Cyber Crimes and Laws in India
The Advancement of technology has made man dependent on the internet for all his needs. The Internet has given man access to everything while sitting in one place. The advent of computers made a positive contribution to improving the quality of our life, and it has become an integral part of our society. With the increased dependency on the use of technology need for cyber law was felt necessary. These use of modern technology had encouraged crimes related to Cyber which we called as Cyber crimes.
To protect the citizens from cyber crime Indian Cyber laws were enacted. Cyber Law is the law that controls cyber space. Cyber space is a very broad term and includes computers, networks, software, and data storage devices such as hard disks, USB disks, the Internet, websites, emails and even electronic devices such as cell phones, ATM machines. Cyber laws are enacted to handle cyber crimes which involves crimes committed by using computers. A cyber crime is where computer can be either the tool or target of crime. Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code. Cyber crimes are not defined anywhere in the information technology law of India or in the 2013 policy on National Cyber Security or under any other laws, rules or regulation in India. However, cyber crime has been dealt under various cyber security laws such as Indian IT law, Indian Penal Code etc. The abuse of computers has also given birth to a gamut of new age crimes that are addressed by the Information Technology Act, 2000.
The Information Technology Act, 2000 basically deals with the legal recognition of electronic documents and that of digital signatures. This Act incorporates a separate Chapter XI entitled “Offences” to deal with various cyber crimes and contraventions. This act also deals with Justice dispensation systems for various cyber crimes. The act was widely criticised on various fronts and due this criticism detailed amendments were brought in the form of IT Amendment Act, 2008. The amendment very importantly, defined the term “cyber cafe” under this Act. Offences like child pornography and cyber terrorism were also included is the forms of cyber crimes. Cyber terrorism has been made a heinous cyber crime under this Act and has been defined in the widest possible terms and made punishable with imprisonment which may extend to imprisonment for life and fine.
Types of Cyber crimes:
Identity theft- When personal information of a person is stolen with a purpose of using their financial resources or to take a loan or credit card in their name then such crime is known as Identity theft.
Cyber bullying – When the teenager or adolescent harass, defame, embarrass or intimidate somebody else with the use of internet, phone, chat rooms, instant messaging or any other social network then the person is said to be committing the crime of Cyber bullying. When the same crime is done by the adults it is known as Cyber stalking.
Cyber terrorism – When a threat of extortion or any kind of harm is being subjected towards a person, organization, group or state it is known as crime of Cyber terrorism. Generally, it includes the well planned attack strategies on the Government and corporate computer system.
Hacking – The most common cyber crime is Hacking. In this crime the person gets access to other person’s computers and passwords to use it for their own wrongful gain.
Provisions of the IT Act 2000 relating to cyber crime:
Section 1(2) of Information Technology Act, 2000 Act extends to the whole of India and also applies to any offence or contravention committed outside India by any person. Various sections are given below which are under this Act.
- Sections 66A, 67 of IT Act and Section 509 of the Indian Penal Code is related to Harassment via fake public profile on social networking site.
- Section 66A of IT Act and 153A & 153B of the Indian Penal Code is applicable for Online Hate Community.
- Sections 43, 66, 66A, 66C, 67, 67A and 67B of IT Act is applicable for Email Account Hacking.
- Sections 43, 66, 66C, 66D of IT Act and section 420 of the IPC is applicable for Credit Card Fraud.
- Sections 43 and 66 of IT Act and Sections 66F, 67 and 70 of IT Act also apply in some cases for Web Defacement.
- Sections 43, 66, 66A of IT Act and Section 426 of Indian Penal Code is applicable for Introducing Viruses, Worms, Backdoors, Rootkits, Trojans, Bugs.
- Conventional terrorism laws may apply along with Section-66F and Section 69 of IT Act for Cyber Terrorism.
- Sections 67, 67A and 67B of the IT Act for cyber pornography.
- Section 66, 66A and 66D of IT Act and Section 420 of IPC is applicable for Phishing and Email Scams.
- Sections 43, 66, 66B of IT Act and Section 426 of Indian Penal Code is applicable for Theft of Confidential Information.
- Sections 43, 66, 66B of IT Act and Section 63 of Copyright Act applicable for Source Code Theft.
- Sections 43, 66, 66C, 66D of IT Act and Section 420 of IPC applicable for Online Share Trading Fraud.
- Section 43 – Penalty and Compensation for damage to computer, computer system.
- Section 43A – Compensation for failure to protect data.
- Section 44 – Penalty for failure to furnish information or return, etc.
- Section 45 – Residuary Penalty Whoever contravenes any rules or regulations made under this Act, for the contravention of which no penalty has been separately provided, shall be liable to pay a compensation not exceeding twenty-five thousand rupees to the person affected by such contravention or a penalty not exceeding twenty-five thousand rupees.
- Section 43A of the IT Act also regulates dealing with or handling sensitive personal data. The IT Act does not specifically define ‘sensitive personal data’, but provides that it means any personal information that the government prescribes as such. The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data and Information) Rules 2011 define ‘sensitive personal data’ as personal information relating to: -passwords; -financial information such as bank account or credit card details;
-physical, physiological and mental health;
-sexual orientation;
-medical records and history; and
-biometric information.
- Section 72 of the IT Act provides for a criminal penalty where a government official discloses records and information accessed in the course of his or her duties without the consent of the concerned person, unless permitted by other laws. The penalty prescribed is imprisonment of up to two years, a fine of up to Rs 100,000 or both.
