The faster world-wide connectivity has developed numerous online crimes and these increased offences led to the need of laws for protection. In order to keep up with the changing generation, the Indian Parliament passed the Information Technology Act 2000 which is formulated on the concept of United Nations Commissions on International Trade Law (UNCITRAL) Model Law. Cyber Crime has not been defined in IT Act or in any other legislation. In fact, it cannot be defined in one word or sentence in any manner. Offence or crime has been dealt with elaborately listing various acts and the punishments for each, under the Indian Penal Code, 1860 and related legislations. Hence, the concept of cyber crime is just a “combination of crimes and computer”. Cyber crime in a narrow term (computer crime): Any illegal behaviour directed by the help of electronic operations that targets the security of computer systems and the data processed by them.
Cybercrime in a broader term (computer-related crime): Any illegal behaviour committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession and offering or distributing information by means of a computer system or network will amount to cyber crime.
The law defines the offenses in a detailed manner along with the penalties for each category of offence.
Cyber offences are the illegitimate actions, which are carried out in a classy manner where either the computer is the tool or target or both.
Cyber-crime usually includes the following −
- Unauthorized access of the computers.
- Data diddling
- Virus/worms attack
- Theft of computer system
- Denial of attacks
- Logic bombs
- Trojan attacks
- Internet time theft
- Web jacking
- Email bombing
- Salami attacks
- Physically damaging computer system.
The offences included in the I.T. Act 2000 are as follows −
- Tampering with the computer source documents.
- Hacking with computer system.
- Publishing of information which is obscene in electronic form.
- Power of Controller to give directions.
- Directions of Controller to a subscriber to extend facilities to decrypt information.
- Protected system.
- Penalty for misrepresentation.
- Penalty for breach of confidentiality and privacy.
- Penalty for publishing Digital Signature Certificate false in certain particulars.
- Publication for fraudulent purpose.
- Act to apply for offence or contravention committed outside India Confiscation.
- Penalties or confiscation not to interfere with other punishments.
- Power to investigate offences
Authorities dealing with cyber offences
(1) Controller of Certifying Authorities (CCA)
CCA is appointed by the Central Government under section 17 of the IT Act. Some of the functions of CCA are –
To exercise supervision over the activities of Certifying Authorities;
To supervise public keys of the Certifying Authorities;
To lay down the standards to be maintained by the Certifying Authorities;
To specify the qualifications and experience which employees of the Certifying Authorities should possess;
To specify the conditions subject to which the Certifying Authorities shall conduct their business;
Functions of the CCA are discussed in detail under section 18 of the IT Act.
Important sections regarding CCA under the IT Act –
Section 17 – Appointment of Controller and other officers
Section 18 – Functions of Controller
Section 28 – Power to investigate contraventions.
(2) Certifying Authority
Certifying Authorities (CA) has been granted a license to issue a digital signature certificate under section 24 of the IT Act.
(3) Adjudicating officer (AO)AO is appointed under section 46 of the IT Act to adjudicate offences under Chapter IX.
As per Rule 3 of the Information Technology (Qualification and Experience of Adjudicating Officers and Manner of Holding Enquiry) Rules, 2003, it has been declared that the Secretary of Department of Information Technology of every State and Union Territory shall serve as Adjudicating officer.
Important sections regarding AO under the IT Act –
Section 46 – Power to adjudicate
Section 47 – Factors to be taken into account by the adjudicating officer
(4) Cyber Appellate Tribunal (CAT)
Cyber Appellate Tribunal has been established under the IT Act under the aegis of Controller of Certifying Authorities. It is established under Section 48(1) of the IT Act. Any person aggrieved by an order made by Controller or an adjudicating officer under this Act may prefer an appeal to a Cyber Appellate Tribunal.
Chapter X – Sections 48 to 64 of the IT Act has provisions regarding CAT.
Website of the office of CAT
(5) Indian Computer Emergency Response Team (ICERT)
ICERT is the National Incident Response Centre for major computer security incidents in its constituency, i.e. Indian Cyber Community.
Under section 70B of the IT Act, ICERT has been empowered to serve as national agency for incident response.
