Introduction
Humanity is in a constant state of evolution, continually developing and discarding old ideas to create something new and more inclusive. This process of scientific and creative innovation has often left us ill-prepared to deal with the negative consequences that can accompany these discoveries. One such remarkable invention of humanity is the computer. If we were to travel back a couple of centuries, it would have been unimaginable that one day humans would possess the power to access the lives of millions of people with just a click. The age of the internet and technology has fundamentally transformed how both individuals and governments perceive the world. With each passing day, the internet continues to expand and encroach upon more aspects of our lives, becoming increasingly pervasive and intrusive.
Such intrusiveness and pervasive nature of internet has caused the criminalisation of the digital age. The increased connectivity and prevalence of online surfing has been turning into an outlandish phenomenon causing more and more violations of people’s private and digital rights. Cybercrime, which is one such violation that relatively is not an old crime to the world. In the modern age cybercrime is the most prevalent crime engendering a devastating role to the age of technology and internet. Even though the concept of cybercrime and its jurisprudence is a borderless concept, we however, would limit ourselves in understanding it in the Indian context. To dive further into the legal framework and the ways of prosecution of cybercriminals let us first understand meaning of cybercrime in the digital era.
What is cybercrime?
Cybercrime can be defined in several ways. More generally, cybercrime is any such criminal activity which is occurring on the medium of computer, mobile or any other device having the access of internet recognised by the Information Technology Act, 2000 (amended in 2008) and now also Data Protection Act, 2023. The term cybercrime may be judicially interpreted in some judgments passed by courts in India however, it is not specifically defined in any act or statute passed by the Indian legislature. The Information and Technology act is the main legislation that governs the contours of cyberspace and the activities occurring on it. Chapter XI of the Act has a separate section titled “offences”, wherein all the cybercrime offences have been recognised as crimes and are liable to be punished by fine or imprisonment or both.
To understand better what can we deliberate to be a cybercrime, let us look at some definitions of the vast concept. Dr. Debarati Halder and Dr. K. Jaishankar define cybercrimes as:
“Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)”
Professor S.T. Vishwanathan has given three definitions in his book The Indian Cyber Laws with Cyber Glossary is as follows.
- Any illegal action in which a computer is the tool or object of the crime i.e., any crime, the means or purpose of which is to influence the function of a computer,
- Any incident associated with computer technology in which a victim suffered or could have suffered loss and perpetrator, by intention, made or could have made a gain,
- Computer abuse is considered as any illegal, unethical or unauthorized behaviours relating to the automatic processing and transmission of data.
Legal Framework of Cybercrime in India
India in 2021 reported 52,974 cases of cyber crimes with a six percent increase from last year. The experts have stated that the data presented by the National Crime Report Bureau is a gross misrepresentation of the actual figures. Pavan Duggal, a cyber law expert looking at the past figures of 2014, 2015 and 2016 stated by the NCRB with respect to cybercrime, conveyed that, “These figures do not represent the ground reality. There is massive under-reporting of cybercrime cases in India and at present these numbers represent just 1% of actual incidents,”. The said opinion finds a corroboration in the new research published in the year 2022 by the Netherlands-based firm Surfshark. The study took into account all the reports and data breaches that happened since 2004 and suggests that as many as 18 out of every 100 Indians have suffered from data breaches since 2004. India according to the study stands at sixth in the world when it comes to highest incidents of data-breaches. This situation demands an immediate response from the government. The security and well-being of the state’s residents are at stake, and an urgent law must be put in place to govern their data, providing them with the highest levels of security and safety, which is a part of their fundamental right under Article 21 of the constitution.
The IT Act contains multiple sections with respect to data privacy. It provides a certain level of protection against arbitrary use of private information by holding the data fiduciaries responsible towards their conduct. Various sections, such as 65, 66, 66C, 66D, 66E, 66F, 67, 71, and 71 these sections cover various aspects of computer-related offenses and their penalties. Attempting to tamper with computer source documents, unauthorized use of computer systems, fraudulent use of electronic passwords or Digital Signatures, committing fraud using a computer or communication device, sharing intimate photos without consent, denying authorized access to computer resources, and publishing insulting messages or images are all subject to legal consequences.
