CRIMES IN CYBERSPACE: RIGHT TO PRIVACY AND OTHER ISSUES By Mohak Rana NMIMS, School of Law, Mumbai Editor’s Note: The present era is marked by two things: heavy reliance on technology and virtual space. But behind the interfusion of these two there exists a world of potent threat and risks. These threats and risks are very much latent in nature and mostly the one committing it or the one upon whom it is committed are extremely difficult to be identified. For instance in crimes like cyber phishing, where a user shares his credentials to a disguised trustworthy site but subsequently becomes a victim of fraud. The pace with which such crimes are evolving is very striving yet a country like India lacks far behind when it comes to laws and rules regulating cyber world. Much to our surprise there is no definition of cyber crimes in India. Although we have come up with IT Act, 2000 and the subsequent amendment to it in 2008 yet we are not able to cover the complete ambit of cyber crimes. Like a very crucial issue of right to privacy. It has almost no relevance when the cyber crimes in India are investigated. This only shows the imbalance between age old procedure adopted in India and the advancement which Indian society has made. However liability can also be found under criminal and tort law which has maintained their coordination with the procedural part. INTRODUCTION “When a man is denied the right to live the life he believes in, he has no choice but to become an outlaw." ― Nelson Mandela What does crime mean? Crime, in modern times this term doesn’t have any universally accepted definition, but one can define crime, also called an offence as an act harmful not only to some individual, but also to the community or the state also known as public wrong. Such acts are forbidden and punishable by law. What is a criminal offence is defined by criminal law of each country. While many countries have a crime catalogue known as the criminal code however in some common law countries no such comprehensive statute exists. The state has the power to severely restrict one's liberty for committing a crime. Modern societies therefore adopt and adhere a criminal procedure during the investigation and trial of the offence and only if found guilty, the offender may be sentenced to various punishments, such as life imprisonment or in some jurisdictions like in India even death. To be classified as a crime, the act of doing something bad also called as actus reus must be usually accompanied by the intention to do something bad i.e. mens rea, with certain exceptions like strict liability. What is cyber crime?
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
CRIMES IN CYBERSPACE: RIGHT TO PRIVACY AND OTHER ISSUES
By Mohak Rana NMIMS, School of Law, Mumbai
Editor’s Note: The present era is marked by two things: heavy reliance on technology and virtual space.
But behind the interfusion of these two there exists a world of potent threat and risks. These threats and
risks are very much latent in nature and mostly the one committing it or the one upon whom it is
committed are extremely difficult to be identified. For instance in crimes like cyber phishing, where a user
shares his credentials to a disguised trustworthy site but subsequently becomes a victim of fraud. The
pace with which such crimes are evolving is very striving yet a country like India lacks far behind when it
comes to laws and rules regulating cyber world. Much to our surprise there is no definition of cyber
crimes in India. Although we have come up with IT Act, 2000 and the subsequent amendment to it in
2008 yet we are not able to cover the complete ambit of cyber crimes. Like a very crucial issue of right to
privacy. It has almost no relevance when the cyber crimes in India are investigated. This only shows the
imbalance between age old procedure adopted in India and the advancement which Indian society has
made. However liability can also be found under criminal and tort law which has maintained their
coordination with the procedural part.
INTRODUCTION
“When a man is denied the right to live the life he believes in, he has no choice but to become an outlaw."
― Nelson Mandela
What does crime mean?
Crime, in modern times this term doesn’t have any universally accepted definition, but one can define
crime, also called an offence as an act harmful not only to some individual, but also to the community or
the state also known as public wrong. Such acts are forbidden and punishable by law. What is a criminal
offence is defined by criminal law of each country. While many countries have a crime catalogue known as
the criminal code however in some common law countries no such comprehensive statute exists.
The state has the power to severely restrict one's liberty for committing a crime. Modern societies
therefore adopt and adhere a criminal procedure during the investigation and trial of the offence and only
if found guilty, the offender may be sentenced to various punishments, such as life imprisonment or in
some jurisdictions like in India even death.
To be classified as a crime, the act of doing something bad also called as actus reus must be usually
accompanied by the intention to do something bad i.e. mens rea, with certain exceptions like strict
liability.
What is cyber crime?
Cyber crime is any criminal activity in which a computer or network is the source, target or tool or place of
crime. According to The Cambridge English Dictionary cyber crimes are the crimes committed with the
use of computers or relating to computers, especially through the internet. Crimes which involve use of
information or usage of electronic means in furtherance of crime are covered under the ambit of cyber
crime. Cyber space crimes may be committed against persons, property, government and society at large.
The common types of cyber crimes are:-
1. Hacking – An unauthorized user who attempts to or gains access to an information system is
known as hacker. Hacking is a cyber crime even if there is no visible damage to the system,
because it is an invasion in to the privacy of data.
There are 3 different classes of Hackers.
a) White Hat Hackers - They are those hackers who believe that information sharing is good, and that it
is their duty to share their expertise by facilitating access to information. However there are some white
hat hackers who are just “joy riding" on computer systems.
b) Black Hat Hackers – Black hat hackers cause damage after intrusion. They may steal or modify data
or insert viruses or worms which damage the system. They are also known as crackers.
c) Grey Hat Hackers – These type of hackers are typically ethical but occasionally they can violate the
hacker ethics. They will hack into networks, stand-alone computers and software. Network hackers try to
gain unauthorized access to private computer networks just for challenge, curiosity, and distribution of
information.
2. Cyber Stalking – Cyber stalking involves use of internet to harass someone. The behavior includes
false accusations, threats etc. Normally, majority of cyber stalkers are men and the majority of victims are
women.
3. Spamming - Spamming is sending of unsolicited bulk and commercial messages over the internet.
Although irritating to most email users, it is not illegal unless it causes damage such as overloading
network and disrupting service to subscribers or creates negative impact on consumer attitudes towards
Internet Service Provider.
4. Cyber Pornography – With the increasing approach of internet to the people, there is also a
increase in the victimization of Women and children for sexual exploitation through internet. Pedophiles
(a person 16 years of age or older who is primarily or exclusively sexually attracted to children who have
not begun puberty) use the internet to send photos of illegal child pornography to targeted children so as
to attract children to such funs and later they are sexually exploited for gains.
