Cyber crimes are witnessed since past few years and there is geographical growth in these cybercrimes recently. Normally Cybercrimes are defined as Crimes committed with the use of the Internet as well as mobile technologies and where there is the use of electronic data. Emergence and fast acceptability and adaptability of Social Media, as well as mandatory use of Digitalisation in every walk of life, have added much-needed fuel in the fire.
As regards to Laws are concerned India does have a strong cyber legal regulation in form of Information Technology Act 2000 as amended in 2008 but a poor understanding of the provisions and lack of dedicated investigation force are the major obstacles in obtaining desired control over the cybercrime and punish cybercriminals. The Statistics published by NCRB for 2016 gives whole insight about Cyber Crime investigations and judicial approach to the same.
I would like to focus the discussion on suggestive or corrective measures as according to my belief it’s the need of the hour.
The Cybercrimes are growing largely due to Lack of Cyber Awareness among the million of digital illiterate users, Lack of understanding of modus operandi of Cybercriminals, Jurisdiction issues, Non-cooperation or hurdles in investigations by many agencies, Lack of proper and quality investigative skill developments in investigation officers, Poor mental mindset and lack of preventive policing from the police departments. When these all factors are put against Cyber Criminals who have the most talented and most updated technological innovations at their discretion, it can be certainly said that this is the Golden era for Cyber Crimes and Cyber Criminals!!!!!!
When all these activities coupled with active State sponsorship for the cybercriminals the situation becomes more grim and gloomy.
- Digital Illiterate Users- We are proud to announce that India is the population of most digitalised users and we have the largest users on social media as well as in terms of data consumption is concerned. But we miss one important factor that these large classes of users are totally unaware of the traps laid for them by cybercriminals on every stage of their digital activity. Most of the users don’t understand how the internet technology works but the argument is so is the case with automobiles; where you need not understand the technology but can drive the same. I think this comparison is totally vague and those who provide these counter-arguments are living in a fool’s world. While allowing driving automobiles like 2-wheelers as well as 4-wheelers a basic test is conducted and the licence is issued to drive the vehicle if the person successfully passes the test. Does anyone know about such minimum qualification test to use digitalised mediums or gadgets? Sadly there are no such tests to assess or determine minimum digital literacy required using these digitalised technologies and this lack of knowledge is really the primary cause of concern and needs to be addressed on war-footing. How many people know about https and how to identify between genuine e-mail and fake mail? This is what I meant from Digital illiteracy. How many people can even identify the fake callers pretending to be calling from your bank or shopping website and offering for encashment of loyalty bonus or so? Forget these questions, how many people know the basics of strong password and sharing of passwords. How many people have even changed the first PIN allotted to them by the bank?
So there is huge task to create digital literate people in India and primarily due to Digitalisation is a priority area of all government as well as banking services.
- Lack of Understanding of modus operandi of Cyber Criminals – This lack of understanding is from both the sections of society i.e. Digital users as well as law enforcement agencies. Recently it is the belief of the people that all that they see on the Internet is true and True only. The users even never think twice prior to initiating any action on response to any offer or opportunity seen by them on the internet. So this haste in decision making thinking that this is lifetime opportunity provided to them and if they don’t grab the same with both hands they will miss the same, is what I am referring to about ignorance of modus operandi. Many people believe in the callers for enhancing in credit card limit by their bank or encashment of reward points or such other tricks of the cybercriminals. As far as the police are concerned they simply scold or blame the complainant for his action and make the entire complaints non-cognisable one and thereby waste precious investigation opportunity and time. Many a time’s police take the matter very lightly where it could lead to someone’s loss of life also. There was an incident which could be highlighted here. A fake FB account of the girl created and it was posted on that account that, “I am suffering from Cancer and last few days of my life”. When the person reported the matter to local police, police sat quietly on the same and didn’t think it proper to investigate the matter with utmost urgency and instruct FB for delete of the same. The mental trauma and agony suffered by that person for the next 15 days were unimaginable. So the modus operandi of criminals must be publicised for the attention of the larger audience and the police should also be able to assess the possible quantum of damage which could happen.
