Introduction:
Law does provide a remedy against most of the prevalent cyber crimes. Cyber crime is not a defined term but a catch-all phrase attributable to any offence involving an internet device. Most of the cyber crimes are listed under the Information Technology Act (IT Act), 2000, which was amended in 2008.
However, this clarity vaporises with the realisation that IT Act is not the only enactment covering cyber crime. The Indian Penal Code (IPC) could also be called in to initiate prosecution against cyber crimes or to supplement the provisions of the IT Act. For instance, offences like hacking, data, theft virus attacks, denial of service attacks, illegal tampering with source codes including ransomware attacks could be prosecuted under S.66 r/w S.43 of the IT Act. Cases of forging a credit or debit card or even cloning a mobile SIM with dishonest or fraudulent intent to cause wrongful loss or wrongful gain could be prosecuted under IPC provisions (S.463 to S.471 IPC, as applicable).
Additions to the IT Act in 2008 protect against identity theft (S.66C) or cheating by impersonating online (S.66D). Victims of revenge porn may register complaints for violation of their privacy under S.66E as also under S.67 and S.67A IT Act in addition to IPC provisions. S.67A and S.67B also provide for prosecution of pornography and child pornography respectively. In case of the latter, the provisions of the Prevention of Children from Sexual Offences Act, 2012 (POCSO) may also be invoked.
As children are armed these days with cameras and data on their mobile phones and raging hormones at increasingly reducing, the instances of revenge porn attacks by children against children are on the rise. Irrespective of the age of the accused, if the offence of circulating sexually explicit content or violating privacy through dissemination of images or videos of private parts, is committed, the person is susceptible to prosecution.
With respect to child pornography, the law is very stringent. It is not only publishing or transmission of child porn that is an offence but even browsing for such content and retaining or downloading it is an offence too, unlike for pornography where only the dissemination and transmission, sale, etc. are considered offences. Further, actions intended to entice children through social media for creating child porn content or to record abuse of children and circulating the same are all offences punishable under the IT Act. Most offences carry maximum imprisonment of three years and fine. However, the more serious offences such as child pornography carry stronger punishment ranging from five to seven years. Crimes other than those affecting the “socio-economic conditions” or against women and children, may also be compounded i.e., settled.
Reporting a cyber crime
The procedure for reporting cyber crimes is more or less the same as for reporting any other kind of offence. The local police stations can be approached for filing complaints just as the cyber crime cells specially designated with the jurisdiction to register complaint. In addition, provisions have now been made for filing of ‘E-FIR’ in most of the states. In addition, the Ministry of Home Affairs is also launching a website for registering crimes against women and children online including cyber crimes.
If a police station refuses to register the complaint, a representation may be given to the commissioner of police/superintendent of police. If in spite of that action is not taken, the next step could either be a private complaint before the concerned court or a writ before the high court. In general, there is still a lot of inertia in registration and investigation of cyber crimes. This does affect collation of electronic evidence and containment of damages, whether the offence is against an individual or business.
Remedies for financial fraud
Apart from the criminal processes, S.46 IT Act also provides for remedies against data theft, hacking, virus attacks and financial frauds covered under Chapter IX (S.43 to S.45) by filing an application before the adjudicating officer. Presently, the ad-hoc system of the secretary of the IT ministry acting as the said authority continues. This remedy has been very successfully availed of by victims of financial frauds. However, there is clear ignorance about the fact that the jurisdiction of this authority far exceeds claims against banks.
Businesses also have to take into account possibility of being held liable for data protection violations (S.43A & S.72A IT Act). Apart from the possibility of civil and criminal actions being initiated against them, if they fail to report cyber security incidents to the central authority, they would be liable for action. Being themselves victims of cyber crimes will not help them wriggle out of this requirement. Further, businesses which fall within the category of “intermediaries” have very heavy responsibilities and duties under the IT Act.
The ambiguities
Several initiatives have been taken to ensure awareness among police and judiciary. These exercises have to be balanced with sensitisation programmes to ensure that the persons involved in the system understand the effects of cyber crime and act expeditiously. There are, however, many old systemic problems. Also, there is rampant abuse and misuse of the provisions of the IT Act due to its opacity. Lack of awareness among users merely aggravates this problem.