5. Cyber Phishing - It is a criminally fraudulent process in which cyber criminal acquires sensitive
information such as username, passwords and credit card details by disguising as a trustworthy entity in
an electronic communication.
6. Software Piracy - It is an illegal reproduction and distribution of software for business or personal
use. This is considered to be a type of infringement of copy right and a violation of a license agreement.
Since the unauthorized user is not a party to the license agreement it is difficult to find out remedies.
There are numerous cases of software piracy. Infact according to one report New Delhi’s Nehru market is
the Asia’s largest market where one can easily find pirated software.
7. Corporate Espionage - It means theft of trade secrets through illegal means such as wire taps or
illegal intrusions.
8. Money Laundering – Money laundering basically means the moving of illegally acquired cash
through financial and other systems so that it appears to be legally acquired. This is possible prior to
computer and internet technology and now times electronic transfers have made it easier and more
successful.
9. Embezzlement - Internet facilities are misused to commit this crime. It is the unlawful
misappropriation of money, property or any other thing of value that has been entrusted to the offender’s
care, custody or control.
10. Password Sniffers - These are programs that monitor and record the name and password of
network users as they log in, jeopardizing security at a site. Whoever installs the sniffer can impersonate
an authorized user and log in to access on restricted documents.
11. Spoofing – Spoofing is the act of disguising one computer to electronically “look” like another
compute, in order to gain access to a system that would be normally is restricted.
12. Credit Card Fraud - In U.S.A. half a billion dollars have been lost annually by consumers who have
credit cards and calling card numbers. These are stolen from on-line databases. In present world this
cyber crime is emerged as a major threat as numerous cases had been filed in almost every major
developed and developing country.
13. Web Jacking - The term refers to forceful taking of control of a web site by cracking the password.
14. Cyber terrorism - The use of computer resources to intimidate or coerce government, the civilian
population or any segment thereof in furtherance of political or social objectives is called cyber terrorism.
Individuals and groups quite often try to exploit anonymous character of the internet to threaten
governments and terrorize the citizens of the country. [1]
EVOLUTION & PRESENT DEVELOPMENT
“Cyber bullies can hide behind a mask of anonymity online, and do not need direct physical access to
their victims to do unimaginable harm.” -Anna Maria Chavez
Crime is both a social as well as a economic phenomenon. Its history is as old as human society. Many
books right from the pre-historic days, and mythological stories have spoken about crimes committed by
individuals be it against another individual like ordinary theft and burglary or against the nation like
spying, treason etc. Kautilya’s Arthashastra which is written around 350 BC, considered to be an authentic
administrative treatise in India, discusses the various crimes, security initiatives to be taken by the rulers,
possible crimes in a state etc. and also advocates punishment for the list of some stipulated offences.
Different kinds of punishments have been prescribed for listed offences and the concept of restoration of
loss to the victims has also been discussed in it.
Crime in any form adversely affects all the members of the society. In developing economies, cyber crime
has increased at rapid strides, due to the rapid diffusion of the Internet and the digitization of economic
activities. Thanks to the huge penetration of technology in almost all walks of society right from corporate
governance and state administration, up to the lowest level of petty shop keepers computerizing their
billing system, we find computers and other electronic devices pervading the human life. The penetration
is so deep that man cannot spend a day without computers or a mobile. Snatching some one’s mobile will
tantamount to dumping one in solitary confinement!
Internet is the fastest technique on earth that one can find these days and for everything it is the best
solution that people consider looking into. It has all the benefits and advantages like communication,
advertisement, online movie and songs downloads, emailing, instant messaging and searching out the
concerns and issues there are plenty of things that internet has got wrong as well. There are different
kinds of internet scams and frauds that are happening and one needs to be very careful. This is something
that has been bothering individuals and organizations ever since internet was introduced and many a
time, simple things could make you a victim even when you are unaware of it.
It is rightly said that technological development in every area is likely to cause drastic effects in every walk
of life. The scientific and technological advancement, especially in the field of communication and
information have created havoc thus, opening new vistas for the human beings including the criminals.
Today’s crime reports reveal that many cyber crimes are committed by assistance of internet and cell
phones. On the other hand, legislatures have been compelled to frame exclusive enactments to deal with
crimes committed with the help of concerned device. If one is to believe newspaper reports, many
scandals such as C.D. rackets were busted by the police. It is other side of revolution in the field of
information and technology. Under the Information Technology Act, 2000, there is a apparatus defined as
“computer” which means “Any electronic magnetic, optical or other high speed data processing device or
system which performs logical arithmetical and memory functions by manipulations of electronic
magnetic or optical impulses and all input, output, processing storage, computer software, or
communication facilities which are connected and related to the computer in a computer system or
computer network”. [2]
Development of Cyber Crime:-
Cyber Crime is neither defined in the IT Act 2000 nor in the I.T. Amendment Act 2008 nor in any other
legislation in India. To define cyber crime, we can say, it is just a combination of crime and computer. To
put it in simple terms ‘any offence or crime in which a computer is used is a cyber crime’. Interestingly
even a petty offence like stealing or pick-pocket can be brought within the broader purview of cyber crime
if the basic data or aid to such an offence is a computer or information stored in a computer used (or
misused) by the fraudster. It could be hackers vandalizing one’s site, viewing confidential information or
stealing trade secrets or intellectual property with the use of internet. It can also include ‘denial of
services’ and viruses attacks preventing regular traffic from reaching your site.
Cyber crimes also includes criminal activities done with the use of computers which further perpetuates
crimes i.e. financial crimes, sale of illegal articles, pornography, online gambling, intellectual property
crime, e-mail, spoofing, forgery, cyber defamation, cyber stalking, unauthorized access to Computer
system, theft of information contained in the electronic form, e-mail bombing, physically damaging the
computer system etc. In a cyber crime, computer or the data itself is the target or the object of offence or a
tool in committing some other offence, providing the necessary inputs for that offence. All such acts of
crime will come under the broader definition of cyber crime.
In the past, cybercrime has been committed by individuals or small groups of individuals. However, we
are now seeing an emerging trend with traditional organized crime syndicates and criminally minded
technology professionals working together and pooling their resources and expertise.
