CRITICAL ANALYSIS OF THE LAWS AGAINST CYBER CRIMES IN INDIA

Introduction

Innovation is inherent to human nature. The human race has tried since time immemorial to keep building and rebuilding things to make things easier for the world. Right from the invention of the wheel ages ago, to the first telephone call by Alexander Graham Bell, remarkable unprecedented developments have been achieved by the humanity due to research and innovation. 

With every major achievement of the world, the society has dynamically reciprocated and has transformed accordingly. Introduction of Telephones prompted the deployment of large-scale telephone lines, and installation of Public-Call-Offices. People stood in lines and waited for their turn to talk, later with subsidization and advancements directed at making the technology feasible people got telephone connections at their houses via telephone lines. The introduction of broadband-internet was based on and facilitated by the existent telephone network.

The 1990s saw the Indian economy open up and allow investments from the private players, government lax the norms for business and permit the foreign investors to freely invest in India. As a result of improved trade and commerce between the world at large and India, improved technology made its way to India. Computers flooded Indian markets with the IT-revolution and the advent of call-centers, soon enough the early cellular phones made their way into the markets. With ubiquitous technology available across sectors, the Indians became more and more reliant on the innovations of the present, and started improving and tailoring technology to suit their needs. Most of the technology got commercialized, and overwhelmed the entire nation. 

Of the various advancements brought about in the 21st century, the most significant one by far is the commercialization of internet, and the exponential increase in the users of the technology that it subsequently achieved.  

However, as is the case with almost every positive development that the world has seen, adversities start showing up almost parallel to the growth. Telephones posed a multitude of issues such as rampant stealing of connections, tapping of phones, using telephone numbers to organize criminal activities etc. The introduction of portability via the cellular phones further posed a number of threats ranging from better organization and coordination of organized crimes, widespread dissipation of telephone numbers of innocent people to miscreants who would then utilize the hand-held phones to stalk and threaten people.

The dawn of internet however opened a Pandora ’s Box as, internet was way bigger than any technology ever built. It complemented everything from banking to communications, from easing ticket reservations to revolutionizing retail. Internet today is integrated in almost every other technology. Cell phones, computers, cars and televisions everything runs internet on it. Such is the reach of internet today that most of the tech today is unimaginable without internet. No one would be willing to use a cell phone or a computer that cannot run internet on it.

The internet today has connected the world like never before. Every information needed by a man is literally on his finger-tip. However, the same reach that remarks internet’s success has been at the root of several unforeseen offences. The growth in the cyber-space (mobile devices, processors, internet etc.) has resulted in the growth of new offences and the increase in the magnitude and intensity of the existing offences. 

Cyber-laws concern themselves with the various aspects of the budding cyber technology. It provides for the regulations pertaining to the licenses, revenue and conduct relating to the computer, internet and mobile technology. A large part of the cyber laws however concerns itself with the menace of cyber-crime. 

There is no specific definition of cyber crimes under the IPC or the IT Act, 2000 which is the governing statute for Information Technology in India. However, the nature of the crimes which in common parlance comes to mean cyber-crimes extends so widely that, putting the definition into a strait-jacket is next to impossible. 

Bank frauds, forgery, data theft, pornography etc. are some of the several common cybercrimes which plague the society today. The researcher in the instant paper has tried to discuss the various laws in place intended to check the rampant cyber crimes in India, and has tried to analyze their contribution in doing so, in addition to which, the researcher will attempt to critically analyze the legal regime around cyber-crimes.

Laws around Cyber Crimes in India

As cyber-crimes are often carried out against subjects which are defined and discussed under the Information technology Act, the statute further penalises these crimes. The Indian Penal Code is the central legislation which deals with conventional crimes in India. As, the scope of these crimes stand expanded today in the light of the technological revolution, a form of these crimes can easily be classified under the ambit of cyber-crimes. Hence primarily, the cybercrimes in India are dealt under the following two statutes. 

