Cyber crimes and effectiveness of laws in India to control them

Under the Supervision of Dr. P.K. Rai

Birendra Singh (M.Phil(CS))
Department of Computer Science APSU Rewa

ABSTRACT:-

India owes a lot to the exponential growth of the Information Technology service Industry over the last 15 years. Though India got its first codified Act in the Information Technology Act (“IT Act), in the year 2000, the IT Industry and in fact all businesses with cross-border obligations have been left crying themselves hoarse for more! The Indian Legislature has now passed a mish –mash legislation in December 2008, which clearly demonstrates the appeasement policy adapted to meet the various and in some instances divergent interests of the Industry and the Government. The scope of this paper is to highlight some important provisions of the cyber criminal laws in India relating to data protection, privacy, encryption and other cyber crimes and the extent to which the said provisions arm the enforcement authorities to combat not just existing but emerging trends in Cyber Crime.

INTRODUCTION:-

The general laws in India were drafted and enacted in the 19th century. Whilst each of the general laws have undergone modifications and amendments, the broad and underlying provisions have withstood the test of time, including unimaginable advancements in technology, which speaks to the dynamism of the General laws. The general laws referred to in this Article are the Indian Penal Code, 1860 (“IPC”), which is the general penal law of India and the Indian Evidence Act, 1872 (“Evidence Act”), the general law pertaining to admissibility of evidence in civil and criminal trials. The manner in which trial of criminal cases are to be conducted is dealt with under the
Criminal Procedure Code, 1973 (“Cr. P. C”).
India got its first codified Act in the Information Technology Act, 2000 (“IT Act), which fell far short of the Industry’s requirements to meet global standards. The focus if the IT Act was however recognition of electronic records and facilitation of e -commerce. Barely ten sections were incorporated in the IT Act to deal with Cyber Crime. At the time when the IT Act was passed several acts deemed to be illegal in most jurisdictions including virus attacks, data theft, illegal access to data / accessing and removal of data without the consent of the owner, etc., were listed as civil penalties under the IT Act3. The IT Industry continued to rely on self –regulation and contractual undertakings to appease its global clients, as it had done before the passing of the IT Act. The primary offences under the IT Act were:

• Tampering with source code.
• Deleting, destroying or altering any data on any computer resource with mala fide intent to cause wrongful loss or to diminish its value.
• Publishing or transmitting pornographic material through a computer resource;
• Provisions pertaining to encryption technology, the right of the Government authorities to intercept and decrypt such data and to call upon any entity or individual to decrypt such data were also included in the IT Act. Certain acts affecting the integrity and sovereignty of the nation were classified as offences.
What Type of Cyber Crime & Its IT Act:-
Some Noteworthy Provisions Under The Information Technology Act, 2000.
|Sec.43 |Damage to Computer system etc. |Compensation for Rupees 1crore. |
|Sec.66 |Hacking (with intent or knowledge) |Fine of 2 lakh rupees, and imprisonment for 3 years. |
|Sec.67 |Publication of obscene material in e-form |Fine of 1 lakh rupees, and imprisonment of 5years, and double conviction on |
| | |second offence |
|Sec.68 |Not complying with directions of controller |Fine upto 2 lakh and imprisonment of 3 years. |
|Sec.70 |attempting or securing access to computer |Imprisonment upto 10 years. |
|Sec.72 |For breaking confidentiality of the information of computer |Fine upto 1 lakh and imprisonment upto 2 years |
|Sec.73 |Publishing false digital signatures, false in certain |Fine of 1 lakh, or imprisonment of 2 years or both. |
| |particulars | |
|Sec.74 |Publication of Digital Signatures for fraudulent purpose. |Imprisonment for the term of 2 years and fine for 1 lakh rupees. |

Under The Information Technology Act, 2008
The Information technology Act 2000 has been substantially amended through the Information Technology Amendment Act 2008 which was passed by the two houses of the Indian Parliament on December 23, and 24, 2008. It got the Presidential assent on February 5, 2009 and was notified for effectiveness on October 27, 2009.

|Relevant Section in IT Act |Cyber Crime |Brief Description |Punishments |
|43, 65, 66 |Cyber Stalking |Stealthily following a person, tracking his |3 years, or with |
| | |internet chats. |fine up to 2 lakh |
|67, 67 (2) |Cyber Pornography including |Publishing Obscene in Electronic Form involving|10 years and with fine may extends to |
| |child pornography |children |10 lakh |
|65 |Intellectual Property Crimes |Source Code Tampering, piracy, copyright |3 years, or with fine up to 2 lakh |
| | |infringement etc. | |
|69 |Cyber Terrorism |Protection against cyber terrorism |Imprisonment for a term, may extend to|
| | | |7 years |
|66 |Cyber Hacking |Destruction, deletion, alteration, etc in a |3 years, or with fine up to 2 lakh |
| | |computer resources | |
|43, 65, 66 |Phishing |Bank Financial Frauds in Electronic Banking |3 years, or with |
| | | |fine up to 2 lakh |
|43, 66, 67, 69, 72 |Privacy |Unauthorised access to computer |3 years, or with fine up to 5 lakh |