This approach has been very effective for the criminals involved. In 2007 and 2008 the cost of cybercrime
worldwide was estimated at approximately USD 8 billion. As for corporate cyber espionage, cyber
criminals have stolen intellectual property from businesses worldwide worth up to USD 1 trillion.
Categories of Cyber Crimes
Cyber crimes can be classified into following different categories:
i) Crimes Against Persons:
Harassment via E-Mails: Harassment through sending letters, attachments of files & folders i.e.
via e-mails. At present harassment is common as usage of social sites i.e. Orkut, hangout, zapak,
Facebook, Twitter etc. increasing day by day.
Cracking: It is amongst the gravest cyber crimes known till date. In this a cyber criminal broke
into your computer systems without your knowledge and consent and Tampere with your
precious confidential data and information.
Cyber-Stalking: It means expressed or implied a physical threat that creates fear through the use
to computer technology such as internet, e-mail, phones, text messages, webcam, websites or
videos.
Hacking: It means unauthorized control/access over computer system and act of hacking
completely destroys the whole data as well as computer program. Hackers usually hacks
telecommunication and mobile network.
Dissemination of Obscene Material: It includes Indecent exposure/ Pornography (basically child
pornography), hosting of web site containing these prohibited materials. These obscene matters
may cause harm to the mind of the adolescent and tend to deprave or corrupt their mind. This can
create a huge blunder in the society.
SMS Spoofing: Spoofing is a blocking through spam which means the unwanted uninvited
messages. Here a offender steals identity of another in the form of mobile phone number and
sending SMS via internet and receiver gets the SMS from the mobile phone number of the victim.
Assault by Threat: it refers to threatening a person with fear for their lives or lives of their families
through the use of a computer network i.e. E-mail, videos or phones.
Page jacking: when a user, click on a certain link and an unexpected website gets opened through
that link then the ser is said to be ‘pagejacked’. This happens when someone steals part of a real
website and uses it in a fake site. If they use enough of the real site, Internet search engines can be
tricked into listing the fake site and people will visit it accidentally. Unfortunately one cannot
prevent page jacking but only can deal with it.
Advance fee scams: An advance fee scam is fairly easy to identify as you will be asked for money
or goods upfront in return for giving you credit or money later. These advance fee scams can seem
convincing and have taken in many people.
Defamation: It is an act of imputing any person with intent to lower down the dignity of the
person by hacking his mail account and sending some mails with using vulgar language to
unknown persons mail account.
E-Mail Spoofing: A spoofed e-mail may be said to be one, which misrepresents its origin. It shows
it’s origin to be different from which actually it originates.
Child Pornography: It involves the use of computer networks to create, distribute, or access
materials that sexually exploit underage children.
Carding: It means false ATM cards i.e. Debit and Credit cards used by criminals for their
monetary benefits through withdrawing money from the victim’s bank account mala-fidely. There
is always unauthorized use of ATM cards in this type of cyber crimes.
Cheating & Fraud: It means the person who is doing the act of cyber crime i.e. stealing password
and data storage has done it with having guilty mind which leads to fraud and cheating.
ii) Crimes Against Persons Property:
As a result of rapid growth in the international trade where businesses and consumers are increasingly
using computers to create, transmit and to store information in the electronic form instead of traditional
paper documents there are some of the offences which affect person’s property:
Intellectual Property Crimes: Any unlawful act by which the owner is deprived completely or
partially of his rights is an offence. The common form of IPR violation may be said to be software
piracy, infringement of copyright, trademark, patents, designs and service mark violation, theft of
computer source code, etc.
Cybersquatting: It means where two persons claim for the same Domain Name either by claiming
that they had registered the name first on by right of using it before the other or using something
similar to that previously. For example two similar names i.e.
www.yahoo.comand www.yaahoo.com.
Cyber Vandalism: Vandalism means deliberately destroying or damaging property of another.
Hence cyber vandalism means destroying or damaging the data when a network service is
stopped or disrupted. It may include within its purview any kind of physical harm done to the
computer of any person. These acts may take the form of the theft of a computer, some part of a
computer or a peripheral attached to the computer.
Hacking Computer System: Due to the hacking activity there will be loss of data as well as
computer. Also research especially indicates that those attacks were not mainly intended for
financial gain too and to diminish the reputation of particular person or company.
Transmitting Virus: Viruses are programs that attach themselves to a computer or a file and then
circulate themselves to other files and to other computers on a network. They usually affect the
data on a computer, either by altering or deleting it. Worm attacks plays major role in affecting
the computerize system of the individuals.
Cyber Trespass: It means to access someone’s computer without the right authorization of the
owner and does not disturb, alter, misuse, or damage data or system by using wireless internet
connection.
Internet Time Thefts: Basically, Internet time theft comes under hacking. It is the use by an
unauthorized person, of the Internet hours paid for by another person. The person who gets
access to someone else’s IP user ID and password, either by hacking or by gaining access to it by
illegal means, uses it to access the Internet without the other person’s knowledge. You can
identify time theft if your Internet time has to be recharged often, despite infrequent usage.
iii) Cyber Crimes Against Government:
There are certain offences done by group of persons intending to threaten the international governments
by using internet facilities:
Cyber Terrorism: Cyber terrorism is a major burning issue in the domestic as well as global
concern. The common form of these terrorist attacks on the Internet is by distributed denial of
service attacks, hate websites and hate e-mails, attacks on sensitive computer networks etc. Cyber
terrorism activities endanger the sovereignty and integrity of the nation.
Cyber Warfare: It refers to politically motivated hacking to conduct sabotage and espionage. It is a
form of information warfare sometimes seen as analogous to conventional warfare although this
analogy is controversial for both its accuracy and its political motivation.
Distribution of pirated software: It means distributing pirated software from one computer to
another intending to destroy the data and official records of the government.-25
Possession of Unauthorized Information: It is very easy to access any information by the terrorists
with the aid of internet and to possess that information for political, religious, social, ideological
objectives.
iv) Cybercrimes Against Society at large:
An unlawful act done with the intention of causing harm to the cyberspace will affect large number of
persons:
Child Pornography: It involves the use of computer networks to create, distribute, or access
materials that sexually exploit underage children. It also includes activities concerning indecent
exposure and obscenity.
