The world has taken dramatic transformation after the advent of computers, there is no one in the world who is not touched by information technology. Almost every activity of us is guided and regulated by the computers. There is hardly any facet of our lives that is not touched by the information technology revolution. As the world is depending upon the information technology there is the same amount of cyber illegal activities taking place around the world. The Government of India on par with international obligations and statues of the comity of nations has enacted a comprehensive enactment called the Information Technology Act of 2000. This Act covers all gamut of information technological matters including curbing cyber-crimes in our country. The Act empowers the judiciary to play an important role in curbing the cyber-crimes by awarding suitable punishments. My assignment deals with the meaning, details of various types cyber-crimes, development of cyber legislation in our country and some important judgments delivered by various courts with matters concerning the cyber-crimes and finally I have mentioned suggestions which we have to incorporate in effective curbing of cyber-crimes in our country.
As the name reflects it involves criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, these kinds of crimes are also subject to the Indian Penal code of 1860. The classification of cyber-crimes are concerned it can be classified into two kinds, I. the computer as a target, this process the attacker uses a computer to attach another computer, such attacks are commonly known as hacking, virus or worm attacks, disk operating system attacks etc. and the other kind of crime is known as the computer as a weapon, in this process the attacker uses a computer to commit real world crimes which include cyber terrorism, intellectual property law violations, credit card frauds, electronic mail transfer frauds, pornography etc. Types of Computer Crimes The computer crimes are classified into different types they are: 1. Trojan horses attack. 2. Back Doors/Trap Doors. 3. The Salami Technique. 4. Logic Bomb. 5. Fraud. 6. Forgery. 7. Hardware/Software Theft. 8. Data Manipulation. 9. Reproduction of a Program. 10. Telemarketing Fraud. 11. Cyber terrorism.
Combating of Cyber Crimes
The world nations have lately awakened to overcome commission of cyber-crimes. In the international sphere as there is no binding convention or protocol available to try cyber criminals. But the United Nations made a number of attempts to have laws and much persuasion prepared a model law that is endorsed by the General Assembly of the United Nations on 30th of January 1997 and this is only covenants which regulate affairs of cyber-crimes.
Cyber Law in India
Until 2000 in our country there was no legislation pertaining to cyber matters. Our country in 2000, had legislated the Information Technology Act of 2000 on par with the model law framed by the United Nations Commission on Trade. The Act is encompassed into thirteen chapters and divided into ninety four sections. The Information Technology Act 2000 provides a detail meaning of computer and computer network and under section 2(2) it goes on to say that it means an electronic, magnetic, optical or other high speed data processing device or system which performs logical, arithmetic and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, processing, storage, computer software or communication facilities which are connected or relates to the computer in a computer system or computer network. The Information Technology Act 2000 under chapter XI under section 65 provides the meaning of computer tampering with computer source, it means Whoever knowingly or intentionally conceals, destroys or alters intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer programmes, computer system or computer network, shall be punishable with imprisonment up to three years, or with fine which extend up to two lakh rupees, or with both. Section 66 of the act prohibits hacking with computer systems and Section 67 prohibits publication of obscenity in any form in computer related activities. The Act also gives wide powers to police officers not below the rank of Deputy Superintendent of Police to any public place and search and arrest without warrant any person found therein committed or committing offences. Though the proper law is enacted by the parliament which covers every aspect of computer crimes but in our country due to lack of knowledge every minute innumerable computer crimes have been taking place in every corner of the country. From the past in every organization whether private or public all are depending upon the computers and their services, due to which there is alarming growth of crimes.