Reason For Amending IT Act 2008:-

1. To include new type of cyber crime. 2. To increase protection of personal data & info. For national security, economy, public health & safety. 3. To provide for alternate technology for e signature as per model low UNICITRAL. 4. To authorized service providers provide service to SG/CG.

Objectives:-

1. Legal recognition for transactions carried out by means of E- data interchange (EDI) E-commerce. 2. Facilitate and legalized E-fund transfer (EFT). 3. Facilitate E- storage of data. 4. Facilitate E-filling of documents with Gov. Departments. 5. Legal recognition for keeping of books of accounts by bankers in E-form. 6. Legal recognition to Digital signature for authentication of information. 7. Amend RBI Act, Banker’s Book Evidence Act, Indian Evidence Act, Indian Penal Code.

Incident handling Report:-

The summary of activities carried out by CERT in during these years is given in the following table:
|Activities |2006-7 |2007-8 |2008-9 |2009-10 |2010-11 |
|Security Incidents handled |552 |1237 |2565 |8266 |10315 |
|Security Alerts issued |48 |44 |49 |29 |43 |
|Advisories Published |50 |66 |76 |61 |72 |
|Vulnerable Notes Published |138 |163 |197 |157 |274 |
|Security Guidelines Published |1 |1 |1 |- |1 |
|White Paper Published / Case Studies Published |2 |2 |1 |1 |1 |
|Trainings Organized |7 |6 |18 |19 |26 |
|Indian website Defacements tracked |5211 |5863 |5475 |6023 |14348 |
|Open Proxy Servers tracked |1837 |1805 |2332 |2583 |2492 |
|Bot infected Systems tracked |- |25915 |146891 |3509166 |6893814 |
| | | | | | |

Abuse statistics:-

The year – wise summary of various types of incidents handled in given below:

|Security Incidents |2004 |2005 |2006 |2007 |2008 |
|.in |51% |60% |62% |56% |73% |
|.edu.in |- |- |- |- |- |
|.co.in |31% |28% |27% |30% |21 |
|.firm.in |- |- |- |- |- |
|.gov.in |6% |2% |3% |3% |- |
|.nic.in |- |- |- |1% |- |
|.net.in |3% |3% |2% |- |2% |
|.mil.in |1% |- |- |- |- |
|.org.in |5% |4% |4% |3% |3% |
|.ac.in |3% |2% |1% |4% |- |
|Other |- |1% |1% |3% |1% |

Security Alerts:-

The critical and medium vulnerabilities in various Operating Systems, Application software and Network devices discovered during January 2012 and February 2012 and their countermeasures along with wide-spreading malicious code like virus/ worm/Trojan

New cybercrimes as offences under amended Act-

Many cybercrimes for which no express provisions existed in the IT Act,2000 now stand included by the IT (Amendment) Act, 2008. Sending of offensive or false messages (s 66A), receiving stolen computer resource (s 66B), identity theft (s 66C), cheating by personation (s 66D), violation of privacy (s 66E). A new offence of Cyber terrorism is added in Section 66 F which prescribes punishment that may extend to imprisonment for life . Section 66 F covers any act committed with intent to threaten unity ,integrity,security or sovereignty of India or cause terror by causing DoS attacks, introduction of computer contaminant, unauthorized access to a computer resource, stealing of sensitive information, any information likely to cause injury to interests of sovereignty or integrity of India, the security, friendly relations with other states, public order, decency , morality, or in relation to contempt of court, defamation or incitement to an offence , or to advantage of any foreign nation, group of individuals or otherwise. For other offences mentioned in Section 66 , punishment prescribed is generally upto threeyears and fine of one/two lakhs has been prescribed and these offences are cognisable and bailable. This will not prove to play a deterrent factor for cyber criminals. Further, as per new S. 84B, abetment to commit an offence is made punishable with the punishment provided for the offence under the Act and the new S. 84C makes attempt to commit an offence also a punishable offence with imprisonment for a term which may extend to one-half of the longest term of imprisonment provided for that offence. In certain offences, such as hacking (s 66) punishment is enhanced from 3 years of imprisonment and fine of 2 lakhs to fine of 5 lakhs. In S. 67, for publishing of obscene information imprisonment term has been reduced from five years to three years (and five years for subsequent offence instead of earlier ten years) and fine has been increased from one lakh to five lakhs (rupees ten lakhs on subsequent conviction). Section 67A adds an offence of publishing material containing sexually explicit conduct punishable with imprisonment for a term that may extend to 5 years with fine upto ten lakhs. This provision was essential to curb MMS attacks and video vouyerism. Section 67B punishes offence of child pornography, child’s sexually explicit act or conduct with imprisonment on first conviction for a term upto 5 years and fine upto 10 lakhs.This is a positive change as it makes even browsing and collecting of child pornography a punishable offence. Punishment for disclosure of information in breach of lawful contract under sec 72 is increased from 2 yrs upto 5 yrs and from one lakh to 5 lakh or both.This will deter the commission of such crime. By virtue off Section 84 B person who abets a cybercrime will be punished with punishment provided for that offence under the Act. This provision will play a deterrent role and prevent commission of conspiracy linked cybercrimes. Also, punishment for attempt to commit offences is given under Section 84 c which will be punishable with one half of the term of imprisonment prescribed for that offence or such fine as provided or both.

