Cyber Crime-emerging Area In Criminal Law.docx

RAJIV GANDHI NATIONAL UNIVERSITY OF LAW, PUNJAB (ESTABLISHED UNDER THE PUNJAB ACT 12 OF 2006)

A Project Study Submitted in Partial Fulfilment of the Requirements for LL.M. Course

CYBER CRIME: EMERGING AREA IN CRIMINAL LAW

Supervised by

Submitted By

Ms. Gurmanpreet Kaur

Bhavana Singla

Asst. Professor of Law,

Roll No.15537

Rajiv Gandhi National University of Law, Punjab, Patiala.

Page | 1

TABLE OF CONTENTS CHAPTER-1 ............................................................................................................................. 3 INTRODUCTORY: WHAT IS CYBER CRIME? ............................................................... 3 1.1 Introduction ...................................................................................................................... 3 1.2 What is Cyber Crime? ...................................................................................................... 4 1.3 New Emerging Area of Criminal Law: Cyber Crime ...................................................... 5 CHAPTER-2 ............................................................................................................................. 8 CYBER LAW: INDIAN PERSPECTIVE ............................................................................. 8 2.1 The Genesis of IT legislation in India .............................................................................. 8 2.2 Objectives of I.T. legislation in India ............................................................................... 8 2.3 Offences and Penalties under the Act .............................................................................. 9 2.4 Cases of Cyber Crimes in India ..................................................................................... 15 CHAPTER-3 ........................................................................................................................... 17 CHALLENGES/ CONSTRAINTS TO CYBER LAW IN INDIA .................................... 17 3.1 Jurisdiction Issues .......................................................................................................... 17 3.2 Cyber Pornography ........................................................................................................ 17 3.3 Capability of ITA 2008 of recognizing crimes that we see every day in Cyber Space . 18 3.4 Effectiveness of Cyber Judiciary system ....................................................................... 20 3.5 Are “Intermediaries” and “Corporates” co-operative with the law enforcement? ......... 21

Page | 2

CHAPTER-1 INTRODUCTORY: WHAT IS CYBER CRIME? “The modern thief can steal more with a computer than with a gun. Tomorrow’s terrorist may be able to do more damage with a keyboard than with a bomb”. - National Research Council, ‘Computers at Risk’1 1.1 Introduction Crime is both a social and economic phenomenon. It is as old as human society. Many ancient books right from pre-historic days, and mythological stories have spoken about crimes committed by individuals be it against another individual like ordinary theft and burglary or against the nation like spying, treason etc. Kautilya’s Arthashastra written around 350 BC, considered to be an authentic administrative treatise in India, discusses the various crimes, security initiatives to be taken by the rulers, possible crimes in a state etc. and also advocates punishment for the list of some stipulated offences. Different kinds of punishments have been prescribed for listed offences and the concept of restoration of loss to the victims has also been discussed in it. Crime in any form adversely affects all the members of the society. In developing economies, cyber crime has increased at rapid strides, due to the rapid diffusion of the Internet and the digitisation of economic activities. Thanks to the huge penetration of technology in almost all walks of society right from corporate governance and state administration, up to the lowest level of petty shop keepers computerizing their billing system, we find computers and other electronic devices pervading the human life. The penetration is so deep that man cannot spend a day without computers or a mobile. Snatching some one’s mobile will tantamount to dumping one in solitary confinement. Cyber Crime is not defined in Information Technology Act 2000 or in the I.T. Amendment Act 2008 or in any other legislation in India. In fact, it cannot be too. Offence or crime has been dealt with elaborately listing various acts and the punishments for each, under the Indian Penal Code, 1860 and quite a few other legislations too. Hence, to define cyber crime, we can

1

Global Economic Crime Survey- India Report, 2013.

Page | 3

say, it is just a combination of crime and computer. To put it in simple terms ‘any offence or crime in which a computer is used is a cyber crime’. Interestingly even a petty offence like stealing or pick-pocket can be brought within the broader purview of cyber crime if the basic data or aid to such an offence is a computer or an information stored in a computer used (or misused) by the fraudster. The I.T. Act defines a computer, computer network, data, information and all other necessary ingredients that form part of a cyber crime. In a cyber crime, computer or the data is itself the target or the object of offence or a tool in committing some other offence, providing the necessary inputs for that offence. All such acts of crime will come under the broader definition of cyber crime.

