Published On: 30th June, 2024
ABSTRACT
Modernization in India translated into the use of information technology and over 560 million people are connected to the internet increasing the rate of hacking, identity theft, phishing, cyberstalking, cyber fraud, and cyber pornography cases. The primary legislation to fight these crimes is the Information Technology Act of 2000 of India (IT Act), supported by the Indian Penal Code and other laws such as the Companies Act, 2013, and National Cyber Security Policy, 2013. Section 66 deals with hacking, Section 67 deals with obscenity, Section 69 deals with interception of computer data, and Section 43A in relation to data privacy all these provisions are meant to govern and penalize cyber-related incidences. However, there are within the mentioned legal framework certain obstacles that hinder cybersecurity enforcement effectively; these are concerns of jurisdiction, legal awareness, lack of enough technical personnel among law enforcement agencies, and the dynamic nature of cyber threats.
Heavier incidents like the Aadhaar data leak in 2018 and the recent Twitter hack in 2020 are some of the contemporary examples of how global and severe the cybercrime world is, thereby underlining the need for proper data protection law as well as proper safeguards. In response, the Indian government has proposed the Data Protection Bill to strengthen the privacy of the country and to issue cybersecurity guidelines to the sectors that are relevant. Several times, public-private cooperation is fostered to create new strategies and contribute information and threats. Prevention is also complex and should involve awareness, improving the strength of cyberspace, ensuring that different stakeholders work together, and constant amending of laws. Cybersecurity must become a priority and society needs to be made ready to have a secure digital environment.
This article takes a close look at the laws in India that deal with cybercrime, discussing the main legislations, the difficulties in enforcing them, and recent changes. Through examples and policy talks, it shows why a strong and flexible legal system is needed to fight cyber threats effectively. The article also highlights the importance of preventive measures and best practices to keep India’s digital space safe.
Keywords: Modernization, Information Technology, Internet, Hacking, Identity Theft, Phishing, Cyber Stalking, Cyber Fraud, Cyber Pornography, Information Technology Act, Indian Penal Code, Companies Act, National Cyber Security Policy, Section 66, Section 67, Section 69, Section 43A, Cybersecurity, Aadhaar data Leak, Twitter Hack, Data Protection Bill, Public-Private Cooperation, Digital Economy, Cybercrime.
INTRODUCTION
India being one of the emerging economies in the digital world has experienced a giant leap in the growth of its Internet-using population. This has impacted drastically the way people communicate, conduct businesses, and in the overall governance systems. Nevertheless, as societies progress and exploit these devices possible threats have risen as well, among which includes cyber security. Terrorism as the mere use of computer technologies to perpetrate unlawful activities against persons, firms, or establishments in India has pervaded. From hacking attacks on critical organizations to small-scale frauds like fake identity theft these crimes target heterogenic systems and quite often have a cross-border nature, making jurisdiction a difficult issue for police to handle. Information technologies are dynamic in nature and this puts constant pressure on the legal and regulatory structures to be able to respond to these threats effectively.
The blueprint of the strategy is defined under the Information Technology Act, 2000 (IT Act) as the legal framework that empowers the fight against cybercrimes. Together with the Indian Penal Code and the Code of Criminal Procedure as well as the laws related to particular fields, the IT Act defines legal authority and steps concerning cyberspace activities and the measures provided for it. However, the implementation of these legislative frameworks has its major challenges as a result of the following triggers. Some of the challenges include a lack of acquaintance among the stakeholders regarding the cyber laws that are in existence, inadequate technical competent force among the enforcement agencies, and the ever-emerging innovations in the technological arena.
With this background, the author proceeds to discuss the cybercrime situation in broad terms in India with regard to a critical evaluation of the legal systems and structures, enforcement issues, case studies, recent legislative developments, and the existing strategies for combating cybercrime. All of these facets seek to understand the current character of cybercrime in India and emphasize the necessity for resilient protective strategies highly relevant and capable of evolving to continually guard this digital frontier for the nation’s progress.
MEANING AND FORMS OF CYBERCRIME
Cybercrime can be defined as a criminal activity that uses computer and/or telecommunications devices and/or the internet as a tool of operation. These include activities that are made with the purpose of harming people, companies, or even authorities, and such malicious operations take advantage of known vulnerabilities within the digital world to perform different unlawful deeds. The types and forms of cybercrime can vary widely, but some common categories include: The types and forms of cybercrime can vary widely, but some common categories include:
- Hacking: Computers are penetrated by unauthorized persons with a view to acquiring information, altering it or deleting it, with the aim of defrauding or paralyzing organizations.
- Phishing: Unsolicited attempts to lure people to divulge confidential details (like passwords, credit card details, or social security numbers) exploiting an organization’s name and/or logo via emails, messages, or fake sites.