Analysis:-

In this paper we are analyze the some different type of cyber crime that are handled by the Indian investigation cell and the under IT Act 2000, IT Act 2008. after the amendment IT act 2008, this act can not properly handling some type of cyber crime like as Phishing, Network Scanning/ Probing, Virus / Malicious Code, Spam, Website Compromise & malware propagation etc. after the analyze of this paper we are not properly safe but some cyber crime are decrease.

Conclusion :-

The IT( Amendment ) Act,2008 from an overall perspective has introduced remarkable provisions and amendments that will facilitate the effective enforcement of cyberlaw in India. India is now technologically neutral with electronic signatures replacing the requirement of digital signatures . The importance of data protection in today’s information technology age cannot be undermined and it finds place in Section 43,43A, ,66, 72 of the IT Act,2000. In this era of convergence the definition of ‘communication device’ and ‘intermediary’ have been rightly inserted/revisited and validity of e-contracts is reinforced by insertion of Section 10 A. . Section 46(5) of the IT Act is a welcome provision that empowers the Adjudicating officers by conferring powers of execution on the office of Adjudicating officer at par with a civil court. The Intermediaries have been placed under an obligation to maintain and provide access to sensitive information to appropriate agencies to assist in solving cybercrime cases under Section 67C, Section 69. However, liability of ISPs has been revisited and onus shall lie on complainant to prove lack of due diligence or presence of actual knowledge by intermediary as proving conspiracy would be difficult. These are some of the challenges that cyberlaw enforcement teams will be faced with The power of interception of traffic data and communications over internet will need to be exercised in strict compliance of rules framed under respective Sections in the Act conferring such powers of monitoring, collection , decryption or interception. Power for blocking websites should also be exercised carefully and should not transgress into areas that amounts to unreasonable censorship. Many of the offences added to the Act are cognizable but bailable which increases the likelihood of tampering of evidence by cybercriminal once he is released on bail. The police must therefore play a vigilant role to collect and preserve evidence in a timely manner .For this , the police force will need to bewell equipped with forensic knowledge and trained in cyberlaws to effectively investigate cybercrime cases.The introduction of Examiner of Electronic Evidence will also aid in effective analysis of digital evidence & cybercrime prosecution.

References:- 1. Research paper:-ISM 4320 – Information Systems Security April 17, 2008. 2. International Journal of Cyber Criminology 3. Cyber Criminology: Evolving a novel discipline with a new journal 4. Research paper:- Cyber Crime & cyber Law in Indian Prospective. 5. CYBER STAKING: CRIME AND CHALLENGE AT THE CYBERSPACE(Anju Thapa (Research Scholar), Dr. Raj Kumar (Dy. Registrar)). 6. CYBER CRIME SCENARIO IN INDIA(Dr.B.Muthukumaran, Chief Consultant, Gemini Communication Ltd.). 7. Cyber Law: A Legal Arsenal for online Business, Brett J. Trout. 8. Cyberlaw : the law of the internet, Jonathan Rosenoer. 9. Cyber Crime And Law - Indian Perspective. 10. Indian Computer Emergency Response Team: (www.cert-in.org.in). 11. http://www.cybercrime.gov/nolanSent.pdf. 12. “Computer Crime”. Wikipedia Organization . 13. http://www.mcconnellinternational.com/services/cybercrime.htm. 14. www.asianlaws.org. 15. http://www.joomlacontenteditor.net 16. MINISTRY OF COMMUNICATIONS AND INFORMATION TECHNOLOGY (Department of Information Technology). 17. http://www.cert.in.org