1.2 What is Cyber Crime? Cyber crime is a term used to broadly describe criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity and include everything from electronic cracking to denial of service attacks. It is also used to include traditional crimes in which computers or networks are used to enable the illicit activity2. Cyber crimes are technology based crimes and the computer or internet itself can be used as a weapon or means to do such crimes quite freely. They are organized and whitecollar crimes like cyber frauds, hacking, data theft, phishing, identity theft etc. Cyber crimes are committed with the help of technology and cyber criminals have deep understanding of technology. In fact, cyber criminals are technocrats who understand the intricacies of information technology. Cyber crimes do not consider any boundaries or territorial barriers3. According to Information Technology Act, 2000 Cyber Crime is “the acts that are punishable by the Information Technology Act". It is not exhaustive as the Indian Penal Code also covers many cyber crimes, such as email spoofing and cyber defamation, sending, threatening emails4.

Dr.B.Muthukumaran, Chief Consultant, Gemini Communication Ltd., “Cyber crime scenario in India”, Criminal Investigation Department Review-January2008 3 “Common Cyber Crimes and Government Laws and Rules in Information Security” Unit 3, Information Technology Act 4 Kulwant Malik , “Emergence of Cyber Crime in India” , International Referred Research Journal,July,2011,ISSN-0975-3486, RNI: RAJBIL 2009/30097, VOL-II *ISSUE 22 2

Page | 4

1.3 New Emerging Area of Criminal Law: Cyber Crime Cybercrime incorporates anything from downloading illegal music files to stealing millions of dollars from online bank accounts. Cybercrime also includes non-money offenses, such as creating viruses on other computers or posting confidential business information on the Internet. These internet connected activities are as vulnerable to crime and can lead to victimization as effectively as common physical crimes. The types of crimes that are currently occurring have existed long before the Internet was around. By virtue of the tools being used today to commit cybercrimes, criminals are now more anonymous and provided with a virtual market of available victims. The responsibility falls on individuals to protect themselves and their families through safe online practices.

Cyber crime ranks as one of the top four types of economic crime. 

More than half (58%) perceive Information Technology department as a high risk Page | 5

   

department with respect to committing cyber crime. 96% said that their organisations monitor internal and external electronic traffic and webbased activity. About 80% of Indian respondents reported that cyber crime threat originates within India or through a combination of in and outside the country. About 2/3rd of respondents did not have access to forensic technology tools that are useful in combating cyber crime. 35% of respondents did not have any cyber security training in the last 12 months5.

Reasons for cyber crime emerging as one of the top frauds in India:

The increased media attention around recent cyber crime cases, leading to a heightened awareness about this type of fraud . Organisations may have installed extra controls in place to detect and therefore report more of such economic crime; or



Due to ambiguity around the definition of cyber crime and what it constitutes; or



The respondents may have re-classified some of the more traditional economic crimes as cyber crime because these were committed by using a computer, electronic devices or the internet; or



Increased focus from the regulators; or



Advancements in technology could have made it easier to commit cyber crimes.

What makes cyber crime different? Cyber Crime offers low risks and high rewards as compared to traditional crimes. For example, in an externally perpetrated cyber crime, a fraudster infiltrates a banking system, remotely, to steal money or personal information. The fraudster is at a lesser risk when compared to someone who physically steals assets from an organisation. There are fewer risks when committing cyber crime: 

The fraudster is not present at the location, hence the chances of getting caught are less.



Difficulties for law enforcement agencies to follow traditional investigative steps to prosecute the perpetrator owing to the different location and jurisdiction of the perpetrator.



The perpetrators can return to the scene of the crime with relatively minimal fear of detection.