With the growth in the use of computer networks and the Internet, international aspects of computer crime have received the attention of officials. Computer crime has recently been seen as a global problem. The global nature of computer crime makes domestic solutions inadequate. The identities of perpetrators are often initially unknown, and the space and time dimensions of the intrusions may be unclear. Computer systems can be accessed or destroyed from anywhere and by anyone in the world. This results in complex jurisdictional issues. These issues require immediate solutions in the international arena. In other words, global issues require global strategies. Jurisdictional Issues Jurisdiction is one of the biggest challenges to law enforcement in the information age. “Jurisdiction is the lawful ability of a government to subject a person to that Government’s legal processes. Many computer crime incidents involve more than one jurisdiction, which makes it difficult to determine the locus delicti. The crime is committed across the globe if there is an issue of conflict of law and which laws have to be applicable trying such offences.
The Information Technology age has led to the emergence of a dynamic and highly specialized field of law, namely ‘Cyber laws’. The unique features of the internet, particularly, its borderless expanse, rapid technological advancements, anonymity, speed of communication & data transfer have posed multiple challenges to legislators of different countries who strive to adapt their existing laws for application in cyberspace or develop new laws to govern the virtual world. One of the most perplexing issues is determining Jurisdiction when a cybercrime is committed in one or more jurisdictions and the effect of it is felt in one or more other jurisdictions. Other issues include concerns of privacy, data protection and Intellectual property infringements, rising cybercrimes, cyber terrorism, child pornography. While some countries have developed laws to regulate these pertinent issues in cyberspace, the law is fraught with intrinsic lacunae and countries have faced serious law enforcement problems in their efforts to enforce cyber laws. This is particularly felt in the context of combating cybercrimes which may involve more than a single Jurisdiction and consequently more than one set of cyber laws , or in other words, inevitably a conflict of laws between the laws of two or more sovereign nations. This paper discusses briefly the impediments in the enforcement of cyber laws and highlights the possible effective strategies that will lead to an effective enforcement of cyber laws from a global standpoint.
Jurisdiction is one of the biggest challenges to law enforcement in the information age. “Jurisdiction is the lawful ability of a government to subject a person to that Government’s legal processes . Many computer crime incidents involve more than one jurisdiction, which makes it difficult to determine the locus delicti. The crime is committed across the globe if there is an issue of conflict of law and which laws have to be applicable trying such offences.
Contractual issues in cyberspace
On the contractual front, jurisdiction and formation of e-contracts are two key issues on which traditional legal principles have been largely applied by Courts worldwide. There is now a general consensus that in the e-world, electronic signatures and electronic documents are equally legally valid as the hand-written signatures or hard copy paper documents. In the U.S. alone 57 new electronic bills were introduced in the state legislature during the first two months of 1999 after the enactment of the UTAH Digital Signature Act 1995.The United Nations Commission on International Trade law working group on electronic commerce completed its work on Model law on Electronic Commerce in 1996. The purpose of Model law is to offer national legislators a set of internationally acceptable rules which detail how a number of legal obstacles to the development of electronic commerce may be removed and how a more secure environment may be created for electronic commerce. The Model law achieves its purpose through the principle of “functional equivalence”. This approach involves analyzing the purposes and function of the traditional paper based requirements such as handwritten signature and
original documents and considering the criteria necessary to enable electronic data to achieve the same level of recognition as a paper document.
India enacted its first law of IT through the IT Act, 2000 based on the principles elucidated in the UNCITRAL model law of e-commerce. The Indian Evidence Act 1872 has also been amended to adopt legislative provisions dealing with the admissibility and evidential weight of electronic documents / data messages.
