PROTECTION AGAINST CYBER CRIME IN INDIA

Introduction:

Technological development is increasing day by day in India. The internet users have increased so as the use of social media. The technological advancement brought various advantages such as online transaction, creating and posting video on social media and other such benefits but the technology comes with some risks. The cases of cybercrimes are reporting daily involving Identity theft, hacking, online stalking, data theft, cyber terrorism, etc. The problem is users are not technologically educated to protect themselves from cybercrimes. And the question is how the person can protect himself from such crimes. India has enacted the act and rules to provide the protection against the cybercrimes.

Legal Framework pertaining to cybercrimes in India:

Information Technology Act, 2000 (IT Act)

Primary law governing cybercrime in India covers offenses like:

• Hacking

It is an act of accessing the computer system without the permission or authorization. It is one of the emerging cyber crimes which the users are becoming victim to. The Information Technology Act, 2000 (IT Act) provides the protection against the hacking under “Section 66. Computer related offences. –If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.”[1]

This section defines penalizes the person who commits the offence of hacking with imprisonment for a term which may extend to three or with fine which may extend to five lakh rupees or with both.

• Identity theft

When someone steals the personal information to pretend to be you to access your data or account is known Identity theft. The IT Act, 2000 defines Identity theft under “Section-66C. Punishment for identity theft.–Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.”[2]

This section lays down the punishment for identity theft with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.

• Cyberstalking

Cyberstalking is the stalking of someone through social media tools to harass or threaten. Stalking is the violation of person’s privacy which is punishable under section-66E of IT Act, 2000. The section also defines the acts which can be a violation of privacy.

“66E. Punishment for violation of privacy. –Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both.

Explanation. –For the purposes of this section– (a) ―transmit‖ means to electronically send a visual image with the intent that it be viewed by a person or persons;

(b) ―capture‖, with respect to an image, means to videotape, photograph, film or record by any means;

(c) ―private area‖ means the naked or undergarment clad genitals, public area, buttocks     or   female breast:

(d) ―publishes‖ means reproduction in the printed or electronic form and making it available for public;[3]

• Phishing

Phishing is the cyber crime committed by the hackers by pretending to be legit source so the user will trust the source and he will put his personal information such as passwords, account details etc. The phishing is punishable with the imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees. The section has to be read as follows:

“Section-66D. Punishment for cheating by personation by using computer resource. –Whoever, by means of any communication device or computer resource cheats by personation, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.”

Nasscom v. Ajay Sood & Others – This case defined phishing as a cybercrime where impersonation is used to steal personal data and set legal precedent to punish such acts under the IT Act even without specific legislation on phishing[4]

• Data theft

Section-43 of the Information Technology act defines the offences pertaining to computer which penalizes the offences related to computer.  This provision holds any person liable for penalties and compensation if they intentionally access, download, damage, disrupt, or tamper with a computer, computer system, or network without authorization.

Unauthorized activities include accessing computer systems or resources without permission; copying or extracting data; introducing viruses or contaminants; damaging hardware, software, or data; disrupting networks; denying access to authorized users; assisting others in unauthorized access; manipulating accounts; destroying or altering information; and stealing or tampering with source code. The person committing these acts must compensate the affected individual for the damage caused. The terms like computer contaminant, virus, database, damage, and source code are defined specifically to indicate various forms of modification, destruction, or impairment of computer resources under the law. Section -43 under IT Act (2000)  [Penalty and compensation] for damage to computer, computer system, etc.–If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network,–

(a) accesses or secures access to such computer, computer system or computer network  [or computer resource];

(b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;

(c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;

(d) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;

(e) disrupts or causes disruption of any computer, computer system or computer network;

(f) denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means;

(g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder;

(h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network;  [(i) destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means;

(j) steal, conceal, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage;]  [he shall be liable to pay damages by way of compensation to the person so affected.]

Explanation.–For the purposes of this section,–

―computer contaminant‖ means any set of computer instructions that are designed–

 (a) to modify, destroy, record, transmit data or programme residing within a computer, computer system or computer network; or

 (b) by any means to usurp the normal operation of the computer, computer system, or computer network;

―computer data-base‖ means a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepared in a formalised manner or have been produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network;

―computer virus‖ means any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, data or instruction is executed or some other event takes place in that computer resource;

―damage‖ means to destroy, alter, delete, add, modify or rearrange any computer resource by any means.

―computer source code‖ means the listing of programme, computer commands, design and layout and programme analysis of computer resource in any form.

• Cyber terrorism

When the digital tools are used to carry out terrorist activity is known as “Cyber Terrorism”.

It shall be punishable with imprisonment which may extend to imprisonment for life. The IT Act 2000 provides the protection against the cyber terrorism under Section- 66, the same has been read as follows:

“66F. Punishment for cyber terrorism. – (1) Whoever, –

(A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by–

(i) denying or cause the denial of access to any person authorised to access computer resource; or

 (ii) attempting to penetrate or access a computer resource without authorisation or exceeding authorised access; or

(iii) introducing or causing to introduce any computer contaminant, and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information infrastructure specified under section 70; or

 (B) knowingly or intentionally penetrates or accesses a computer resource without authorisation or exceeding authorised access, and by means of such conduct obtains access to information, data or computer data base that is restricted for reasons of the security of the State or foreign relations; or any restricted information, data or computer data base, with reasons to believe that such information, data or computer data base so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism.

 (2) Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life.”[5]

This section defines that Cyber terrorism refers to actions carried out with the intention of threatening India’s unity, integrity, security, or sovereignty, or to instill fear among the public by:

• Blocking or disrupting authorized access to computer systems.
• Gaining unauthorized access or hacking into protected digital networks.
• Spreading malicious software or viruses that may lead to death, injuries, property damage, or interference with critical infrastructure and essential public services.
• Illegally accessing classified information related to national security or foreign affairs, with the purpose of harming India’s interests or aiding foreign groups.

Anyone found guilty of committing or planning such activities can be punished with life imprisonment.

Conclusion

The crimes in the world are not just limited to which committed in physical mode  ,with the technological advancement  the crimes are now committed online. Since the world has gone digital, we agree that it has brought some advancement in the society but we cannot ignore the fact that this advancement has also brought some risks. The cyber crimes are increasing day by day, when the one user is availing the service the other person tries to access it without the authorization and tries to commit the theft is cybercrimes. The Information Technology Act,2000 provides the protection against cyber crimes in India.

References

[1] Information Technology Act 2000 s 66

[2] Information Technology Act 2000 s 66C

[3] Information Technology Act 2000 s 66D

[4] Nasscom v. Ajay Sood & Others [2005]

[5] Information Technology Act 2000 s 66F