- Malware: Files such as viruses, worm, Trojan, ransomware, and spyware that are fashioned to enter or corrupt a computer program.
- Identity Theft: The act of stealing identity documents (or PIN numbers, passwords, and social security numbers) with the aim of mimicking a real person for the wrong reasons like accessing other people’s accounts to make unauthorized withdrawals, or when obtaining credits.
- Cyberstalking: Repeatedly using one or many forms of digital media communication, like social media, emails, or Messaging applications, to threaten or intimidate one or many victims.
- Online Fraud: Other related frauds that are perpetrated via the internet to compel the victim to make payments or entrust the fraudster with personal information such as internet auction fraud, investment scams, or scam charities.
- Data Breaches: Illegal or unlawful breaching into an individual or company’s computer systems to access or disclose private and sensitive information like identification details, credit card details, account info, etc., which results in violation of privacy, theft, or even contracts.
Such cybercrimes demonstrate that digital technology can be used in a number of ways for the commission of a crime. At the same time, the techniques and levels of organizing cybercrimes are also constantly increasing, which makes this field a problem for law enforcement agencies, IT specialists, and ordinary people trying to protect themselves from cyber threats.
CYBERCRIME IN PREVIOUS YEARS
According to the stress for the year 2022, India has recorded an urgent supplement in cybercrime, which recorded a 24% upturn over the above-mentioned period. The National Crime Records Bureau (NCRB) reported that a sum total of 65,893 incidents that fell under cybercrime happened, as against 52,974 in 2021. The main causes of these acts were fraud and, counting for equivalent to 8 percent of cases with 42,710 reported cases, seconded by highway robbery at 5. Five percent, 3,648, on the other hand, involved sexual exploitation at 5 percent. To be precise, the age group accounts for about 2 percent with 3,434 cases. [i]
Cybercrime is a growing threat in the Indian Territory affecting numerous people and organizations positively. From the latest records by the National Crime Records Bureau (NCRB) of the same year, the cybercrimes committed in the year 2023 itself resulted in a fiscal loss of ₹66. 66 crore rupees lax was incurred due to 4,850 reported cases. A report by the Indian Cybercrime Coordination Centre (I4C) stressed the fact that digital fiscal frauds had become rampant and estimated the magnitude to be a staggering ₹1. It has been pointed out that the current outstanding non-food credit is Rs 25 lakh crore over the once three times. The National Cybercrime Reporting Portal (NCRP) estimated actual losses of more than 103.19 billion rupees in the year 2023 because victims were duped into falling for online fiscal scams. Also, the Administrative Standing Commission on Finance noted profound domestic embezzlement estimated at ₹ 2,537. 35 crores by just overseeing realities in FY ’23 alone. Likewise, a stunning6. This situation was demonstrated by 94 lakh complaints entered in 2023, enveloping the magnitude and rigidity of cybercrimes in India. [ii]
Indian cyberspace is among the most endangered as per the parameters of global cybercrime with the ranking of the tenth position encyclopaedically. The developing sort of cybercrime was fraud patterns motivating advanced figure remunerations, as unveiled in the current world cybercrime index. This index is obtained from a transnational gang of experimenters and classifies states based on a range of cybercrime contracts like malware, ransomware, credit card fraud, scams, and illicit crypto-processes.[iii]
CURRENT SCENARIO OF CYBERCRIME IN 2024
In early 2024, 20% of internet users in India faced cyber threats, with 22.9% encountering web-borne threats and 20.1% affected by local threats, as highlighted by Kaspersky. These threats primarily exploit vulnerabilities in browsers and social media platforms.[iv]
From January to April 2024, Indian citizens reported over Rs 1,750 crore in losses due to cybercrimes, with more than 741,000 complaints filed on the National Cybercrime Reporting Portal under the Ministry of Home Affairs. The Indian Cyber Crime Coordination Centre (I4C) noted a significant increase in daily complaints, reaching 7,000 in May 2024. This marks a 113% surge from 2021 to 2023 and a 60.9% rise from 2022 to 2023, predominantly involving financial online fraud, which accounted for 85% of complaints.
Operated by the Ministry of Home Affairs, I4C plays a vital role in coordinating efforts against cybercrimes. Despite the increase from 260,495 complaints in 2019 to 1,556,218 in 2023, the first four months of 2024 alone saw 740,957 complaints. Common cybercrimes reported included online investment scams, gaming app frauds, illegal lending apps, sextortion, and OTP scams, resulting in trading scams causing losses of Rs 1,420 crore across 20,043 cases and digital arrests totaling Rs 120 crore from 4,599 cases.
Investment scams alone accounted for losses of Rs 222 crore from 62,687 complaints while dating app-related frauds caused Rs 13.23 crore losses from 1,725 complaints. [v]
LEGAL FRAMEWORK IN INDIA
India’s system of addressing digital crime is grounded in the Information Technology Act, of 2000 which has been amended to keep pace with technological developments. Major vittles of the IT Act are:
- Section 66: Penal provision for hacking and data theft. It prescribes jail terms and fines for illegally accessing computer resources.