Penalties range from imprisonment for up to three years and fines of varying amounts, depending on the specific offense. In severe cases, such as endangering national security, life imprisonment may be imposed. Deceptive practices before a Certifying Authority to obtain licenses are also punishable with imprisonment or fines. These sections collectively aim to regulate and deter cybercrimes and protect the integrity of digital systems and personal privacy. In 2008 when the IT Act was amended, it also brought changes to the Penal Code 1862 and the Reserve Bank of India Act. Numerous section in the Penal Code held the offendors accountable for any only illegality and disciplined the use of Internet and privacy. In the recent amendment in the three code Bills The Indian Penal Code has been replaced by the Bhartiya Nyay Sanhita,2023. Various Sections in the newly introduced Act hold the offenders liable for any act committed which is any wrongdoing defined in the code. For instance, Section 78 and 79 endows women of her right to privacy and incurs punishment upto three years in prison or fine or both, if any person. Section 335 of IPC punishes crimes like spoofing or forging documents. Thus, it is evident that the legal landscape for cybersecurity protection in India is primarily governed by the the Information Technology Act (IT Act) and the Indian Penal Code (IPC). However, a perplexing question arises – despite the presence of these stringent laws and regulations, why does India continue to grapple with data loss and cybersecurity challenges? What are the underlying obstacles that hinder the effective enforcement of these cyber laws? Furthermore, how can India broaden its approach to establish a more comprehensive and resilient cyber regulatory framework?
Despite recent strides in India towards safeguarding its citizens’ data, such as the enactment of the long-awaited Digital Personal Data Protection Act, 2023, there remains a critical gap. This law significantly strengthens and centers around the management of private individuals’ data, emphasizing the heightened accountability of data fiduciaries toward their subscribers. However, it falls short in addressing the crucial aspect of protecting individuals from third-party data breaches. The parties that the state cannot hold accountable on the face of it but could only provide preventive and remedial measures. Therefore, these are pertinent inquiries that demand attention. While the legal framework exists, the challenges persist, and understanding these intricacies is essential for addressing the cybersecurity conundrum in India. Delving into the nuances of these challenges and exploring additional dimensions that India can embrace to bolster its cyber regulations is imperative.
Challenges to the cybersecurity in India
Cyber crime is a borderless concept i.e., it transcends traditional notions of sovereignty and territorial limits, posing challenges for legal systems worldwide and, hence, is a problem that suffers from jurisdictional issues. A person sitting with a computer and internet access in one place has the potential to commit cyber fraud anywhere in the world. Purportedly, the expansiveness of cybercrime naturally causes jurisdictional problems, consequently rendering the geographical and political boundaries irrelevant. Jurisdiction is an aspect of state sovereignty and it denotes a country’s political and administrative competence. The laws working in a state may or may not have an extra-jurisdictional effect. Now, mainly in India, the challenge that appears with regard to internet crimes is that the extra-territorial jurisprudence is still developing and is presently in its early stages. This problem of lack of jurisdictional mechanism can only be addressed by a long length discussion among different countries to expedite the process of making an effective and amicable solution for providing inter-state cybercrime prosecution.
In India, the handling problem of cybercrime persists in a more aggravated form due to other reasons as well. A significant aspect of this is that India faces the shortage of adequately trained and proficient investigating officers capable of handling cybercrimes. Furthermore, the existing support system for cyber forensics falls significantly short of meeting the demands. Even legal professionals, including lawyers, prosecutors, and judges, often lack the requisite training and orientation to fully grasp the intricacies of digital evidence during legal proceedings. Professional training and educational institutions are not suitably equipped to provide the necessary knowledge and skills to law enforcement officers, aspiring legal professionals, and judges to effectively confront the challenges posed by cyber offenders. Another aspect is the dearth of digital literacy, which further entails the subjects unaware of the government-launched Cyber Crime Portal.
Conclusion
In conclusion, addressing cybercrime on the internet is a multifaceted challenge that demands a comprehensive and people-centric approach. The points highlighted underscore the importance of recognizing the broader context of harassment and abuse, staying abreast of technological advancements, and fostering online vigilance. Efforts should include the establishment of a user-friendly E-portal for women to report their difficulties without fear of stigma, along with the creation of a criminal database to aid law enforcement. Education plays a pivotal role, and women should be empowered with knowledge about safe internet use and their legal rights online.
Furthermore, it’s imperative for the government to impose stricter controls on Internet Service Providers (ISPs) to proactively detect and report suspicious activities. However, these measures must be complemented by an increased focus on building the capacity of law enforcement agencies, legal professionals, and educational institutions to effectively combat cyber offenders.
In the face of a shortage of trained personnel and inadequacies in cyber forensics support, there is a clear need for a concerted effort to bridge these gaps. Ultimately, a well-rounded approach to cybercrime prosecution is essential, one that combines legal measures, education, and technological vigilance to create a safer digital space for everyone, especially women.