5

Page | 6

In the present scenario, Criminals have changed their method and have started relying of the advanced technology, and in order to deal with them the society the legal and law enforcement authorities, the private corporations and organizations will also have to change. Further such experts must not only be knowledgeable but must also be provided with necessary technical hardware and software so that they can efficiently fight the cyber criminals. Thus necessary facilities must be established in various parts of the country so that crime in the virtual world can be contained.

Page | 7

CHAPTER-2 CYBER LAW: INDIAN PERSPECTIVE The primary source of cyber law in India is the Information Technology Act, 2000 (IT Act) which came into force on 17 October 2000.

2.1 The Genesis of IT legislation in India Mid 90’s saw an impetus in globalization and computerisation, with more and more nations computerizing their governance, and e-commerce seeing an enormous growth. Until then, most of international trade and transactions were done through documents being transmitted through post and by telex only. Evidences and records, until then, were predominantly paper evidences and paper records or other forms of hard-copies only. With much of international trade being done through electronic communication and with email gaining momentum, an urgent and imminent need was felt for recognizing electronic records ie the data what is stored in a computer or an external storage attached thereto. The United Nations Commission on International Trade Law (UNCITRAL) adopted the Model Law on e-commerce in 1996. The General Assembly of United Nations passed a resolution in January 1997 inter alia, recommending all States in the UN to give favourable considerations to the said Model Law, which provides for recognition to electronic records and according it the same treatment like a paper communication and record.

2.2 Objectives of I.T. legislation in India It is against this background the Government of India enacted its Information Technology Act 2000 with the objectives as follows, stated in the preface to the Act itself. “to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.”

Page | 8

The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000, got President assent on 9 June and was made effective from 17 October 2000. The Act essentially deals with the following issues: 

Legal Recognition of Electronic Documents



Legal Recognition of Digital Signatures



Offenses and Contraventions



Justice Dispensation Systems for cyber crimes

2.3 Offences and Penalties under the Act The various offences and the punishment provided for them are contained in Chapters IX and XI of the Act. These offences are briefly stated as follows:— 1. Unauthorized Access (Section 43) The section lays down that any person who accesses or secures access to a computer, computer system or computer network without permission of the owner or any person in charge of such computer, computer system or computer network, shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person who is so affected. The term “access” as defined in Section 2(1)(a) of the I.T. Act, means “gaining entry into, instructing or communicating with the logical, arithmetical or monetary function resources of a computer, computer system or computer network.” The following acts have been construed to fall within the purview of the term ‘access’ as contemplated by the Act:— a) Unlawfully switching over a computer; b) Using a software program installed on a computer; c) Viewing the contents of a floppy disk illegally; d) Illegally switching off a computer; e) Taking a computer print-out illegally; f) Logging on the Internet; and g) Pinging a computer.

Page | 9

The offence of unauthorised access is completed when data, data-base or information is downloaded, copied or extracted illegally from one computer to another. The term “download” connotes transfer of information from one computer to another. A new Section 43-A inserted in the principal Act by the amendment Act of 2008 provides for compensation (to the person affected) for failure to protect personal data or information in a computer resource. The section thus seeks to provide security to personal data and information against unauthorised assess. 2. Failure to furnish information, return etc. (Section 44) Where a person is required under this Act or any rules made there under to furnish any document, return or report to the Controller or Certifying Authority, fails to furnish the same, he shall be liable to pay penalty not exceeding 1.5 lakh rupees for each failure and in case of default, a penalty of 5,000/- rupees for everyday during which such failure or default continues. Section 45 of the Act provides for penalty for contravention of any rules made under the Act for which no penalty is specially provided in the Act. Thus, this section relates to residuary penalty and applies to certain sections of tine Act. Section 46 of the Act provides for adjudication of penalties to be imposed on the contravener after giving him reasonable opportunity of making representation in his case. The Adjudication officer shall have power to adjudicate matters in which the claim for injury or damage does not exceed five crore rupees. However, where the claim or damage exceeds this limit the jurisdiction to adjudicate shall vest in the competent court. 3. Tampering with computer source documents (Section 65) Tampering with the computer source documents is made punishable under Section 65 of the I.T. Act. The offences in respect of computer source documents (codes) are to be kept or maintained by law include knowingly or intentionally (i) concealing; (ii) destroying; (iii) altering; (iv) causing another to conceal; (v) causing another to destroy; (vi) causing another to alter the computer source code. In simpler words, for the purpose of Section 65, tampering means to conceal (hide or keep secret), destroy (demolish or reduce to nothing) or alter (change in characteristic or position) the computer source document.