Cyber Trafficking: It may be trafficking in drugs, human beings, arms weapons etc. which affects
large number of persons. Trafficking in the cyberspace is also a gravest crime.
Online Gambling: Online fraud and cheating is one of the most lucrative businesses that are
growing today in the cyber space. There are many cases that have come to light are those
pertaining to credit card crimes, contractual crimes, offering jobs, etc. [3]
Financial Crimes: This type of offence is common as there is rapid growth in the users of
networking sites and phone networking where culprit will try to attack by sending bogus mails or
messages through internet. Ex: Using credit cards by obtaining password illegally. [4]
Forgery: It means to deceive large number of persons by sending threatening mails as online
business transactions are becoming the habitual need of today’s life style. [5]
NEED FOR CYBER LAWS
Information technology has spread throughout the world. As the user of cyberspace grows increasingly
diverse and the range of online interaction expands, there is expansion in the cyber crimes i.e. breach of
online contracts, perpetration of online torts and crimes etc. Due to the consequences there was need to
adopt a strict law by the cyber space authority to regulate criminal activities relating to cyber and to
provide better administration of justice to the victim of cyber crime. In the modern cyber technology
world it is very much necessary to regulate cyber crimes and most importantly cyber law should be made
stricter in the case of cyber terrorism and hackers.
Cyber law, it is a term that encapsulates the legal issues related to use of communicative, transactional,
and distributive aspects of networked information devices and technologies. It is less a distinct field of law
than property or contract law, as it is a domain covering many areas of law and regulation. IT Law is a set
of recent legal enactments, currently in existence in several countries, which governs the process and
dissemination of information digitally. These legal enactments cover a broad gamut of different aspects
relating to computer software, protection of computer software, access and control of digital information,
privacy, security, internet access and usage, and electronic commerce. These laws have been described as
"paper laws" for "paperless environment".
IT legislation in India: Mid 90’s saw an impetus in globalization and computerization, with more and
more nations computerizing their governance, and e-commerce seeing an enormous growth. Previously,
most of international trade and transactions were done through documents being transmitted through
post and by telex only. Evidences and records, until then, were predominantly paper evidences and paper
records or other forms of hard-copies only. With much of international trade being done through
electronic communication and with email gaining momentum, an urgent and imminent need was felt for
recognizing electronic records i.e. The data what is stored in a computer or an external storage attached
thereto. The United Nations Commission on International Trade Law (UNCITRAL) adopted the Model
Law on e-commerce in 1996. The General Assembly of United Nations passed a resolution in January
1997 inter alia, recommending all States in the UN to give favorable considerations to the said Model Law,
which provides for recognition to electronic records and according it the same treatment like a paper
communication and record.
Objectives of I.T. legislation in India: It is against this background the Government of India enacted
its Information Technology Act 2000 with the objectives as follows, stated in the preface to the Act itself.
“to provide legal recognition for transactions carried out by means of electronic data interchange and
other means of electronic communication, commonly referred to as "electronic commerce", which involve
the use of alternatives to paper-based methods of communication and storage of information, to facilitate
electronic filing of documents with the Government agencies and further to amend the Indian Penal Code,
the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act,
1934 and for matters connected therewith or incidental thereto.”
The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000, got President’s assent
on 9 June and was made effective from 17 October 2000.
The Act essentially deals with the following issues:
Legal Recognition of Electronic Documents
Legal Recognition of Digital Signatures
Offenses and Contraventions
Justice Dispensation Systems for cyber crimes. [6]
Amendment Act 2008: Being the first legislation in the nation on technology, computers and
ecommerce and e-communication, the Act was the subject of extensive debates, elaborate reviews and
detailed criticisms, with one arm of the industry criticizing some sections of the Act to be draconian and
other stating it is too diluted and lenient. There were some conspicuous omissions too resulting in the
investigators relying more and more on the time-tested (one and half century-old) Indian Penal Code even
in technology based cases with the I.T. Act also being referred in the process and the reliance more on IPC
rather on the ITA.
Thus the need for an amendment – a detailed one – was felt for the I.T. Act almost from the year 2003-04
themselves. Major industry bodies were consulted and advisory groups were formed to go into the
perceived lacunae in the I.T. Act and comparing it with similar legislations in other nations and to suggest
recommendations. Such recommendations were analyzed and subsequently taken up as a comprehensive
Amendment Act and after considerable administrative procedures; the consolidated amendment called
the Information Technology Amendment Act 2008 was placed in the Parliament and passed without
much debate, towards the end of 2008. This
Amendment Act got the President assent on 5 Feb 2009 and was made effective from 27 October 2009.
Some of the notable features of the ITAA are as follows:
Focusing on data privacy
Focusing on Information Security
Defining cyber café
Making digital signature technology neutral
Defining reasonable security practices to be followed by corporate
Redefining the role of intermediaries
Recognizing the role of Indian Computer Emergency Response Team
Inclusion of some additional cyber crimes like child pornography and cyber terrorism
Authorizing an Inspector to investigate cyber offences (as against the DSP earlier)
INDIAN PERSPECTIVE
Talking about Indian scenario of cyber space crimes and cyber space laws, there was no statute in India
for governing Cyber Laws involving privacy issues, jurisdiction issues, intellectual property rights issues
and a number of other legal questions. With the tendency of misusing of technology, there arisen a need of
strict statutory laws to regulate the criminal activities in the cyber world and to protect the true sense of
technology IT ACT, 2000 was enacted by Parliament of India to protect the field of e-commerce, e-
governance, e-banking as well as penalties and punishments in the field of cyber crimes. The above Act
was further amended in the form of IT Amendment Act, 2008. Also certain sections of IPC and as some
cyber space crime are invading right to privacy, article 21 of Indian constitution are some governing laws
for cyber space crime which imposes various liabilities in India.
CONSTITUTIONAL LIABILITY
Hacking into someone's private property or stealing some one’s intellectual work is a complete violation of
his right to privacy. The Indian constitution does not specifically provide the “right to privacy” as one of
the fundamental rights guaranteed to the Indian citizens but it is protected under IPC.
Right to privacy is an important natural need of every human being as it creates boundaries around an
individual where the other person’s entry is restricted. The right to privacy prohibits interference or
intrusion in others private life. The apex court of India has clearly affirmed in its judicial pronouncements
that right to privacy is very much a part of the fundamental right guaranteed under article 21 of the Indian
constitution.