(6) National Technical Research Organisation (NTRO)
NTRO is designated as the national nodal agency in respect of Critical Information Infrastructure Protection under Sec. 70A of the IT Act.
(7) Cyber Crime Cell
Cyber Crime Cell is a wing of law enforcement agencies like Police, CID, CBI, etc. established to expedite the investigation of Cyber Crimes.
Kindly note that, Cyber Crime Cell is not a Police station where one can go and register a complaint.
In India, Bangalore is the only city which has a Cyber Crime Police Station where one can register a complaint and can get a copy of the First Investigation Report (FIR).
Some of the duties of Cyber Crime Cell are –
- To assist law enforcement in investigating cyber crimes
- To spread awareness about cyber crimes and preventive measures in its territory
- To act as an expert in giving opinions on cyber crime related issues
Power to investigate offences under the IT Act is with the police officer not below the rank of Inspector as per Sec. 78 of the IT Act.
Section 67 – Punishment for publishing or transmitting obscene material in electronic form
Relevant Case: This case is about posting obscene, defamatory and annoying message about a divorcee woman in the Yahoo message group. E-mails were forwarded to the victim for information by the accused through a false e- mail account opened by him in the name of the victim. These postings resulted in annoying phone calls to the lady. Based on the lady’s complaint, the police nabbed the accused. Investigation revealed that he was a known family friend of the victim and was interested in marrying her. She was married to another person, but that marriage ended in divorce and the accused started contacting her once again. On her reluctance to marry him he started harassing her through internet.
Verdict: The accused was found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000. He is convicted and sentenced for the offence as follows:
As per 469 of IPC he has to undergo rigorous imprisonment for 2 years and to pay fine of Rs.500/-
As per 509 of IPC he is to undergo to undergo 1 year Simple imprisonment and to pay Rs 500/-
As per Section 67 of IT Act 2000, he has to undergo for 2 years and to pay fine of Rs.4000/-
All sentences were to run concurrently.
The accused paid fine amount and he was lodged at Central Prison, Chennai. This is considered the first case convicted under section 67 of Information Technology Act 2000 in India.
Parliament Attack Case
Facts: In this case several terrorist attacked on 13 December, 2001Parliament House. In this the Digital evidence played an important role during their prosecution. The accused argued that computers and evidence can easily be tampered and hence should not be relied.
In Parliament case several smart device storage disks and devices, a Laptop were recovered from the truck intercepted at Srinagar pursuant to information given by two suspects. The laptop included the evidence of fake identity cards, video files containing clips of the political leaders with the background of Parliament in the background shot from T.V news channels. In this case design of Ministry of Home Affairs car sticker, there was game “wolf pack” with user name of ‘Ashiq’. There was the name in one of the fake identity cards used by the terrorist. No back up was taken therefore it was challenged in the Court.
Held: Challenges to the accuracy of computer evidence should be established by the challenger. Mere theoretical and generic doubts cannot be cast on the evidence.
Due to the increase in the digital technology various offences has also increased. Since new-new technology come everyday, the offences has also increased therefore the IT Act 2000 need to be amended in order to include those offences which are now not included in the Act.
In India cyber crime is of not of high rate therefore we have time in order to tighten the cyber laws and include the offences which are now not included in the IT Act 2000.
Law does provide a remedy against most of the prevalent cyber crimes. ‘Cyber crime’ is not a defined term but a catch-all phrase attributable to any offence involving an internet device. Most of the cyber crimes are listed under the Information Technology Act (IT Act), 2000, which was amended in 2008. For instance, offences like hacking, data theft, virus attacks, denial of service attacks, illegal tampering with source codes including ransomware attacks could be prosecuted under S.66 r/w S.43 of the IT Act. Additions to the IT Act in 2008 protect against identity theft (S.66C) or cheating by impersonating online (S.66D). Victims of revenge porn may register complaints for violation of their privacy under S.66E as also under S.67 and S.67A IT Act in addition to IPC provisions. S.67A and S.67B also provide for prosecution of pornography and child pornography respectively. In case of the latter, the provisions of the Prevention of Children from Sexual Offences Act, 2012 (POCSO) may also be invoked.
(Amity University Mumbai)