Page | 10

4. Hacking (Section 66) The essential ingredients of the hacking are intention to cause wrongful loss or damage to any person by unlawful means or having knowledge that information residing in a computer resource document if concealed, destroyed or altered would cause damage to any person. This offence is punishable under this section with imprisonment which may extend to three years or with fine, which may extend to two lakh rupees or with both. 5. Publishing of information which is obscene in electronic form (Section 67) Pornography on the internet is punishable under section 67 of the I.T. Act. The term ‘publishing’ for the purpose of this section means, “To make generally known, formally promulgate or issue copies for sale to public.” This disseminating of pornographic material on the website is an offence punishable with imprisonment upto three years or with fine which may extend to two lakh rupees, or with both. 6. Failure to comply with directions of Controller (Section 68) Section 68 authorises the Controller or Certifying Authority to intercept any information transmitted through any computer resource whenever it is expedient to do so. Failure to comply with such order shall render a person liable to imprisonment for a term upto three years or fine upto two lakh rupees, or with both. However, the order passed by the Controller or Certifying Authority should be made if it is necessary to ensure compliance of any of the provisions of the I.T. Act or the rules made there under. 7. Power to issue directions of interceptions or monitoring or decryption of any information through any computer resource. (Section 69) The Controller or Certifying Authority or any employee of such Authority is authorised to intercept any information transmitted through any computer resource when it is expedient to do so in the interest of the sovereignty or integrity of India, the security of the state, friendly relations with foreign states or public order or for preventing incitement to commission of any cognizable offence. The new Section 69-A inserted in the principal Act by the Amendment Act of 2008 further empowers the Central Government to issue directions for blocking for public access of any information through any computer resource, in the interest of sovereignty and integrity of Page | 11

India. The reasons for doing so, should, however, he recorded in writing. The intermediary who fails to comply with the direction issued by the Government under this Section, shall be punished with imprisonment for a term which may extend to seven years, and shall also be liable to fine. Section 69-B as inserted by the I.T. (Amendment) Act of 2008 further empowers the Government to authorise monitoring and collection of traffic data or information through any computer resource for cyber security purposes. The punishment for contravention of this provision by the intermediary shall be imprisonment which may extend to three years and also fine. The information referred to in this section would apply to e-mail messages, pass-word protected files, encrypted information etc. 8. Accessing Protected System (Section 70) The special provisions contained in Section 70 relate to protected systems. The section provides that the appropriate Government may, by notification in the Official Gazette, declare any computer, computer system or computer network to be a ‘protected system’. Any person who secures access or attempts to secure access to a protected system in contravention of the provisions of this section shall be liable to punishment with imprisonment of either description which may extend to ten years and shall also be liable to fine. Two new sections, namely, Secs. 70-A and 70-B have been inserted in the principal Act by the IT. (Amendment) Act, 2008 which provide for appointment of a National Nodal Agency which will be responsible for all measures including Research and Development relating to protection of Central Information Infrastructure. Any organisation of the Govt, may be designated as the National Nodal Agency for this purpose. The National Nodal Agency so appointed, shall be called the Indian Computer Emergency Response Team (Section 70-B). 9. Misrepresentation (Section 71) Any misrepresentation while applying for a digital signature certification to the Controller or Certifying Authority has been made an offence under section 71 of the Act. Both, misrepresentation of any material fact and/or suppressing any material fact from the Page | 12