Thus right to privacy is coming under the expended ambit of article 21 of Indian constitution. So
whenever there is some cyber crime which is related to the persons private property or its personal stuff
then the accused can be charged of violation of article 21 of Indian constitution, and prescribed remedy
can be invoked against the accused.
CRIMINAL LIABILITY
Criminal liability in India for cyber crimes is defined under the Indian Penal Code (IPC). Certain
Following sections of IPC deal with the various cyber crimes:
Sending threatening messages by e-mail (Sec .503 IPC)
Word, gesture or act intended to insult the modesty of a woman (Sec.509 IPC)
Sending defamatory messages by e-mail (Sec .499 IPC)
Bogus websites , Cyber Frauds (Sec .420 IPC)
E-mail Spoofing (Sec .463 IPC )
Making a false document (Sec.464 IPC)
Forgery for purpose of cheating (Sec.468 IPC)
Forgery for purpose of harming reputation (Sec.469 IPC)
Web-Jacking (Sec .383 IPC)
E-mail Abuse (Sec .500 IPC)
Punishment for criminal intimidation (Sec.506 IPC)
Criminal intimidation by an anonymous communication (Sec.507 IPC)
Obscenity (Sec. 292 IPC )
Printing etc. of grossly indecent or scurrilous matter or matter intended for blackmail (Sec.292A
IPC)
Sale, etc., of obscene objects to young person (Sec .293 IPC)
Obscene acts and songs (Sec.294 IPC )
Theft of Computer Hardware (Sec. 378 )
Punishment for theft (Sec.379 )
Other then the IPC some other piece of legislations also imposes criminal liability on the accused
and these legislations are:-
Online Sale of Drugs (NDPS Act )
Online Sale of Arms (Arms Act )
Copyright infringement (Sec.51 of copyright act, 1957)
Any person who knowingly infringes or abets the infringement of (Sec.63 of copyright act, 1957)
Enhanced penalty on second and subsequent convictions (Sec.63 A of copyright act, 1957)
Knowing use of infringing copy of computer program to be an offence (Sec.63B of copyright act,
1957)
The applications of these sections are subject to the investigating style of investigating officer and charge
sheet filed by the investigating agency and nature of cyber crime.
In India there are number of cases filed under these IPC provisions related to the cyber crime. According
to the report of Home Ministry, in 2012 there are 601 cases filed under the various provisions of IPC. [7]
TORTIOUS LIABILITY
Basic liability in cyber crime is established through the principle of neighborhood established from the
case of Donoghue v. Stevenson. But the major tortuous liability in cyber crimes is through Information
Technology Act, 2000 (as amended).
In India the Information Technology Act 2000 was passed to provide legal recognition for transactions
carried out by means of electronic communication. The Act deals with the law relating to Digital
Contracts, Digital Property, and Digital Rights Any violation of these laws constitutes a crime. The Act
prescribes very high punishments for such crimes. The Information Technology (amendment) Act,
2008(Act 10 of 2009), has further enhanced the punishments. Life imprisonment and fine upto rupees
ten lakhs may be given for certain classes of cyber crimes. Compensation up to rupees five crores can be
given to affected persons if damage is done to the computer, computer system or computer network by the
introduction of virus, denial of services etc.
The following sections are dealing with the cyber crimes:
Penalty and Compensation for damage to computer, computer system, etc (sec. 43 IT act)
Compensation for failure to protect data (sec. 43A IT Act)
Tampering with computer source Documents (sec. 65 IT Act)
Hacking with computer systems, Data Alteration (sec. 66 IT Act)
Sending offensive messages through communication service, etc (sec. 66A IT Act)
Dishonestly receiving stolen computer resource or communication device (sec. 66B IT Act)
Identity theft (sec. 66C IT Act)
Cheating by personating by using computer resource (sec. 66D IT Act)
Violation of privacy (sec. 66E IT Act)
Cyber terrorism (sec. 66F Act)
Publishing or transmitting obscene material in electronic form (sec. 67 IT Act)
Publishing or transmitting of material containing sexually explicit act, etc. in electronic form (sec.
67A IT Act)
Punishment for publishing or transmitting of material depicting children in sexually explicit act,
etc. in electronic form (sec. 67B IT Act)
Preservation and Retention of information by intermediaries (sec.67C IT Act)
Powers to issue directions for interception or monitoring or decryption of any information
through any computer resource (sec. 69 IT Act)
Power to issue directions for blocking for public access of any information through any computer
resource (sec. 69A IT Act)
Power to authorize to monitor and collect traffic data or information through any computer
resource for Cyber Security (sec. 69B IT Act)
Un-authorized access to protected system (sec. 70 IT Act)
Penalty for misrepresentation (sec. 71 IT Act)
Breach of confidentiality and privacy (sec. 72 IT Act)
Publishing False digital signature certificates (sec. 73 IT Act)
Publication for fraudulent purpose (sec. 74 IT Act)
Act to apply for offence or contraventions committed outside India (sec. 75 IT Act)
Compensation, penalties or confiscation not to interfere with other punishment
(sec. 77 IT Act)
Compounding of Offences (sec.77A IT Act)
Offences with three years imprisonment to be cognizable (sec. 77B IT Act)
Exemption from liability of intermediary in certain cases (sec. 79 IT Act)
Punishment for abetment of offences (sec. 84B IT Act)
Punishment for attempt to commit offences (sec. 84C IT Act)
Offences by Companies (sec. 85 IT Act)
The applications of these sections are subject to the investigating style of investigating officer and charge
sheet filed by the investigating agency and nature of cyber crime.