Non contractual issues in Cyberspace
Among the non-contractual issues that have emerged in cyberspace before the courts of different jurisdictions is the situation where in the absence of a contract which establishes jurisdiction, a claim is made that something happened in the course of internet commerce which constitutes a business tort. The extent to which someone who allegedly causes tortious injury in cyber space is subject to jurisdiction in a remote location may well depend on the extent to which this tort is intentional. The jurisdictional issues arise also from consumer protection disputes in the world of online marketing and transactions where the bargaining power disparity originates. The consumer protection laws of individual states in the United States, modelled on the Federal Trade Commission Act 3have been interpreted to apply to the internet. In People vs. Lipsitz 4, an in-state seller of magazine subscription over the Internet, violated consumer protection laws of New York by falsifying statements in emails, and by failing to deliver promised magazines. It was made subject to personal jurisdiction in New York due to active contacts and business solicitation it had in the State. Different countries are making attempts to interpret, adapt and apply their local laws to resolve cyberspace jurisdictional and enforcement issues based on new found principles such as Zippo sliding scale test5 (based on interactivity of a website), Effects test6 (based on where effects of an illegal act are felt), and of late the Targeting approach principles7 (based on whether accused solicited business in a particular jurisdiction). By far, the effects test has gained much consensus followed by the target approach principle8.
Importance of Cyber Laws
– We are living in a highly digitalized world.
– All companies depend upon their computer networks and keep their valuable data in electronic form.
– Government forms including income tax returns, company law forms etc. are now filled in electronic form.
– Consumers are increasingly using credit cards for shopping.
– Most people are using email, cell phones and SMS messages for communication.
– Even in cyber-crime cases, important evidence is found in computers/ cell phones e.g. in cases of divorce, murder, kidnapping, organized crime, terrorist operations, counterfeit currency etc.
– Since it touches all the aspects of transactions and activities on and concerning the Internet, the World Wide Web and Cyberspace therefore Cyber law is extremely important.
Judicial Response to Cyber Crimes in India
The Information Technology Act of 2000 clearly stipulates that the cognizance of cases should be taken by the appropriate courts and it is governed by the principles of Criminal Procedure Code. In spite of the act there are not much cases that have been filed and tried by the courts in India because of number of factors like ignorance of filing cases, pendency after filing, jurisdictional conflicts, improper investigations on part of law enforcement agencies, lack of knowledge on part of law enforcement and interpretation agencies etc.
Certain cases pertaining to cyber laws by higher judiciary are listed below:
- Case No. 1: First Case conviction given in the Cyber Crimes The first case which is filed given of conviction in our country is reported in 2001, in Sony India Private Limited case, brief facts are the Company runs website called sony sambandh targeting nonresident Indians to send different products to friends and relatives in India from foreign countries through online payments. One in name of Barbara Campa and ordered a television and cordless head phone and said Barbara had given a credit card number requested the products should be delivered to one Arif Azim of Noida. When the payment is to be made by the Credit card Company that the card is unauthorized transaction and the real owner is denied transactions. It was revealed that Barbara obtained a credit card number of one American and fraudulently availed it. The police filed a case under Section 418,419 and 420 of Indian Penal Code. The Metropolitan Magistrate court in New Delhi, had felt that as the accused was a young boy of 24twenty four years and a first-time convict, a lenient view needed to be taken. The court therefore released the accused on probation for one year.
- Case No. 2: First case convicted under Information Technology Act 2000 of India The case related to posting of obscene, defamatory and annoying messages about a divorced woman in the yahoo message group. E-Mails were also forwarded to the victim for information by the accused through a false e-mail account opened by him in the name of the victim. The posting of the message resulted in annoying phone calls to the lady in the belief that she was soliciting. Based on a complaint made by the victim in February 2004, the Police traced the accused to Mumbai and arrested him within the next few days. The accused was a known family friend of the victim and was reportedly interested in marrying her. She however married another person.
This marriage later ended in divorce and the accused started contacting her once again. On her reluctance to marry him, the accused took up the harassment through the Internet. The Charge was filed u/s 67 of IT Act 2000, 469 and 509 IPC before The Hon’ble Addl. CMM Egmore by citing 18 witnesses and 34 documents and material objects. The same was taken on file in C.C.NO.4680/2004. On the prosecution side twelve witnesses were examined and entire documents were marked. The Defence counsel argued that the offending mails would have been given either by the ex-husband of the complainant or the complainant herself to implicate the accused as the accused alleged to have turned down the request of the complainant to marry her. Further the defence counsel argued that some of the documentary evidence was not sustainable under Section 65 B of the Indian Evidence Act. However, the court based on the expert witness of Na’vi and other evidence produced including the witness of the Cyber Cafe owners came to the conclusion that the crime was conclusively proved. The court has also held that because of the meticulous investigation carried on by the investigating Officer, the origination of the obscene message was traced out and the real culprit has been brought before the court of law The Additional Chief Metropolitan Magistrate, Egmore, Chennai, delivered the judgement on 5-11-04 as follows: “The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000 and the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/-and for the offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently.