Controller or Certifying Authority for obtaining licence or digital signature certificate shall constitute an offence. A person while applying for a licence has to fill in the form as required by Rule 10 of the I.T. (Certifying Authorities) Rules, 2000 giving full details about himself. In case of applying for a digital signature certificate, a person is required to fill in the form prescribed by Rule 23 with complete information about himself. If any of the above information/details are misrepresented or suppressed, then the person guilty of such misrepresentation shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees or with both. 10. Penalty for breach of confidentiality or privacy (Section 72) Any person who wrongfully secures access to any electronic record, book, register, correspondence, information, document or other material in contravention of any provisions of the I.T. Act or rule framed there under shall be punished with imprisonment which may extend to two years or with fine upto one lakh rupees, or with both. However, this provision would not apply to disclosure of personal information of a person by a website by his/her email service provider. A new Section 72-A has been inserted by the Information Technology (Amendment) Act, 2008 providing punishment for disclosure of information in breach of lawful contract and securing access to any material containing personal information with intent to cause wrongful loss to a person or wrongful gain by the disclosure. The offence shall be punishable with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh, or with both. 11. Publishing Digital Signature Certificate false in certain particulars (Section 73) Publishing digital signature certificate false in certain particulars is a cyber offence punishable under section 73 of the Act. The punishment may extend to imprisonment upto two years, or with fine which may extend to one lakh rupees, or with both. It may be stated that provisions relating to acceptance of the Digital Signature Certificate by the subscriber are contained in Section 41 of the I.T. Act whereas the provisions relating to suspension of digital signature certificate are enshrined in Section 37 of the Act. Page | 13

The I.T. Act prohibits making available a Digital Signature Certificate with the knowledge that— a) The Certifying Authority listed in the certificate has not issued it; or b) The subscriber listed in the certificate has not accepted it; or c) The certificate has been revoked or suspended. 12. Publishing Digital Signature Certificate for fraudulent purposes (Section 74) This section provides that whoever knowingly creates, publishes or otherwise makes available a Digital Signature Certificate for any fraudulent or unlawful purpose or knowingly publishes or makes it available for any such purpose, commits an offence under the I.T. Act and the offender may be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both. 13. Compounding of Offences (Section 77-A) The new section inserted in the principal Act by the I.T. (Amendment) Act, 2008, provides for compounding of offences under the Act by the court of competent jurisdiction provided they are not punishable with imprisonment for life or imprisonment for a term exceeding three years. However, the court shall not compound any offence where the accused by reason of his previous conviction is liable to enhanced punishment or the accused is charged for any socio-economic offence or the offence has been committed against a child below 18 years of age or a woman. 14. Offences with three years punishment to be bailable (Section 77-B) The new section added in the principal Act by the Amendment Act of 2008 provides that the offences punishable under the Act upto three years imprisonment shall be cognizable and bailable notwithstanding anything contained in the Code of Criminal Procedure 1973. Initially, the power to investigate offence under the Act was vested in a police office not below the rank of Deputy Superintendent of Police vide Section 78 of the Act, but this section has been amended by the I.T. (Amendment) Act, 2008 and now this power vests in the Inspector of Police.

Page | 14

2.4 Cases of Cyber Crimes in India 1) Pune Citibank Mphasis call center fraud It is a case of sourcing engineering. US $ 3, 50,000 from City bank accounts of four US customers were dishonestly transferred to bogus accounts in Pune, through internet. Some employees of a call centre gained the confidence of the US customers and obtained their PIN numbers under the guise of helping the customers out of difficult situations. Later they used these numbers to commit fraud. Highest security prevails in the call centers in India as they know that they will lose their business. The call center employees are checked when they go in and out so they cannot copy down numbers and therefore they could not have noted these down. They must have remembered these numbers, gone out immediately to a cyber café and accessed the Citibank accounts of the customers. All accounts were opened in Pune and the customers complained that the money from their accounts was transferred to Pune accounts and that’s how the criminals were traced. Police has been able to prove the honesty of the call center and has frozen the accounts where the money was transferred. 2) Parliament attack case Bureau of Police Research and Development at Hyderabad had handled some of the top cyber cases, including analyzing and retrieving information from the laptop recovered from terrorist, who attacked Parliament. The laptop which was seized from the two terrorists, who were gunned down when Parliament was under siege on December 13 2001, was sent to Computer Forensics Division of BPRD. The laptop contained several evidences that confirmed of the two terrorists’ motives, namely the sticker of the Ministry of Home that they had made on the laptop and pasted on their ambassador car to gain entry into Parliament House and the fake ID card that one of the two terrorists was carrying with a Government of India emblem and seal. The emblems (of the three lions) were carefully scanned and the seal was also crafty made along with residential address of Jammu and Kashmir. But careful detection proved that it was all forged and made on the laptop. 3) Andhra Pradesh tax case The owner of a plastics firm in Andhra Pradesh was arrested and Rs. 22 crore cash was recovered from his house by the Vigilance Department. They sought an explanation from him Page | 15