  1. Information Technology Act, 2000.
  2. Indian Penal Code, 1860.

Information Technology Act, 2000

India had by the early 2000s, identified IT as a key factor in its quest to achieve economic superiority and overall growth. The governments at the centre and the state level incentivized the growth of centers for IT education, basic computer skills were mandatorily taught by the centrally affiliated schools, and an entire population was soon equipped with primary computer skills. The investment made in the development of the IT sector yielded the results soon enough, and the IT industry boomed in the country. The IT industry was of a tertiary nature and assisted the functioning of the primary and the secondary sectors of the economy, while some professionals formed companies and had standalone operations in form of software giants and consultancies, a major chunk of the IT- educated population transitioned into the mainstream corporate to help with the IT requirements of these organizations. A small population however resorted to utilizing their proficiency in IT to certain ulterior motives. The Information Technology Act, 2000 was legislated both to cater to the growing needs of the IT community in the country and to identify and punish the fringe elements who indulged in misusing information technology. 

Chapter 11 of the IT Act (S.65 to S.78) details and discusses various cyber-crimes, and prescribes the punishment for them. Herein discussed are a few common offences which have been made punishable under the IT Act:

  1. Tampering with source documents: The IT Act prescribes a punishment for concealing, destroying and altering any data which is required not to be maintained and preserved in accordance with the law.[1]For instance, if a disc is required as an evidence to be submitted before a court, alteration in its contents or the production of a fabricated copy of the same may attract a 3-year prison sentence along with a fine. [2]
  2.  Identity Theft: The concept of identity theft refers to the act of using the electronic signature or password etc. of an individual. The same is made liable under the Act with a 3-year prison sentence along with a fine.[3]
  3. Cheating by Personation: The Act penalizes cheating by personation using a computer source with a 3-year prison sentence and a fine.
  4. Privacy Violation: In wake of the acknowledgement of the fundamental right to privacy by the Hon’ble Supreme Court of India.[4]and the recent exposes relating to privacy violation by big MNCs like Google and facebook, Privacy violations have taken the centre stage at various national debates. The IT Act, 2000 prescribes a 3-year prison sentence and a fine for the same u/s 66E.
  5. Cyber terrorism: The act of putting a nation’s sovereignty in danger by the use of a computer resource is referred to as cyber terrorism. Often the use of computer programs such as viruses etc. aids the acts of cyber-terrorists, these acts tend to affect the lives of the people adversely and can even lead to the death of people.  The Act has dealt with cyber terrorism very strictly and has made it punishable with life imprisonment u/s 66 F.
  6. Transmission of Pornographic Material: Transmission of pornographic content has been discussed very strictly under the Act. The implications of the transmission of pornographic content have been appreciated by the legislatures and, since the transmission is bound to have a long term and intense adverse effect on the lives of the victims[5]Section 67 prescribes a minimum punishment of 3-years’ worth jail-time and 5 lakhs in fine. The punishment for a second-time offender has been set at a jail-term for 5 years and a fine of 10 lakhs.

Further, Section 67-B exclusively deals with child pornography for victims below the age of 18 years. The prescribed punishments for a first conviction in cases of child pornography is 5-years of jail time and a fine of 10 lakh rupees, a second conviction can land one a sentence of 7 years and an additional fine of 10 lakh rupees.

  • Compensation for failure to protect data: S. 43-A of the IT Act deals provides for compensation in case a body corporate which handles sensitive personal data fails to protect the same. The body corporate operating with sensitive personal data are required under the section to adopt reasonable security practices and procedures to prevent the loss of data failing which they will be liable to compensate for the loss of the data. 

The IT Act further provides for the central government to issue guidelines and prescribe for security procedures and practices to ensure that the contravention of the various mandates of the statute does not happen.[6] The Act also provides for the rule making power of the legislature to better execute the enactment.

