(Position before IT Amendment Bill 2008 was passed)

Karnika Seth – Cyber lawyer & Consultant practicing in the Supreme Court of India and Delhi High Court

At the outset, I must confess that it is an extremely challenging task to present a critique on the subject of Combating Cyber crime and law & enforcement in India and is a prime factor for me to decide to write a short paper on the subject. I hereby intend to briefly state my views on the prevalent cyber crimes in India and put forth few suggestions that maybe instrumental in strengthening our law and enforcement machinery to combat the existing problem.
With the invention of computers, it’s increasing use and human dependency over Internet, while we have gained manifolds in terms of efficiency and management, it has also brought to the front many negative effects and disadvantages. The computer crime or an e-crime can be simply defined as a crime where a computer is the target of a crime or it is the means adopted to commit a crime. While some of the crimes may be new, the others are simply different ways to commit conventional crimes such as frauds, theft, blackmailing, forgery, and embezzlement using the online medium often involving the use of internet. What accelerates the growth of such crimes are typical characteristics of cyber space interalia anonymity, speed, access, dependency, borderless space and lack of awareness of laws. Cyber crimes can be broadly categorized into three categories namely-

(i) Crime against government (Cyber terrorism)
(ii) Crime against persons (Cyber pornography, Cyber Stalking, Cyber defamation)
(iii) Crime against property (Online gambling, Intellectual property infringement, phising, credit card frauds)

In the present day world, India has witnessed an unprecedented index of Cyber crimes whether they pertain to trojan attacks, salami attacks, e-mail bombing, DOS attacks, information theft, or the most common offence of hacking. Despite technological measures being adopted by corporate organizations and individuals, we have witnessed the frequency of cyber crimes has increased over the last decade. Reliable sources report that during the year 2005, 179 cases were registered under the I.T. Act as compared to 68 cases during the previous year, reporting the significant increase of 163% in 2005 over 2004.
Having described the current trend of Cyber crime offences committed in India, I would now briefly comment on our legislative frame work and enforcement machinery that is in place and how India is taking positive initiative to overcome the lacunas with a view to strengthening its modus operandi to curb Cyber crimes. The Information Technology Act, 2000 came into force in India on 17th of October 2000. It extends to whole of India and also applies to any offence or contraventions committed outside India by any person (Section 1 (2), IT Act,2000). According to Section 75 of the Act, the Act applies to any offence or contravention committed outside India by any person irrespective of his nationality, if such act involves a computer, computer system or network located in India. The IT Act prescribes provisions for contraventions in Chapter IX of the Act, particularly Section 43 of the Act, which covers unauthorized access, downloading , introduction of virus, denial of access and internet time theft committed by any person. It prescribes punishment by way of damages not exceeding Rs. 1 crore to the affected party. Chapter XI of the IT Act discusses the cyber crimes and offences interalia, tampering with computer source documents (Sec. 65), Hacking (Sec.66), Publishing of obscene information (Sec.67), Unauthorized access to protected system (Sec.70), Breach of confidentiality (Sec.72), Publishing false digital signature certificate (Sec.73).

One of the first cases where the accused was convicted under the IT Act provisions was the case of State of Tamilnadu V. Suhas Kutty. The case related to posting of obscene massage about a divorcee woman in the yahoo massage group. The accused was found guilty and convicted for offence under section 469 and 504 of IPC and Section 67 of the IT Act.

While IT Act is a special law, most IT experts are of common consensus that it does not cover or deal specifically with every kind of cyber crime, for instance, for defamatory emails reliance is placed on Sec.500 of IPC, for threatening emails, provisions of IPC applicable thereto are criminal intimidation (CH. XXII), extortion (CH. XVII), for email spoofing, provisions of IPC relating to frauds, cheating by personation (CH.XVII) and forgery (CH.XVIII) are attracted. Likewise, Criminal breach of trust and fraud (Sec. 405,406, 408,409) of the IPC are applicable and for false electronic evidence, Sec.193 of IPC applies. For cognizibility and bailability reliance is placed on Code of Criminal Procedure which also lays down the specific provisions relating to powers of police to investigate.

The IT Act, 2000 does not have any specific provision to deal with Identity theft. The expert committee on amendments to IT Act, 2000 has recommended certain amendments in this context. This report does discuss and recommend insertion of amendment to tackle child pornography, theft of confidential information (insertion of sec. 43(2)), gradation of severity of computer related offences under Section 66 committed dishonestly & fraudulently and Section 72(3) to deal with the problem video-voyeurism. However, this report does not deal with some other rampant problems, for instance, Spamming. In my opinion, the special law of IT Act should embody more specific provisions to deal with the diverse types of cyber crimes since both the nature and impact of such crimes is many times greater than what is suffered by the victim in offline mode. Hence, the punishment that may be provided by IPC may not do justice to victim of an online cyber crime. The dimensions of such cyber crimes are of increased degrees especially in the cases of online defamation, particularly arising due to the easy access and circulation of online published information.

We do need a stronger legal & enforcement regime in India to combat the increasing cyber crimes or in other words, efficacy in dispensation of justice will be instrumental in curtailing such activities.
We have learnt our lessons hard, be it the BPO, Mphasis limited case of data theft or the Pranav Mitra’s email spoofing fraud or like instances.

ASLU survey 2003 reports that most cyber case remain unreported due to the fear of negative publicity or under a belief that India does not have adequate legal & enforcement mechanism to deal with such crimes. Therefore, it is imperative that effective measures be adopted to increase awareness of the laws applicable to e-crimes and positive initiatives be taken by the government to train its police officers, personnel in the judiciary and other law enforcement agencies to effectively combat cyber crimes. There is an imperative need to incorporate specific provisions to deal with certain problems such as Spamming which requires appropriate amendments in the IT Act, 2000.

In order to set a deterrent example for cyber criminals, all Cybercafes should be continually monitored to ensure they maintain regular and proper records of its users with adequate Identity checking procedures being duly adopted as per law. More technological tools need to be developed to circumvent the softwares which aid in concealing identity of criminals such as Hide IP softwares which abet spoofing. At this juncture, I must mention the positive initiatives already taken in this direction, including establishment of the Mumbai Cyber Lab which is the joint initiative of Mumbai Police and NASSCOM. Further, NASSCOM in association with Chandigarh administration recently established the Regional Cyber security and Research Center at Chandigarh. Delhi already has an effective cyber crime cell functional with trained police personnel qualified to handle cyber crime investigations.

On this positive note, I would like to conclude with a message that with increasing awareness and provision of training on the subject of cyber crime, enhanced technological and legislative steps being taken to further strengthen our IT laws and enforcement framework, India will effectively succeed in combating the problem of cyber crimes.
*Karnika Seth is a practising Advocate in the Supreme Court of India and the Delhi High Court and is a Counsel and legal advisor to both Foreign and Indian Clients in the field of Intellectual Property Rights, Cyberlaws, Information Technology and InternationalTrade. She is Managing Partner of Delhi based law firm, Seth Associates and is the Chairperson of the Lex Cyberia

You may mail your queries to the author at Karnika@sethassociates.com

Copyrighted 2007 Karnika Seth. Permission to make digital or paper copy of these works for personal or classroom use is granted without fee provided that the copies are not made or distributed for profit or commercial advantage .It is permissible to abstract these works so long as credit is given. To copy in all other cases,or to republish it or post on a server or to redistribute requires special permission from Author at karnika@sethassociates.com