regarding the unaccounted cash. The accused person submitted 6,000 vouchers to prove the legitimacy of trade, but after careful scrutiny of vouchers and contents of his computers it revealed that all of them were made after the raids were conducted. It was revealed that the accused was running five businesses under the guise of one company and used fake and computerized vouchers to show sales records and save tax. Thus the dubious tactics of the prominent businessman from Andhra Pradesh was exposed after officials of the department got hold of computers used by the accused person. 4) The bank NSP case The Bank NSP case is the one where a management trainee of the bank was engaged to be married. The couple exchanged many emails using the company computers. After some time the two broke up and the girl created fraudulent email ids such as “Indian bar associations” and sent emails to the boy’s foreign clients. She used the banks computer to do this. The boy’s company lost a large number of clients and took the bank to court. The bank was held liable for the emails sent using the bank’s system.

Page | 16

CHAPTER-3 CHALLENGES/ CONSTRAINTS TO CYBER LAW IN INDIA 3.1 Jurisdiction Issues Jurisdiction is one of the debatable issues in the case of cyber crime due to the very universal nature of the cyber crime. With the ever-growing arm of the cyber space the territorial concept seems to vanish. New Methods dispute resolution should give way to the conventional methods. Thus, the Information Technology Act, 2000 is silent on these issues. Though S. 75 provides for extra-territorial operations of this law, but they could be meaningful only when backed with provisions recognizing orders and warrants for Information issued by competent authorities outside their jurisdiction and measure for cooperation‘s for exchange of material and evidence of computers crimes between law enforcement agencies.

3.2 Cyber Pornography Cyber pornography refers to stimulating sexual or other erotic activity over the internet. It would include pornographic websites; pornographic magazines produced using computers (to publish and print the material) and the Internet (to download and transmit pornographic pictures, photos, writing, etc.) Information technology made it much easier to create and distribute pornographic materials through the Internet, as it can be transmitted in any part of the world within a few seconds.

The pornographic industry is larger than the revenues of the top technology companies combined: Microsoft, Google, Amazon, Yahoo!, e-bay, and the likes. The growth of technology has flip side to it causing multiple problems in everyday life. Internet has provided a medium for the facilitation of crimes like pornography. As a result 50% of the websites exhibit pornographic material on the internet and thus, considered to be, one of the largest businesses on the Internet today. The increasing numbers of pornographic websites that flourish on the Internet are evidence to it.

Page | 17

Owing to the fast reproduce on new storage media like Hard-disk, CD-ROMS, Pen- Drives, etc. it proves as a fast means of its distribution. Reasons for Rise in Cyber Pornography a) Firstly, the technological development has reached to such an extent that life without such communication devices is not possible. This led to fast and easy access to these technologies, making it more and more effortless as compared to the traditional form. With this, one can access the pornographic material online. One can view this content at free of cost in the privacy of their own home. b) One finds it difficult to purchase this type of content in the printed form, especially the youngsters and children‘s. There was a fear among them which comes with purchasing pornographic materials or embarrassment of being caught or with it. Such hurdles have now been removed as it is available in a matters of seconds and without any fear of being caught.