- Case No. 3: Well-known orthopedist in Chennai got life imprisonment Dr. L Prakash stood convicted of manipulating his patients in various ways, forcing them to commit sex acts on camera and posting the pictures and videos on the Internet. The 50-year-old doctor landed in the police net in December 2001 when a young man who had acted in one of his porn films lodged a complaint with the police. Apparently the doctor had promised the young man that the movie would be circulated only in select circles abroad and had the shock of his life when he saw himself in a porn video posted on the web. Subsequent police investigations opened up a Pandora box. Prakash and his younger brother, settled in the United States, had piled up close to one lakh shots and video footage, some real and many morphed. They reportedly minted huge money in the porn business, it was stated. Fast track court judge convicted all the four in Feb 2008, also imposed a fine of Rs 1.27 lakh on Prakash, the main accused in the case, and Rs 2,500 each on his three associates – Saravanan, Vijayan and Asir Gunasingh. The Judge while awarding life term to Prakash observed that considering the gravity of the offences committed by the main accused, maximum punishment under the Immoral Trafficking Act (life imprisonment) should be given to him and no leniency should be shown.The Judge sentenced Prakash under the Immoral Trafficking Act, IPC, Arms Act and Indecent Representation of Women (Prevention) Act among others.
- Case No. 4: Juvenile found guilty for sending threatening email to a sixteen year old student from Ahmedabad who threatened to blow up Andheri Railway station in an email message was found guilty by the Juvenile Court in Mumbai. A private news channel received an email on 18 March 2008 claiming sender as Dawood Ibrahim gang saying a bomb would be planted on an unspecified train to blow it up. The case was registered in Andheri Police station under section
506 of IPC and transferred to cyber-crime investigation cell. During Investigation CCIC traced the cyber cafe from which the email account was created and a threatening email was sent. Cafe owner told the police about friends who had come that day to surf the net. Police summoned them and found that the system which was used to send email was accessed by only one customer. On 22nd March 08, police arrested the boy, a Class XII science student who during interrogation said that he sent the email for fun of having his prank flashed as “breaking news’’ on television.
- Case No. 5: Two Nigerians sentenced seven years RI for online fraud a local court in Malappuram district in Kerala sentenced two Nigerians to five years rigorous imprisonment on July 20, 2011 in a cyber-crime case. The two had cheated a doctor in the district of Rs 30 lakh about two years ago. Johnson Nwanonyi (32) and Michel Obiorah Mozza (34), both hailing from Anambra state in Nigeria, were sentenced each under sections 420 (cheating)-5 years, and 468(forgery)-5 years of IPC and section 66(D) (phishing) of Information Technology (Amendment) Act 2008 -2 years and a fine of Rs 1.25 lakh by a Chief Judicial Magistrate V Dileep in Manjeri in Malappuram district. The sentence would run concurrently. According to the charges filed by the Karipur police, the duo had cheated the doctor Dr. C Thomas, hailing from Valluvambram in Malappuram district after they sent an e-mail asking to pay Rs 30 lakh as processing fee. But a planned move by the police and the doctor succeeded when the Nigerians were lured into Kerala in March 2010. They were then arrested by the Karipur police. The strong evidence based on which the prosecution presented the case became crucial in the first verdict against financial fraud under the Information Technology Act.