In India there are number of cases filed under these IT provisions related to the cyber crime. According to
the report of Home ministry of India, In 2012 there are 2876 cases filed under the various provisions of IT
act. [9]
ANALYSIS OF INDIAN CYBER LAWS AND POLICING SYSTEM
Noted cyber law expert in the nation and Supreme Court advocate Shri Pavan Duggal, “While the
lawmakers have to be complemented for their admirable work removing various deficiencies in the Indian
Cyber law and making it technologically neutral, yet it appears that there has been a major mismatch
between the expectation of the nation and the resultant effect of the amended legislation. The most
bizarre and startling aspect of the new amendments is that these amendments seek to make the Indian
cyber law a cyber crime friendly legislation; - a legislation that goes extremely soft on cyber criminals,
with a soft heart; a legislation that chooses to encourage cyber criminals by lessening the quantum of
punishment accorded to them under the existing law; ….. a legislation which makes a majority of
cybercrimes stipulated under the IT Act as bailable offences; a legislation that is likely to pave way for
India to become the potential cyber crime capital of the world……” [11]
Let us not be pessimistic that the existing legislation is cyber criminal friendly or paves the way to
increase crimes. Certainly, it does not. It is a commendable piece of legislation, a landmark first step and a
remarkable mile-stone in the technological growth of the nation. But let us not be complacent that the
existing law would suffice. Let us remember that the criminals always go faster than the investigators and
always try to be one step ahead in technology.
There are several loopholes in IT Act as:-
The hurry, in which the legislation was passed, without sufficient public debate, did not really
serve the desired purpose. Experts are of the opinion that one of the reasons for the inadequacy of
the legislation has been the hurry in which it was passed by the parliament and it is also a fact that
sufficient time was not given for public debate. But many problems of the act were amended by
the amended act of 2008. [12]
Uniform law
Mr. Vinod Kumar holds the opinion that the need of the hour is a worldwide uniform cyber law to combat
cyber crime. Cyber crime is a global phenomenon and therefore the initiative to fight it should come from
the same level. [13]
Lack of awareness
The Act of 2000 is not achieving complete success because of the lack of awareness among the masses
about their rights. Further most of the cases are going unreported. If only the people are vigilant about
their rights, can the law protect their rights.
Raising a cyber army-
There is a need for a well equipped task force to deal with the new trends of hi tech crime. The
government has taken a leap in this direction by constituting cyber crime cells in all metropolitan and
other important cities. Further the establishment of the Cyber Crime Investigation Cell (CCIC) of the
Central Bureau of Investigation (CBI).
Cyber savvy bench
Cyber savvy judges are the need of the day. Judiciary plays a vital role in shaping the enactment according
to the order of the day. One such stage, which needs appreciation, is the P.I.L., which the Kerala High
Court has accepted through an email.
Dynamic form of cyber crime
Speaking on the dynamic nature of cyber crime FBI Director Louis Freeh has said, “In short, even though
we have markedly improved our capabilities to fight cyber intrusions the problem is growing even faster
and we are falling further behind.” The (de)creativity of human mind cannot be checked by any law. Thus
the only way out is the liberal construction while applying the statutory provisions to cyber crime cases.
Hesitation to report offences
As stated above one of the fatal drawbacks of the Act has been the cases going unreported. One obvious
reason is the non-cooperative police force. “The police are a powerful force today which can play an
instrumental role in preventing cybercrime. At the same time, it can also end up wielding the rod and
harassing innocents, preventing them from going about their normal cyber business.” For complete
realization of the provisions of this Act a cooperative police force is required. [14]
Apart from these loopholes and problems the present form of police system and many police officials are
not familiar with the cyber crimes and they need training to be familiar with the “Modus operandi” of
cyber crimes though the existing relevant act is comprehensive legislation but from the practical point of
view there are some shortcomings in the errant form of the act. It is the need of the hour that the
efficiency of police system at all ranks should be upgraded in terms of cyber crimes. The immoral, lethal
minds of criminals take advantages of inefficient police system.
Both bench and Bar should realize the extent of cyber crimes. They should familiarize themselves with the
intricacies of cyber law, otherwise they would find it extremely difficult to deal with cyber crime cases.
CYBER CRIME CASES IN INDIA
Pune Citibank Mphasis Call Center Fraud
It is a case of sourcing engineering. US $ 3, 50,000 from City bank accounts of four US customers were
dishonestly transferred to bogus accounts in Pune, through internet. Some employees of a call centre
gained the confidence of the
US customers and obtained their PIN numbers under the guise of helping the customers out of difficult
situations.. Later they used these numbers to commit fraud. By April 2005, the Indian police had tipped
off to the scam by a U.S. bank, and quickly identified the individuals involved in the scam. Arrests were
made when those individuals attempted to withdraw cash from the falsified accounts, $426,000 was
stolen; the amount recovered was $230,000.
Court held that Section 43(a) was applicable here due to the nature of unauthorized access involved to
commit transactions.
State of Tamil Nadu Vs Suhas Katti
The case related to posting of obscene, defamatory and annoying message about a divorcee woman in the
yahoo message group. E-Mails were also forwarded to the victim for information by the accused through a
false e-mail account opened by him in the name of the victim. The posting of the message resulted in
annoying phone calls to the lady in the belief that she was soliciting. Based on a complaint made by the
victim in February 2004, the Police traced the accused to Mumbai and arrested him within the next few
days. This is considered as the first case in the state of Tamil Nadu, in which the offender was convicted
under section 67 of Information Technology Act 2000 in India.
The Bank NSP Case
The Bank NSP case is the one where a management trainee of the bank was engaged to be married. The
couple exchanged many emails using the company computers. After some time the two broke up and the
girl created fraudulent email ids such as “Indian bar associations” and sent emails to the boy’s foreign
clients. She used the banks computer to do this. The boy’s company lost a large number of clients and took
the bank to court. The bank was held liable for the emails sent using the bank’s system.
SMC Pneumatics (India) Pvt. Ltd. v. Jogesh Kwatra
In this case, the defendant Jogesh Kwatra being an employee of the plaintiff company started sending
derogatory, defamatory, obscene, vulgar, filthy and abusive emails to his employers as also to different
subsidiaries of the said company all over the world with the aim to defame the company and its Managing
Director. The Delhi High Court restrained the defendant from sending derogatory, defamatory, obscene,
vulgar, humiliating and abusive emails either to the plaintiffs or to its sister subsidiaries all over the world
including their Managing Directors and their Sales and Marketing departments. Further, Hon'ble Judge
also restrained the defendant from publishing, transmitting or causing to be published any information in
the actual world as also in cyberspace which is derogatory or defamatory or abusive of the plaintiffs. This
order of Delhi High Court assumes tremendous significance as this is for the first time that an Indian
Court assumes jurisdiction in a matter concerning cyber defamation and grants an injunction restraining
the defendant from defaming the plaintiffs by sending defamatory emails.