- Jurisdiction Issues – These are the best tools available to agencies to avoid the investigation of any cybercrime but at the same time they forget that by this avoidance to investigate cybercrimes they are in a way benefitting the cybercriminals rather than helping the victims. As policing is State subject and police normally very strictly follow the Jurisdiction while reporting/investigating any matter. Jurisdiction of police is clarified by various court decisions as well as provisions of various acts. Normally it is a place of occurrence of crime or the place where either victim or accused normally resides. This definition of jurisdiction could hold good as far as physical crimes are concerned but for a cybercrime where there is the involvement of multiple locations in a single crime, it’s a curse for the victims. They are required to run from one police station to another to register a simple complaint and where I T Act makes it crystal clear that Cyber Crimes provides for Global jurisdiction to law enforcement agencies. These so-called jurisdiction issues are creatures of the police officials who want to avoid the investigation or hide their ignorance about the investigation of cybercrime. So jurisdiction could not be an issue for avoiding registration of the complaint and police should proactively approach the investigation.
- Non-cooperation and hurdles by many agencies – There are many agencies involved in cybercrime investigation like banks, payment gateways, website hosts, internet service providers, mobile service providers, online shopping portals, social media websites, mobile manufacturing companies, e-mail providers and so on. And many of these agencies are located outside India. So for investigating a single cybercrime, there are many procedural hurdles like International cooperation treaties and privacy norms of the different countries etc. So to overcome these non-cooperation challenges is presently the biggest hurdle in cybercrime investigations. These factors coupled with the active participation of State actors make things more complicated and worst. As Cyberspace does not have any territorial boundaries, No state can control or regulate the same. This non-supremacy of any State or Body over the cyberspace is largely exploited by Cybercriminals.
- Lack of proper and qualitative investigative skills in investigation officers- This is an area where a lot of improvisation is required. As these crimes are totally new and are committed with the use of technology, many investigative officers are not comfortable with the same. As they are trained in traditional policing they practically find themselves at a dead-end when it comes to cybercrime investigation. So proper and qualitative training is the need of the hour for effective cyber crimes investigation.
- Poor mental mindset and lack of preventive policing- This also needs to be changed by 180 degrees. Presently it is belief of many investigative police officers that cyber crime investigation is not their cup of tea and hence they avoid the same. Neither they are able to predict the fall out of non-investigation or impact of the same on society. If investigations are not-initiated at all then it sends a very strong and wrong message to the criminals that investigative agencies are not competent enough and there is no fear of arrest in criminal’s minds. They will enjoy a free hand in committing cybercrimes. The investigating agencies should firmly believe that as crimes are committed with the digital medium, there are bound to be some traces of digital footprints left behind by the criminals. There could b every rare possibility that digital foot-prints won’t be available for investigation purpose. There is more than one location to look for, for the digital footprints. Data can not be deleted forever from the machine /device and only it can be hidden in some form. So a positive mindset and firm belief about the basic rules of Information Technology can make a lot of wonders in cybercrime investigations. Proactive policing is another area where a lot needs to be done. It is routine practise that crimes below certain amounts are not even investigated by the police or there is a tendency of registering the crimes as a non-cognisable offence so the investigation is not carried out. So change in mindset coupled with proactive policing will send very positive signals to the cybercriminals as well as to the large users and they will also come forward and share some valuable inputs.
So by initiating positive measures, there could be a sea change in cybercrime investigation in India. As far as anti-national elements and their financial and information support is concerned there needs to cover a lot of distance to a country like ours where we are practically dependent on companies outside India even for sim card to forensic investigative tools.
The world has recently witnessed Cambridge Analytica incidence and presently Facebook is also facing enquiries across the world by many parliaments regarding alleged Data Breach. These social media are turning out to be major anti-nationals for many countries and it all depends on which side of the battle you are!!! Edward Snowden has disclosed the project Prism being carried out by Pentagon and Julius Assange has exposed through wiki leaks the confidential communications between many important dignitaries and diplomats. So Financial and Information supports are available to various anti-national actors by other countries in whose eyes they are fighting for the genuine cause against the mighty government. Its all matter of perception and will go on forever.
To conclude I can say that Cyber crimes are growing at a large pace and our laws regulating them should be very vibrant and dynamic. There should be fast track trials in matters of Cyber crimes which will act as a deterrent for cyber criminals. There should be more synchronisation amongst various stake-holders for proper sharing of knowledge and information.
Advocate Mahendra Limaye is Cyber Legal Consultant and practises Cyber Litigations before High Courts as well as Adjudicating Officers across various States in India. He is techno-legal professional with diploma in mechanical engineering and Masters in law with post-graduate diploma in Cyber Law and Information Technology. He has submitted his Thesis for Award of Doctorate Degree (PhD) to RSTM Nagpur University.