3.3 Capability of ITA 2008 of recognizing crimes that we see every day in Cyber Space Cyber Crime is an evolving field. As and when technology moves new types of misuse surface. It is not possible for law to exactly identify different types of crimes and suggest remedies. Hence Cyber Law has to describe offences only in general terms. This means that “incidents” need to be “interpreted” and mapped to different offences mentioned in the Act. Description of offences in ITA 2000 was more generic than in ITA 2008. Under ITA 2008 (Sec 66), “Diminishing the value or utility of information residing inside a computer by any means” was recognized as an offence. This was broad enough to fit any offence involving electronic information. To the extent this description remains a part of ITA 2008, except for the addition of the words “dishonestly” and “fraudulently”, it is possible to interpret most offences using an electronic document under ITA 2008. However, in ITA 2008, there is an attempt to add many sections to cover offences which can be covered under the above generic definition. As a result there is an overlap of some sections. Introduction of Sec 66A (Covering offences using e-mails), Section 66F (Providing life imprisonment for Cyber Terrorism), Section 67B (providing a more stringent provision Page | 18

for Child Pornography), Section 66B (retention of stolen computer devices) have added additional dimension to the description of crimes. Sections 67,67A along with Section 66E provide protection against obscenity. Section 43A and Section 72A have provided teeth to “Data Protection”. Section 43 is now integrated with Sec 66 and covers any offence where there has been an “Unauthorized Access” of a computer system resulting in wrongful harm. Sec 67C is a powerful section that increases the responsibilities of companies and intermediaries and also adds special strength to Section 65 which was already in existence. Sections 69,69A and 69B supported by Sec 70Bprovide enormous powers to Government agencies to enforce information security in the Cyber Space including households and private corporate sector. Sec 70 continues to provide powers to control information security in the Government systems. Sections 71, 73 and 74 provide protection to the Digital Signature system. 66C and 66 D supplement the controls against misuse of identity in the form of password theft or otherwise. There is an attempt to clarify on punishment for “Attempt to commit and offence” and “Assistance” as well as cognizability and compoundability. Overall therefore the provisions of ITA 2008 regarding defining of Cyber Crimes are reasonably covered. One omission is in the area of Cyber Squatting and domain name related disputes where there may be a need for creative interpretation of some of the existing provisions to bring offences under ITA 2008. Making offences with not more than 3 year imprisonment as “Bailable” has been considered as one of the weaknesses in ITA 2008. However this can also be considered as a measure of protecting innocent victims from being harassed. If this provision can be misused by offenders to manipulate evidences, it would be necessary for the Police to ensure that evidences are secured quickly. Judiciary should also be responsive in certain cases to sanction “E Discovery” so that evidence is secured before they are erased. Cyber Forensic capability being available within reach of Police at short notice therefore becomes a necessity in the emerging days. Page | 19

3.4 Effectiveness of Cyber Judiciary system Cyber Judiciary system envisaged under ITA 2000/8 essentially wanted that civil disputes are resolved without the enormous delays that exist in the country’s civil judiciary system. Hence though the powers of Civil Court were conferred on the Adjudicators and the Cyber Appellate Tribunal (CAT), these institutions were freed from being constrained by Civil Procedure Code and asked to follow the principles of natural justice. Adjudication was structured as more of an “Enquiry” so that the complaint was not required to provide evidences and witnesses and proof as may be necessary in a normal Civil Court. The role of the complainant was only to report the incident and the Adjudicator was more responsible to gather evidences through an enquiry and investigation through Police. Further the complainants were allowed to be represented by subject experts so that “Resolution” was the focus of the judicial bodies and not “procedures”. Also a time limit of 4 to 6 months was suggested for both the Adjudicator and the CAT to complete the process before the matter could reach the conventional judiciary at the High Courts as an appeal against the CAT. ITA 2008 also ensured that CAT can be a multi member body, can sit anywhere in India and also provided for setting up of multiple CATs in the country. The system of Adjudication and CAT as envisaged in ITA 2000/8 is therefore highly commendable and is an important instrument of making Cyber Law regime in the Country successful. The difficulties that are encountered in the Cyber Judiciary can be summarized as follows. a) Adjudicators who are IT Secretaries are hesitant to take up additional responsibilities associated with Adjudication. Hence complainants are turned off (subject to exceptions in some States like Tamil Nadu) just like the Police Stations refuse to register Cyber Crime complaints. b) Advocates familiar with the CPC are unable to accept the summary proceedings and the “Enquiry” nature of the proceedings at the Adjudication and find it difficult to adjust to the system. Gaining adjournments on flimsy grounds and taking unreasonable time for filing replies and counters every time is a strategy adopted by some counsels to delay matters. Since these are common in Civil Courts, there is a danger of the Cyber Judiciary system also going Page | 20