Conclusion and suggestions
These above are some of the judgments delivered by the respective courts across our country. As the incidence of the cybercrimes have increasing by day by day we are seeing filing of more cases across in our country and delivery of innumerable judgments. But in practice if we observe the courts are flooded with number of different kinds of litigations and the adding of cybercrimes to its jurisdiction also causing a strain upon it. The judges and law enforcement officials have not properly well versed with technical spheres of law and they should be trained properly. As the cases have been increasingly manifestly more number of specially trained cyber courts should be established to deal the matters. It is also high time to clearly resolve the jurisdictional matters in cyberspace by suitably amending the Information Technology Act of 2000. The victims of cybercrimes are gullible public and they are not aware of the rules or Act and they should be created of awareness programmes so that they can easily approach the law enforcement agencies for redressal of their grievances.
To sum up, though a crime free society is perfect and exists only in illusion, it should be a constant attempt of rules to keep the criminalities lowest. Especially in a society that is dependent more and more on technology, crime based on electronic law-breaking is bound to increase and the law makers have to go the extra mile compared to the impostors, to keep them at bay.
Technology is always a double-edged sword and can be used for both the purposes “good or bad. Steganography, Trojan Horse, Scavenging (and even Dos or Don’ts) are all technologies and per se not crimes, but falling into the wrong hands with an illicit intent who are out to exploit them or misuse them, they come into the array of cyber-crime and become punishable offences.
Hence, it should be the tenacious efforts of rulers and lawmakers to ensure that technology grows in a healthy manner and is used for legal and ethical business growth and not for committing crimes. It should be the duty of the three stakeholders viz. I) the rulers, regulators, lawmakers and agents ii) Internet or Network Service Suppliers or banks and other intercessors and iii) the users to take care of information security playing their respective role within the permitted limitations and ensuring obedience with the law of the land.
Effective Legal enforcement of Cyber laws requires a multipronged approach. No one strategy by itself is self-sufficient or mutually exclusive to create effective enforcement results. To devise a well-integrated action plan for cyber law enforcement is the need of the hour. It is imperative to spread greater awareness on the subject amongst the general public and impart continuous training to the law enforcement personnel and forensic experts. Due measures to establish means and processes of evaluating new ICT developments and products including establishing accreditation agencies, certification policies, CERT, and procedures to enhance information security in the online world require strategic adoption . In addition to specific consumer protection initiatives, the private sector’s dedication and support for a secure Internet system is crucial to curbing unlawful conduct on the Internet. The public private participation and increased corporate accountability and responsibility in maintaining security practices can assist in improved enforcement of cyber laws. In addition, global initiatives to harmonize cyber laws (in substantive and procedural spirit) will play a vital role in removing existing lacunae by crystallizing the laws of cyberspace.
Participation of International organizations, professional & industry associations, law enforcement agencies, cyber law experts and other relevant bodies in creation of multilateral Treaties/Conventions and formulation of Code of Conduct for Cyberspace will assist in evolution of clear principles that will govern cyberspace. The Interpol will also play a considerable role in coordinating and supplementing investigation and prosecution requests and processes amongst different jurisdictions and contribute towards achieving the goal of effective enforcement of cyber laws. While we prepare and implement the Strategic Action Plan for cyber law enforcement, we will, however, need to ensure that all privacy and internet censorship issues have been properly addressed. To sum up, a sincere & concerted effort in implementing the strategies discussed in this paper can prove useful in accomplishing effective enforcement of cyber laws.
There is a renewed focus on cybersecurity practices in India, both from the government and the private sector. Many of the gaps existing in the current law (in terms of liability, penalty, reporting, disclosures, etc.) are likely to be addressed in the new Personal Data Protection Bill 2019, which is expected to be passed in Parliament next year. We expect the private sector to intensify its engagement with the government in this area in view of the Digital India initiative, the increased volume of financial transactions online and the high level of reporting of
cybersecurity attacks in India. The government is expected to develop a focused approach towards cybersecurity preparedness and awareness, including introducing its cybersecurity policy in 2020.