CYBER LAW & INFORMATION TECHNOLOGY
Addl. Distt. & Sessions Judge, Delhi
Success in any field of human activity leads to crime that needs mechanisms to control it. Legal provisions should provide assurance to users, empowerment to law enforcement agencies and deterrence to criminals. The law is as stringent as its enforcement. Crime is no longer limited to space, time or a group of people. Cyber space creates moral, civil and criminal wrongs. It has now given a new way to express criminal tendencies. Back in 1990, less than 100,000 people were able to log on to the Internet worldwide. Now around 500 million people are hooked up to surf the net around the globe.
Until recently, many information technology (IT) professionals lacked awareness of and interest in the cyber crime phenomenon. In many cases, law enforcement officers have lacked the tools needed to tackle the problem; old laws didn’t quite fit the crimes being committed, new laws hadn’t quite caught up to the reality of what was happening, and there were few court precedents to look to for guidance. Furthermore, debates over privacy issues hampered the ability of enforcement agents to gather the evidence needed to prosecute these new cases. Finally, there was a certain amount of antipathy—or at the least, distrust— between the two most important players in any effective fight against cyber crime: law enforcement agencies and computer professionals. Yet close cooperation between the two is crucial if we are to control the cyber crime problem and make the Internet a safe “place” for its users.
Law enforcement personnel understand the criminal mindset and know the basics of gathering evidence and bringing offenders to justice. IT personnel understand computers and networks, how they work, and how to track down information on them. Each has half of the key to defeating the cyber criminal. IT professionals need good definitions of cybercrime in order to know when (and what) to report to police, but law enforcement agencies must have statutory definitions of specific crimes in order to charge a criminal with an offense. The first step in specifically defining individual cybercrimes is to sort all the acts that can be considered cybercrimes into organized categories.
United Nations’ Definition of Cybercrime
Cybercrime spans not only state but national boundaries as well. Perhaps we should look to international organizations to provide a standard definition of the crime. At the Tenth United Nations Congress on the Prevention of Crime and Treatment of Offenders, in a workshop devoted to the issues of crimes related to computer networks, cybercrime was broken into two categories and defined thus:
a. Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by means of electronic operations that targets the security of computer systems and the data processed by them.
b. Cybercrime in a broader sense (computer-related crime): Any illegal behavior committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession [and] offering or distributing information by means of a computer system or network.
Of course, these definitions are complicated by the fact that an act may be illegal in one nation but not in another.
There are more concrete examples, including
i. Unauthorized access
ii. Damage to computer data or programs
iii. Computer sabotage
iv. Unauthorized interception of communications
v. Computer espionage
These definitions, although not completely definitive, do give us a good starting point—one that has some international recognition and agreement—for determining just what we mean by the term cybercrime.
In Indian law, cyber crime has to be voluntary and willful, an act or omission that adversely affects a person or property. The IT Act provides the backbone for e-commerce and India’s approach has been to look at e-governance and e-commerce primarily from the promotional aspects looking at the vast opportunities and the need to sensitize the population to the possibilities of the information age. There is the need to take in to consideration the security aspects.
In the present global situation where cyber control mechanisms are important we need to push cyber laws. Cyber Crimes are a new class of crimes to India rapidly expanding due to extensive use of internet. Getting the right lead and making the right interpretation are very important in solving a cyber crime. The 7 stage continuum of a criminal case starts from perpetration to registration to reporting, investigation, prosecution, adjudication and execution. The system can not be stronger than the weakest link in the chain. In India, there are 30 million policemen to train apart from 12,000 strong Judiciary.
Police in India are trying to become cyber crime savvy and hiring people who are trained in the area. Many police stations in Delhi have computers which will be soon connected to the Head Quarters. Cyber Police Stations are functioning in major Cities all over the Country. The pace of the investigations can become faster; judicial sensitivity and knowledge need to improve. Focus needs to be on educating the police and district judiciary. IT Institutions can also play a role in this area. We need to sensitize our investigators and judges to the nuances of the system. National judicial Academy at Bhopal (MP) and State Judicial Academies are also running short-term Cyber Courses for Judges but much more is needed to be done.
Technology nuances are important in a spam infested environment where privacy can be compromised and individuals can be subjected to become a victim unsuspectingly. Most cyber criminals have a counter part in the real world. If loss of property or persons is caused the criminal is punishable under the IPC also. Since the law enforcement agencies find it is easier to handle it under the IPC, IT Act cases are not getting reported and when reported are not necessarily dealt with under the IT Act. A lengthy and intensive process of learning is required.
A whole series of initiatives of cyber forensics were undertaken and cyber law procedures resulted out of it. This is an area where learning takes place every day as we are all beginners in this area. We are looking for solutions faster than the problems can get invented. We need to move faster than the criminals.
The real issue is how to prevent cyber crime. For this, there is need to raise the probability of apprehension and conviction. India has a law on evidence that considers admissibility, authenticity, accuracy, and completeness to convince the judiciary. The challenge in cyber crime cases includes getting evidence that will stand scrutiny in a foreign court. For this India needs total international cooperation with specialised agencies of different countries. Police has to ensure that they have seized exactly what was there at the scene of crime, is the same that has been analysed and the report presented in court is based on this evidence. It has to maintain the chain of custody. The threat is not from the intelligence of criminals but from our ignorance and the will to fight it. The law is stricter now on producing evidence especially where electronic documents are concerned.
