Yatinder, Cyber laws.
[xxxi] N.C. Jain, Cyber Law, Allahabad Law Agency, p(103)
[xxxiii] Dashora Kamini, Journal of Alternative Perspectives in the Social Sciences ( 2011) Vol 3, No 1, 240-259
[xxxiv] Mali Prashant, Cyber Law and Cyber Crimes, Snowwhlte publications.
[xxxv] Preamble , The Information Technology Act, 2000 , (21 of 2000)
[xxxvi] Any person associated with computers, IT, and internet
[xxxvii] Mali Prashant, Cyber Law and Cyber Crimes, Snowwhlte publications.