Sony.Sambandh.Com Case
A complaint was filed by Sony India Private Ltd, which runs a website called www.sonysambandh.com,
targeting Non Resident Indians. In May 2002, someone logged onto the website under the identity of
Barbara Campa and ordered a Sony Colour Television set and a cordless head phone. She gave her credit
card number for payment and requested that the products be delivered to Arif Azim in Noida. After one
and a half months the credit card agency informed the company that this was an unauthorized transaction
as the real owner had denied having made the purchase. The company lodged a complaint for online
cheating at the Central Bureau of Investigation. The court convicted Arif Azim for cheating under Section
418, 419 and 420 of the Indian Penal Code. This was the first time that a cyber crime has been convicted.
The judgment is of immense significance for the entire nation. Besides being the first conviction in a cyber
crime matter, it has shown that the Indian Penal Code can be effectively applied to certain categories of
cyber crimes which are not covered under the Information Technology Act 2000.
Nasscom v. Ajay Sood & Others
The plaintiff in this case was the National Association of Software and Service Companies (Nasscom),
India’s premier software association. The defendants were operating a placement agency involved in
head-hunting and recruitment. In order to obtain personal data, which they could use for purposes of
head-hunting, the defendants composed and sent e-mails to third parties in the name of Nasscom. The
High court recognised the trademark rights of the plaintiff and passed an injunction restraining the
defendants from using the trade name or any other name deceptively similar to Nasscom. According to
the terms of compromise, the defendants agreed to pay a sum of Rs1.6 million to the plaintiff as damages
for violation of the plaintiff’s trademark rights. The Delhi HC stated that even though there is no specific
legislation in India to penalize phishing, it held phishing to be an illegal act by defining it under Indian
law as “a misrepresentation made in the course of trade leading to confusion as to the source and origin of
the e-mail causing immense harm not only misused.” The court held that, to the consumer but even to the
person whose name, identity or password is act of phishing as passing off and tarnishing the plaintiff’s
image.
This case achieves clear milestones: It brings the act of “phishing” into the ambit of India laws even in the
absence of specific legislation; It clears the misconception that there is no" damages culture” in India for
violation of IP rights.
Bazee.com case
On 9 December 2004 a news item appeared with the Headline "DPS sex video at baazee.com". The news
item stated: "India's biggest online trading portal baazee.com had listed the said MMS clip under the title
'DPS girls having fun' with the member ID of 27877408. CEO of the website Baazee.com was summoned
by the Delhi High Court for having allowed this clip to be listed for auction under sections 67 and 85 of
the IT Act, 2000. While Section 67 prohibits publishing obscene information in electronic form, Section
85 allows the prosecution of a person responsible for the business of a company over violations. This
incident caused a sudden panic across the country and many discussions regarding the inefficiency of the
IT Act, 2000 and the need to amend it started. Also, after this scandal, owing to debates around
culpability, liability and prosecution of material on the internet, several key judgments were passed
including banning the use of mobile phones in college and school campuses across India.
PNB, Pune case
In the largest compensation awarded in legal adjudication of a cyber crime dispute, Maharashtra's IT
secretary Rajesh Aggarwal has ordered Punjab National Bank to pay Rs 45 lakh to Manmohan Singh
Matharu, MD of Pune-based firm Poona Auto Ancillaries. A fraudster had transferred Rs 80.10 lakh from
Matharu's account in PNB, Pune after Matharu responded to a phishing email. Matharu has been asked to
share the liability since he responded to the phishing mail. Matharu's is one of 13 e-fraud cases, all
originating in Maharashtra and with an imprint across six states, in which the state's IT secretary, serving
as an adjudicating officer under the IT Act 2000, last month passed critical orders against nine banks,
four telecom firms and two mobile recharge portals. These cases cover e-fraud committed through illegal
data access, hacking bank accounts, cloning credit cards, issuing duplicate SIM cards and phishing,
among others.
Syed Asifuddin and Ors. Vs. The State of Andhra Pradesh
In this case, Tata Indicom employees manipulated the electronic 32- bit number (ESN) programmed into
cell phones theft were exclusively franchised to Reliance Infocomm. Court held that tampering with
source code invokes Section 65 of the Information Technology Act.
Bomb Hoax mail
In 2009, a 15-year-old Bangalore teenager was arrested by the cyber crime investigation cell (CCIC) of the
city crime branch for allegedly sending a hoax e- mail to a private news channel. In the e-mail, he claimed
to have planted five bombs in Mumbai, challenging the police to find them before it was too late.
The Mumbai police have registered a case of ‘cyber terrorism’—the first in the state since an amendment
to the Information Technology Act—where a threat email was sent to the BSE and NSE on Monday. The
MRA Marg police and the Cyber Crime Investigation Cell are jointly probing the case. The suspect has
been detained in this case.
The MRA Marg police have registered forgery for purpose of cheating, criminal intimidation cases under
the IPC and a cyber-terrorism case under the IT Act.
COMPARATIVE STUDY
As against the alone legislation ITA and ITAA in India, in many other nations globally, there are many
legislations governing e-commerce and cyber crimes going into all the facets of cyber crimes. Data
Communication, storage, child pornography, electronic records and data privacy have all been addressed
in separate Acts and Rules giving thrust in the particular area focused in the Act.
United States of America
USA have the Health Insurance Portability and Accountability Act popularly known as HIPAA which inter
alia, regulates all health and insurance related records, their upkeep and maintenance and the issues of
privacy and confidentiality involved in such records.The Sarbanes-Oxley Act (SOX) signed into law in
2002 mandated a number of reforms to enhance corporate responsibility, enhance financial disclosures,
and combat corporate and accounting fraud. Besides, there are a number of laws in the US both at the
federal level and at different states level like the Cable Communications Policy Act, Children’s Internet
Protection Act, and Children’s Online Privacy Protection Act etc.
United Kingdom
In the UK, the Data Protection Act and the Privacy and Electronic Communications Regulations etc are all
regulatory legislations already existing in the area of information security and cyber crime prevention,
besides cyber crime law passed recently in August 2011.