- Section 72A of the IT Act provides for a criminal penalty where in the course of performing a contract, a service provider discloses personal information without the data subject’s consent or in breach of a lawful contract and with the knowledge that he or she will cause or is likely to cause wrongful loss or gain. The punishment prescribed is imprisonment of up to three years, a fine of up to Rs 500,000 or both.
Further Section 75 of the I.T. Act, 2000 also mentions about the applicability of the Act for any offence or contravention committed outside India. According to this section, the Act will apply to an offence contravention committed outside India by any person, if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India.Section 78 of I.T Act, 2000 says “A Police officer not below the rank of Deputy Superintendent of Police should only investigate any offence under this Act”.
Cyberspace crimes covered under IPC and special Laws:
- Sending threat messages through e-mail (sec 503)
- Forgery of Electronic records (sec 463 IPC)
- E-mail spoofing (sec 463 Ipc)
- Web Jacking (sec 383 IPC)
- Online sale of Drugs (Narcotic & Drugs prevention Acts)
Measures to curb cyber crime are as follows:
Encryption: This however considered as an important tool for protecting data in transit. Plain text (readable) can thus converted to cipher text (coded language) by this method and the recipient of the data can decrypt it by converting it into plain text again by using private key. Except for recipient whose possessor of private key to decrypt the data, no one can gain access to sensitive information. Not only the information in transit but also the information stored on computer can protected by using Conventional cryptography method. Usual problem lies during the distribution of keys as anyone if overhears it or intercept it can make the whole object of encryption to standstill. Public key encryptograpy was one solution to this where the public key could known to the whole world but the private key was only known to receiver, its very difficult to derive private key from public key.
Syncronised Passwords: These passwords are schemes used to change the password at user’s and host token. The password on synchronised card changes every 30-60 seconds which only makes it valid for one time log-on session. Other useful methods introduced are signature, voice, fingerprint identification or retinal and biometric recognition etc. to impute passwords and pass phrases.
Firewalls: It creates wall between the system and possible intruders to protect the classified documents from leaked or accessed. It would only let the data to flow in computer which thus recognised and verified by one’s system. Thus it only permits access to the system to ones already registered with the computer.
Digital Signature: Digital Signature created by using means of cryptography by applying algorithms. This has its prominent use in the business of banking where customer’s signature thus identified by using this method.
Cases Studies as per selected IT Act Sections:
Section 43 – Penalty and Compensation for damage to computer, computer system, etc
Related Case: Mphasis BPO Fraud: 2005 In December 2004, four call centre employees, working at an outsourcing facility operated by MphasiS in India, obtained PIN codes from four customers of MphasiS’ client, Citi Group. These employees were not authorized to obtain the PINs. In association with others, the call centre employees opened new accounts at Indian banks using false identities. Within two months, they used the PINs and account information gleaned during their employment at MphasiS to transfer money from the bank accounts of Citi Group customers to the new accounts at Indian banks.
By April 2005, the Indian police had tipped off to the scam by a U.S. bank, and quickly identified the individuals involved in the scam. Arrests were made when those individuals attempted to withdraw cash from the falsified accounts, $426,000 was stolen; the amount recovered was $230,000.
Verdict: Court held that Section 43(a) was applicable here due to the nature of unauthorized access involved to commit transactions.
Section 65 – Tampering with Computer Source Documents
Syed Asifuddin and Ors. Vs. The State of Andhra Pradesh In this case, Tata Indicom employees were arrested for manipulation of the electronic 32- bit number (ESN) programmed into cell phones theft were exclusively franchised to Reliance Infocomm.
Verdict: Court held that tampering with source code invokes Section 65 of the Information Technology Act.
Section 66 – Computer Related offenses
Kumar v/s Whiteley In this case the accused gained unauthorized access to the Joint Academic Network (JANET) and deleted, added files and changed the passwords to deny access to the authorized users.Investigations had revealed that Kumar was logging on to the BSNL broadband Internet connection as if he was the authorized genuine user and ‘made alteration in the computer database pertaining to broadband Internet user accounts’ of the subscribers.The CBI had registered a cyber crime case against Kumar and carried out investigations on the basis of a complaint by the Press Information Bureau, Chennai, which detected the unauthorised use of broadband Internet. The complaint also stated that the subscribers had incurred a loss of Rs 38,248 due to Kumar’s wrongful act. He used to ‘hack’ sites from Bangalore, Chennai and other cities too, they said.
Verdict: The Additional Chief Metropolitan Magistrate, Egmore, Chennai, sentenced N G Arun Kumar, the techie from Bangalore to undergo a rigorous imprisonment for one year with a fine of Rs 5,000 under section 420 IPC (cheating) and Section 66 of IT Act (Computer related Offense).
Section 66D – Punishment for cheating by impersonation by using computer resource (Sandeep Vaghese v/s State of Kerala)
A complaint filed by the representative of a Company, which was engaged in the business of trading and distribution of petrochemicals in India and overseas, a crime was registered against nine persons, alleging offenses under Sections 65, 66, 66A, C and D of the Information Technology Act along with Sections 419 and 420 of the Indian Penal Code.
Section 67B – Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form (Janhit Manch & Ors. v. The Union of India).
It was held that “In the light of that we are not inclined to interfere in the exercise of our extra ordinary jurisdiction. If the petitioner comes across any website/s which according to him publishes or transmits any act which amounts to offence under section 67 or 67A of the Information & Technology Act, 2000, it is upto him to file a complaint”
Note: We at Bhandari Law Firm (BLF) are always available to help the public in these kinds of cyber crimes. Our best lawyers are specially dealing in cyber crime and laws in District Court Chandigarh, Mohali, Panchkula as well as in Punjab and Haryana High Court at Chandigarh.