Cyber Crimes: A Glimpse and Legal Implications

In today’s technological world, crime is no longer limited to space, time or a group of people. Cyber space has created moral, civil and criminal wrongs. In a narrow sense, cybercrime is a computer crime. It can be defined as any illegal behaviour directed by means of electronic operations that target the security of computer systems and the data processed by them. In a broader sense it is a computer related crime and is any illegal behaviour committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession and offering or distributing information by means of a computer system or network. Some examples of cybercrime are unauthorised access to a computer system or network, damage to computer data or programs, computer sabotage, unauthorised interception of communications and computer espionage. Various types of cyber criminals are children between the age of 16-18 years, organised hackers, professional hackers/ crackers, discontented employees, cyber mafia, cyber espionage and cyber terrorism by adversary nations etc. Cybercrime adversely impacts various activities in the electronic medium using computers, computer systems and computer networks. Its effect is not just destruction or adverse impact on data, cybercrimes also have the ability to disrupt or damage computers, computer systems and computer networks as also data or information resident therein. Cybercrimes directly inhibit e-commerce and the free use of the Internet and computers. Examples of some of the modes and manner of committing cybercrime in day to day life are internet time thefts, fraudulent Email, phishing, credit card related frauds, ‘spoof’ attack, spam, enticement over the net,  cyber stalking and ATM withdrawal related frauds.

Cyber Law in India is governed by the Information Technology (IT) Act, 2000. It has amended the Indian Penal Code, 1860 and the Criminal Procedure Code, 1973 with regard to punishment for cybercrimes and their investigation. Cybercrimes affecting individuals are broadly classified as under:

• Infringement of privacy: Such as medical records, personal emails etc. The penalty for breach of confidentiality and privacy has been dealt with by Section 72, IT Act, 2000.

• Identity Theft: False statements and impersonations involving the use of other persons identifying information. 

• Cyber Stalking. It is repeated verbal or written threats, physical or virtual proximity causing fear.

Cybercrimes affecting economy are:

• Hacking: This includes IP-spoofing, DNS spoofing, web spoofing etc. covered under Section 66, IT Act, 2000. 

• Virus and other malicious programs such as worms, Trojans, logic bombs and hoaxes.

• Computer fraud: This includes internet auction fraud, non-deliverable merchandise, also credit/debit card fraud.

• Fraudulent schemes and online trading. 

• Computer forgery and counterfeiting: Guaranteeing the authenticity of electronic documents, and also perfect reproductions of documents. This has been covered in Section 74, IT Act, 2000.

• Theft of telecommunication services: Frauds in internet telephony and telephone network computers.

•  Software piracy and other copyright violations- rights of authors, for software, for books etc.

• Electronic money laundering and tax evasion.

• Cyber Squatting.

• Crimes affecting national security are Cyber Terrorism which includes unlawful attacks and threats to attack in the cyber domain of a nation.

• Cyber warfare which is basically immobilising the enemy nation  by destroying his computer systems and networks.

IT Act delineates two types of penal provisions viz contraventions and Information Technology (IT) offences.  Contraventions primarily deals with unauthorised computer, computer system or computer network.  This has been covered under Section 43(a) to section 43(h) of IT Act, 2000.  IT offences deals with computer, computer system or computer related serious offences and these have been covered under Sections 65 to section 74 of IT Act, 2000. 

Cyber Contraventions-   By virtue of section 43, the following acts if done without permission of owner or any other person who is in charge of the computer/network are contraventions; accessing or securing access to the computer/network, downloading any data or information from the computer/network, introducing or causing to be introduced any computer contaminant or computer virus, damaging or causing to be damaged the computer network data  or any computer programs in it,  disrupting or causing the disruption of any computer/network, denying or causing the denial of access to any person authorised to access the same, charging the services availed of by a person to the account of another by tampering with or manipulating any computer/network. 

Information Technology Offences-  These have been covered under section 65 to section 74 of IT Act 2000 and in a nutshell are:

• Section 65. Tampering with computer source documents.

• Section 66.  Computer related offences to include sending offensive messages, receiving stolen computer device, identity theft, cheating by personation, violation of privacy, cyber terrorism etc.

• Section 67. Publishing or transmitting information which is obscene/offensive  in electronic form.

• Section 68. Failure to comply with Controllers directions.

• Section 69. Subscribers failure to comply with Controllers requirement for decryption.

• Section 70. Accessing designated protected systems.

• Section 71. Misrepresentation to the Controller or the Certifying Authority.

• Section 72. Breach of Confidentiality and Privacy.

• Section 73. Publishing false digital certificate.

• Section 74. Making available digital certificate for fraudulent purpose.

Information Technology Amendment Act, 2008 was passed by both the houses of Parliament in end December 2008. These amendments have made the Information Technology Act, 2000 as a technology neutral legislation. Instead of digital signatures, the law has come up with a broader generic concept of electronic signatures. 

Cyber Terrorism- For the first time, the concept of cyber terrorism has been defined and made a heinous crime. Cyber terrorism as an offence has been made punishable with life imprisonment and fine. This should assist in curbing terrorist activity. The punishment for cyber terrorism is covered under section 66F of the IT Act 2000.

The IT Act amendment 2008 provides far more exhaustive coverage off cybercrimes in the law. Various new cybercrimes have been added like the activities defined in Section 43 of the IT Act, 2000. The new amendments have added identity theft and phishing as cybercrimes and have also covered breach off privacy, child pornography as specific offences. The Act provides compensation for unlawful loss or gain arising from unauthorised use of data, breach of confidentiality and privacy. The amendment bill makes a company handling sensitive personal data liable to pay compensation up to Rs 5 crore, if it is negligent in implementing reasonable security measures with respect to such personal data. 

Computer Emergency Response Team (CERT) in India. It is the referral agency of the Indian Community for responding to computer security incidents as and when they occur. CERT also assists members of the   Indian Community in implementing    proactive measures to reduce the    risks of computer security incidents. It will maintain links with CERT worldwide, and establish a trusted network of security experts, to better address security issues and incident response.

Cyber Forensic-  This provides technical services to law enforcement   agencies in analysing cybercrimes and training on cyber forensics. Cyber forensic tools are developed in consultation with the police academy so as to conform to the procedures being developed by them. Court testimony regarding the examinations performed and the results obtained can be provided to the law enforcement professionals.

The author is a Senior Fellow at CLAWS