Similar to these countries we also have cyber crime legislations and other rules and regulations in other
nations like Australia, New Zealand, China etc.
INTERPOL'S ROLE:-
INTERPOL’s cybercrime programme is built around training and operations and works to keep up with
emerging threats. It aims to:
¾ Promote the exchange of information among member countries through regional working parties and
conferences;
¾ Deliver training courses to build and maintain professional standards;
¾ Coordinate and assist international operations;
¾ Establish a global list of contact officers available around the clock for cybercrime investigations (the
list contained 134 contacts at the end of 2012);
¾ Assist member countries in the event of cyber-attacks or cybercrime investigations through
investigative and database services;
¾ Develop strategic partnerships with other international organizations and private sector bodies;
¾ Identify emerging threats and share this intelligence with member countries;
¾ Provide a secure web portal for accessing operational information and documents.
Cyber crimes cases in other Countries
Worm Attack: First person to be prosecuted under the ‘Computer and Fraud Act, 1986’ was the
Robert Tappan Morris well Known as First Hacker. His worm was uncontrollable due to which
around 6000 computer machines were destroyed and many computers were shut down until they
had completely malfunctioned. He was ultimately sentenced to three years probation, 400 hours
of community service and assessed a fine of $10500.
Hacker Attack: A Ph.D. student of the University of Southern California, in the year 1983,
made a short programme as an experiment that could “infect” computers, make copies of it, and
spread from one machine to another. A professor of his suggested the name “virus”. Now that
student runs a computer security firm.
Internet Hacker: Wang Qun, alias “playgirl”, was arrested making the first ever arrest of an
internet hacker in China. He was a 19 year old computing student, arrested in connection with the
alleged posting of pornographic material on the homepages of several government-run web sites.
CONCLUSION
Cyber crime is a new form of crime that has emerged due to computerization of various activities in an
organization in a networked environment. With the rapid growth of information technology cyber crimes
are a growing threat.
Technology has a negative aspect as it facilitates commercial activity. Ordinarily the law keeps pace with
the changes in technology but the pace of technological developments in the recent past, especially in the
field of information and technology is impossible to keep pace with legal system. An important concern
relates to modernizing penal laws of many countries which predate the advent of computers. On the one
hand, the existing laws have to be change to cope with the computer related fraud such as hacking,
malicious falsification or erasure of data, software theft, software attacks etc. and on the other, new
legislation is also necessary to ensure data protection and piracy. The need for a law on data protection is
paramount if India is to sustain investor confidence, especially among foreign entities that send large
amounts of data to India for back-office operations. Data protection is essential for outsourcing
arrangements that entrust an Indian company with a foreign company’s confidential data or trade secrets,
and/or customers’ confidential and personal data.
Also in the above chapters we have talked about the Indian police system for cyber crimes which is
subjected to the improvisation, and a new and clear specific legislation which can fight easily against the
cyber crimes. Further the proposed initiatives and amendments by government to the IT act, which are
likely to be implemented, soon will be implemented as soon as possible. The proposed amendments widen
the liability for breach of data protection and negligence in handling sensitive personal information.
Additionally, the Government of India, with the help of the Department of Information Technology, is
currently working on a holistic law on data protection based on the European Union directive. Further,
the government plans to create a “Common Criterion Lab,” backed by the Information Security Technical
Development Council, where intensive research in cryptography and product security can be undertaken.
As Prevention is always better than cure, a smart internet user should take certain precautions while
operating the internet and should follow certain preventive measures for cyber crimes, these measures
can be considered as suggestions also:
A person should never send his credit card number to any site that is not secured, to guard against
frauds.
One should avoid disclosing any personal information to strangers via e-mail or while chatting.
One must avoid sending any photograph to strangers by online as misusing of photograph
incidents increasing day by day.
It is always the parents who have to keep a watch on the sites that your children are accessing, to
prevent any kind of harassment or depravation in children.
Web site owners should watch traffic and check any irregularity on the site. It is the responsibility
of the web site owners to adopt some policy for preventing cyber crimes as number of internet
users are growing day by day.
Strict statutory laws need to be passed by the Legislatures keeping in mind the interest of netizens
(cybercitizen or an entity or person actively involved in online communities and a user of the
Internet).
Web servers running public sites must be physically separately protected from internal corporate
network.
An update Anti-virus software to guard against virus attacks should be used by all the netizens
and should also keep back up volumes so that one may not suffer data loss in case of virus
contamination.
It is better to use a security program by the body corporate to control information on sites.
IT department should pass certain guidelines and notifications for the protection of computer
system and should also bring out with some more strict laws to breakdown the criminal activities
relating to cyberspace.
As Cyber Crime is the major threat to all the countries worldwide, certain steps should be taken at
the international level for preventing the cybercrime.
Special police task force which is expert in techno field will be constituted.
Complete justice must be provided to the victims of cyber crimes by way of compensatory remedy
and offenders to be punished with highest type of punishment so that it will anticipate the
criminals of cyber crime. [15]
Edited By Parul Padhi
[1] http://cybercellmumbai.gov.in accessed on 1 Dec 2013
[2] Information Technology Act, 2000A computer has multifarious functions and it is regarded as a
superman. It provides information as well as communication by means of internet. It is the fastest mean
for input and output of transportation of informations. In official meaning, the term “internet” is
popularly known as “world wide web” (www)
[3] http://www.legalindia.in accessed on 1 Dec 2013
[4] http://cybercellmumbai.gov.in accessed on 1 Dec 2013
[5] Ibid
[6] http://jurisonline.in accessed on 2nd Dec 2013
[7] http://www.mha.nic.in accessed on 4th Dec 2013
[8] Ibid
[90 Ibid
[10] Ibid
[11] Pawan Duggal, Is this treaty a treat? Available at
http://www.naavi.org/pati/pati_cybercrimes_dec03.htm
[12] Ibid
[13] Kumar Vinod, Winning the Battle against cyber Crimes available at
http://www.cyberriskinsuranceforum.com/content/are-we-losing-battle-against-cyber-crime
[14] Dewang Mehta, Role of Police in Tackling Cyber Crimes available at
http://www.naavi.org/pati/pati_cybercrimes_dec03.htm
[15] Ibid
Related Documents