Indian Penal Code, 1860:   

The amended Indian Penal Code in light of the IT Act, 2000 includes electronic records and documents under the ambit of records and documents. Hence, the offences pertaining to the fabrication of the records and falsification of documents etc. extends to the e-records and documents. 

The Sections dealing with false entry in a record or false document etc (i.e. 192, 204, 463, 464, 464, 468 to 470, 471, 474, 476 etc) have been amended by the enactment

Apart from these two legislations, certain other legislations which govern areas that share an interface with internet and technology do have a few provisions dealing with the culpability of cyber threats. However, the substantial provisions of these two statutes lays down a basic framework for the Indian law enforcement against cyber-crimes. 

Critical Analysis

Crimes are as dynamic as a society is, with considerable growth in education and exponential upgradation of the society’s cumulative technology, the criminals have evolved as well. New crimes are being carried out which affect a large number of people, further the conventional crimes are being conducted today with exceptional precision with the help of readily available technology. As the effect of these crimes transcend down to the common folk more often than not, cyber-crimes are now a hot subject matter of the law. As, it is sought to rectify the wrongs perpetrated against the society through the instrument of legislations and their execution. 

While the common cyber crimes have been adequately dealt with under the IT Act, 2000, the legislature constantly keeps bringing about new rules to cater to the growing corpus of the crimes. Currently a key issue faced by the nation at large is that of ‘Data Privacy’, herein the researcher has analyzed how the laws have emerged around the same to accord protection to the people’s fundamental right to privacy. S.66 C of the IT Act, 2000 penalizes Identity theft and S.66 E penalizes violation of an individual’s privacy.

The Rules under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011[7] complement the existing data protection mechanism in the country. 

Rule 8(1)[8] talks about the need for the existence of reasonable security practices and procedures. The international Standard IS/ISO/IEC 27001 on “Information Technology – Security Techniques – Information Security Management System – Requirements”.

In the wake of the debate around Aadhar infringing Right to Privacy, the law pertaining to data privacy was re-examined and on 4h May 2017, The Ministry of Information Technology, Government of India published ‘Guidelines for Securing Identity Information and Sensitive Personal Data or Information in compliance with AADHAR Act,2012 and the Information Technology Act,2000’ 

B.N. Shrikrishna committee further analyzed the various jurisdictions globally in light of the Right to Privacy, data protection etc. and submitted a report which provided a basis for the recent Right to Privacy Bill, 2017.[9] The bill shields an individual’s right to privacy against the world at large and attempts to establish the control of one’s personal data in their own hands. 

Conclusion

In certain ways, the unearthing of these new age crimes tend to bring about a greater degree of awareness among the people and the regime and helps the building of a better, more nurturing society. Laws around the crimes have to be ever-changing as the ill-elements in the society keep on coming up with innovative ways to carry out their malicious acts. The instant paper helped the researcher understand the policy-making process up close and the implications of new-age cyber-crimes on the society. On being acquainted with relevant facts and laws, the researcher is of the belief that the cyber-crimes can only be countered through awareness and cyber education across the masses. 

The knowledge of laws and their applications will, in the researcher’s opinion prove to be of instrumental value in curbing the menace of rampantly increasing new-age cyber-crimes. 


[1] S.65, Information Technology Act, 2000.

[2] Bhim Sen Garg v. State of Rajasthan, 2006 Cri LJ 3463 Raj 2411.

[3] S.66C, Information Technology Act, 2000.

[4] K.S. Puttaswamy v. Union of India, 2017 10 SCC 1.

[5] State of Tamil Nadu vs Suhas Katti.

[6] S.16, Information Technology Act, 2000.

[7] G.S.R. 313(E) Ministry of Communications and Information Technology (Department of Information Technology) Notification, New Delhi, (Apr.11, 2011).

[8] IT Rules, 2011, Rule 8(1).

[9] B.N. Shrikrishna J., White Paper of the Committee of Experts on a Data Protection Framework for India, Ministry of Electronics and Information Technology, (2017).

This article has been authored by Anurag Shankar Prasad.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s