One instance is of WhatsApp administrators being threatened with criminal prosecution for posts made in groups. S.79 IT Act clearly exonerates persons who have no control over the content posted and the only liability is for complying with the intermediary rules. This would also apply to WhatsApp, the service provider, and not the person starting a group. Ambiguity is merely being misused in such instances.
Other instances where there is actually no ambiguity in law and yet it is being misused is of S.67 being used to prosecute “cyber defamation”. S.67 is on par with S.292 IPC and both have clearly defined high thresholds for initiation of action. This section was neither intended for nor does it apply to “cyber defamation”. Clearly, after ensuring strike-down of S.66A IT Act through its rampant abuse, the enforcement authorities have now resorted to S.67 IT Act. Such instances of patent abuse merely dilute the effectiveness of the provisions.
Fear and greed drive most of the cyber crimes–from the perspective of both the criminal and the user. Lottery scams generated money for criminals solely due to this combination. Many hand over personal data to criminals impersonating as bank representatives out of fear when they are told the bank account would be frozen otherwise. Absence of awareness either of the laws or of their applicability makes people vulnerable to cyber crime.
Expeditious action by police in clear cases of cyber crime; collation of evidence in a manner that will withstand trial; and completion of court proceedings without delay with clear understanding of the technology and the law are just some goals that the system could aim for. It cannot ask users to “keep away” from use of technologies merely due to its inability to protect them. That is akin to asking women to not step out after dark. Until the legal system demonstrates robustness, even irrespective of it, users must exercise due caution in the use of technology. Adapt but do so with care and responsibility, as the virtual world requires as much caution as the real world.
Similarly, businesses ought to increase awareness of the potential of technologies and the threats they pose. They should not only protect themselves against these threats but also have clear processes for ensuring quick bounce-back after an attack. Hygiene in the digital world is as important again as in the real and may protect both individuals and businesses alike in the harm that a cyber attack may cause.
(Source: Economic Times “Dangers of staying in a connected world” N.S. Nappinai an advocate specializing in cyber law and practicing in the SC and Bombay High Court has written a book on cyber law titled “Technologies laws decoded” dated: Nov 3 2017.)
Question:
1. Which section was struck down due to rampant misuse?
a. S.45
b. S.66 A
c. S.5 (iii)
d. None
Ans- B.
Explanation:
Under IT act 2000 s.66A was struck down due to rampant misuse. S.66A Punishment for sending offensive messages through communication service, etc. -Any person who sends, by means of a computer resource or a communication device,-
(a) any information that is grossly offensive or has menacing character; or
(b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device; or
(c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages,
shall be punishable with imprisonment for a term which may extend to three years and with fine.
2. Remedies for protection against cyber crime is mentioned in which section of IT act?
a. S.35
b. S.57
c. S.46
d. S.65
Ans-C
Explanation:
Under s46 The adjudicating officer shall, after giving the person referred to in sub- section (1) a reasonable opportunity for making representation in the matter and if, on such inquiry, he is satisfied that the person has committed the contravention, he may impose such penalty or award such compensation as he thinks fit in accordance with the provisions of that section.
3. For business entities which section under IT act is important?
a. S.43- s72
b. S 80- S66
c. A & B
d. None
Ans- A
Explanation
Under s.43 to s72 of IT act provides for the process through which businesses can keep a tap on person trespassing the property of the company via internet which is hacking of data.
4. Under which section can application be filed before the adjudicating officer?
a. S.41 to S.46
b. S.42 to S.68
c. S.4 to S.8
d. S.43 to S.45
Ans-D
Explanation
S.43 to S.45 says that application for filing be filed before the adjudicating officer. Penalty and compensation] for damage to computer, computer system, etc. Section : 44. Penalty for failure to furnish information return, etc . Section : 45. Residuary penalty.
Whoever contravenes any rules or regulations made under this Act, for .the contravention of which no penalty has been separately provided, shall be liable to pay a compensation not exceeding twenty-five thousand rupees to the person affected by such contravention or a penalty not exceeding twenty-five thousand rupees.