the Civil Judiciary way (as regards time required for completion of proceedings) unless the tendency is nipped in the bud. c) Most of the participants are so tuned to CPC that they are unable to avoid being bogged down by procedures which may consist of application being made in a certain number of copies, in a certain format, with Court fee stamping been affixed, with legal paper being used etc. and miss the essence of the “Principle of Natural Justice”. The casualty in this process is the “Time Limit” for completion of the adjudication or hearing of the Appeal in CAT. d) Coupled with the time delays is the issue of change of guard of either the Adjudicator or the CAT chief. By the time the incumbent comes to get a hang of Cyber Crimes and nuances of Cyber Crime judiciary, their term may come to an end and the learning curve starts again. e) Most of the Cyber Judicial offices are yet to use Virtual conference tools as provided in ITA 2000 and accompanying rules so as to reduce the cost of litigation and also to reduce delays. f) Substantial work is therefore required to ensure that Cyber Judiciary system lives up to the great expectations raised by ITA 2000/8.

3.5 Are “Intermediaries” and “Corporates” co-operative with the law enforcement? Intermediaries and Corporates always look at law enforcement as an intrusion to their work and hence will try to avoid working with them even when the corporate interest itself is involved. Most of the time Crimes committed within the corporate network is not reported and when identified, the perpetrator is only eased out of the job and not handed over to the law enforcement even when it is necessary in the interest of the society. Intermediaries in particular are store houses of investigative information and they are a big stumbling block in bringing cyber criminals to book. ITA 2000/8 therefore makes corporates and intermediaries liable for civil and criminal penalties when their resources are used in the commission of a crime. Though there is an element of opposition to the concept of “Due Diligence” amongst the corporate sector, this is the only way that cybercrimes can be reduced. Hence major IT service providers such as Internet and Mobile Companies, Banking and Share broking companies, E Commerce companies etc. need to implement information security from the Page | 21

perspective of preventing its users being saddled with liabilities. There is a need therefore to make every intermediary undergo periodical ITA 2008 compliance audit and take reasonable precautions to prevent occurrence of Cyber Crimes within their domain. This requires a change of heart in the commercially minded business entities to set aside some investment for information security and consumer education. There has only been few cybercrime convictions in the whole country, which can be counted on fingers which has helped making India a heaven for Cyber criminals. Challenges are more and they will be increasing with time. Our law enforcement agency needs to be more aware about the basics of Cyber Crime and they need to be oriented about the Cyber Laws in India. The judges also need to be aware about the cyber crimes as well as the conviction need to be faster. There is an urgent need to effectively implement cyber law and the reasons why it is extremely difficult for conventional law to cope with cyberspace are: 1. Cyberspace is an intangible dimension that is impossible to govern and regulate using conventional law. 2. Cyberspace has complete disrespect for jurisdictional boundaries. A person in India could break into a bank’s electronic vault hosted on a computer in USA and transfer millions of Rupees to another bank in Switzerland, all within minutes. All he would need is a laptop computer and a cell phone. 3. Cyberspace handles gigantic traffic volumes every second. Billions of emails are crisscrossing the globe even as we read this, millions of websites are being accessed every minute and billions of dollars are electronically transferred around the world by banks every day. 4. Cyberspace is absolutely open to participation by all. A ten-year-old in Bhutan can have a live chat session with an eight year-old in Bali without any regard for the distance or the anonymity between them. 5. Cyberspace offers enormous potential for anonymity to its members. Readily available encryption software tools that seamlessly hide information within image and sound files ensure the confidentiality of information exchanged between cybercitizens. Page | 22

6. Cyberspace offers never-seen-before economic efficiency. Billions of dollars worth of software can be traded over the Internet without the need for any government licenses, shipping and handling charges and without paying any customs duty.

Page | 23