The computer is the target and the tool for the perpetration of crime. It is used for the communication of the criminal activity such as the injection of a virus/worm which can crash entire networks. The Information Technology (IT) Act, 2000, specifies the acts which have been made punishable. Since the primary objective of this Act is to create an enabling environment for commercial use of I.T., certain omissions and commissions of criminals while using computers have not been included. With the legal recognition of Electronic Records and the amendments made in the several sections of the IPC vide the IT Act, 2000, several offences having bearing on cyber-arena are also registered under the appropriate sections of the IPC.
As per the report of National Crime Records Bureau, in 2005, a total 179 cases were registered under IT Act 2000, of which about 50 percent (88 cases) were related to Obscene Publications / Transmission in electronic form, normally known as cyber pornography. 125 persons were arrested for committing such offences during 2005. There were 74 cases of Hacking of computer systems during the year wherein 41 persons were arrested. Out of the total (74) Hacking cases, those relating to Loss/Damage of computer resource/utility under Sec 66(1) of the IT Act were 44.6 percent (33 cases) whereas the cases related to Hacking under Section 66(2) of IT Act were 55.4 percent (41 cases). Tamil Nadu (15) and Delhi (4) registered maximum cases under Sec 66(1) of the IT Act out of total 33 such cases at the National level. Out of the total 41 cases relating to Hacking under Sec. 66(2), most of the cases (24 cases) were reported from Karnataka followed by Andhra Pradesh (9) and Maharashtra (8).
During the year, a total of 302 cases were registered under IPC Sections as compared to 279 such cases during 2004 thereby reporting an increase of 8.2 percent in 2005 over 2004. Gujarat reported maximum number of such cases, nearly 50.6 percent of total cases (153 out of 302) like in previous year 2004 followed by Andhra Pradesh 22.5 percent (68 cases). Out of total 302 cases registered under IPC, majority of the crimes fall under 2 categories viz. Criminal Breach of Trust or Fraud (186) and Counterfeiting of Currency/Stamps (59). Though, these offences fall under the traditional IPC crimes, the cases had the cyber tone wherein computer, Internet or its related aspects were present in the crime and hence they were categorised as Cyber Crimes under IPC. Out of the 53,625 cases reported under head Cheating during 2005, the Cyber Forgery (48 cases) accounted for 0.09 percent. The Cyber frauds (186) accounted for 1.4 percent out of the total Criminal Breach of Trust cases (13,572).
The Forgery (Cyber) cases were highest in Andhra Pradesh (28) followed by Punjab (12). The cases of Cyber Fraud were highest in Gujarat (118) followed by Punjab (28) and Andhra Pradesh (20). A total of 377 persons were arrested in the country for Cyber Crimes under IPC during 2005. Of these, 57.0 percent (215) of total such offenders (377) were taken into custody for offences under 'Criminal Breach of Trust/Fraud (Cyber)', 22.0 percent (83) for ‘Counterfeiting of Currency/Stamps’ and 18.8 percent (71) for offences under ‘Cyber Forgery’. The States such as Gujarat (159), Andhra Pradesh (110), Chhattisgarh and Punjab (51 each) have reported higher arrests for Cyber Crimes registered under IPC. Bangalore (38), Chennai (20) and Delhi (10) cities have reported high incidence of such cases (68 out of 94 cases) accounting for more than half of the cases (72.3%) reported under IT Act, 2000. Surat city has reported the highest incidence (146 out of 163 cases) of cases reported under IPC sections accounting for more than 89.6 percent.
The latest statistics show that cybercrime is actually on the rise. However, it is true that in India, cybercrime is not reported too much about. Consequently there is a false sense of complacency that cybercrime does not exist and that society is safe from cybercrime. This is not the correct picture. The fact is that people in our country do not report cybercrimes for many reasons. Many do not want to face harassment by the police. There is also the fear of bad publicity in the media, which could hurt their reputation and standing in society. Also, it becomes extremely difficult to convince the police to register any cybercrime, because of lack of orientation and awareness about cybercrimes and their registration and handling by the police.
A recent survey indicates that for every 500 cybercrime incidents that take place, only 50 are reported to the police and out of that only one is actually registered. These figures indicate how difficult it is to convince the police to register a cybercrime. The establishment of cybercrime cells in different parts of the country was expected to boost cybercrime reporting and prosecution. However, these cells haven’t quite kept up with expectations.
Netizens should not be under the impression that cybercrime is vanishing and they must realize that with each passing day, cyberspace becomes a more dangerous place to be in, where criminals roam freely to execute their criminals intentions encouraged by the so-called anonymity that internet provides.
The absolutely poor rate of cyber crime conviction in the country has also not helped the cause of regulating cybercrime. There has only been few cybercrime convictions in the whole country, which can be counted on fingers. We need to ensure that we have specialized procedures for prosecution of cybercrime cases so as to tackle them on a priority basis,. This is necessary so as to win the faith of the people in the ability of the system to tackle cybercrime. We must ensure that our system provides for stringent punishment of cybercrimes and cyber criminals so that the same acts as a deterrent for others.
A survey released by the UK government has revealed that the British public is now more fearful of cybercrime than burglary and crimes against the person. According to its results, Internet users fear bankcard fraud the most (27 percent), followed by cybercrime (21 percent) and burglary (16 percent). This shows that hi-tech crime has firmly overtaken conventional burglaries, muggings and thefts in the list of the public’s fears, as the Internet has become firmly embedded into the British society, with some 57 percent of households having online access. Interestingly, University of Abertay in Dundee, Scotland (UK) is now offering a BSc Hons in Ethical Hacking and Countermeasures.
An initiative has been taken to provide a much-awaited On-Line Library of Cyber Cases in India. It is updated regularily and provides the relevant law, regulations, cases and articles related to cyber law. The Library can be assessed at www.cybercases.blogspot.com .