- Section 67: Discipline for publishing or transmitting stag material in electronic form. This attracts imprisonment and penalty fees imposed on offenders.
- Section 69: Government powers of interception, monitoring and decryption information, etc., if security purposes require it. This provides the legal basis for surveillance in the interest of national security.[vi]
- Section 43A: Compensation for failure to protect personal data. Organizations can be held liable to compensate individuals if they do not adopt reasonable security practices.[vii]
Apart from the IT Act, there are other laws that also deal with cybercrime.
- Indian Penal Code (IPC): Several sections related to IPC are used along with IT Act to prosecute cybercrimes. For example, sections about cheating, fraud, and criminal intimidation are often invoked during cyber-crime investigations.
- Companies Act, 2013: This act includes provisions related to cybersecurity within the corporate governance framework which is integrated into the Companies Act Compliance Checklist.
- National Cyber Security Policy, 2013: A policy framework whose goals are to protect public and private infrastructure from cyber threats and build a safe cyber ecosystem.
CHALLENGES IN ENFORCEMENT
In spite of having an ample legal system, multiple obstacles do not allow the implementation of cybercrime laws in India:
- Jurisdictional Issues: Usually, cybercrimes move among different states, which results in jurisdictional problems. It is almost impossible to investigate and persecute those from other countries.
- Lack of Awareness: Many individuals and organizations are not acquainted with cyber laws and their rights. Consequently, there is a small number of cybercrimes that are reported to the authorities, and even preventive measures despite their existence still haven’t been the subject of the necessary monitoring processes.
- Technical Expertise: The majority of law enforcement agencies do not acquire the technical skills that are vital for them to function properly and, therefore, successfully investigate and prosecute cybercrimes. The issue can be resolved if law enforcement agencies provide the training that is essential to close this particular gap.
- Evolving Nature of Cybercrime: The progress in technology moves at such high speed that legislation can hardly catch up with it. Cybercriminals always invent new ways of exploiting weaknesses; hence the need for continuous updating of legal provisions.
RECENT DEVELOPMENTS AND CASE STUDIES
To bring out the variations and nuances of cybercrime in India, the following case studies bring into focus some of the major incidents and the corresponding legal measures:
Case Study 1: The 2018 Aadhaar Data Breach
In 2018, the Aadhaar data breach in India was committed, resulting in the leakage of millions of people’s personal information. Such a breach was the first major flaw in the protection of digital data and also a possible threat to privacy and security. The case took a legal turn, based on the data protection concept, and made it compulsory to implement more stringent data protection statutes. The past year not only witnessed the necessity of augmenting the security means but also prompted the legislation that strictly ruled data protection.
Case Study 2: The 2020 Twitter Hack
During the year 2020, an organized cyber assault was perpetrated on Twitter that had celebrities, politicians, and business leaders among its victims. The account holders that were targeted by the hackers were used to launch a cryptocurrency scam, and as a result, the responsible individuals were able to achieve large financial gains regardless of the damage that was inflicted upon their social standing. This international situation has presented the flow and burden of cybercrimes in every direction, hence the immediate requirement for international cooperation and stringent cybersecurity measures has been confirmed.[viii]
Legislative Amendments and Policy Initiatives
By reacting to the continuously changing cyber threat landscape, the Indian government initiated the following amendments and policy initiatives:
- Digital Data Protection Bill, 2023: A bill presented that promises safeguarding of personal data and privacy protections along with other amendments. The bill sets out data processors’ obligations as well as the creation of a Data Protection Authority.[ix]
- Cybersecurity Guidelines for Critical Sectors: Special rules and templates for areas such as banking, telecommunications, and energy to upgrade their cybersecurity system.
- Public-Private Partnerships: Incentivizing ties between government departments, corporate entities, and academia to help with the development of new approaches and the sharing of threat intelligence.
PREVENTIVE MEASURES AND BEST PRACTICES
It is necessary to have the combination of public awareness, systems with stronger infrastructure, and political measures and attitudes important to cause cybercrimes to be ineffective. The major preventive measures and best practices are as follows:
- The exercise of the Public Awareness Campaigns: Protection of people from online fraud, best practices on safe online activities, and the rights they have under the law. Public awareness programs can help individuals and businesses acknowledge and treat the vulnerabilities they may face.
- Reinforcing Cyber Infrastructure: Improving the safety of critical digital systems, such as the networks of the government & non-banking financial institutions, and telecommunications. Frequent security assessments and vulnerability tests are a must.
- Cooperation and Data Exchange: Uniting government agencies with the private sector and international bodies to work together. The knowledge sharing of the threat landscape and the best practices involved can contribute to the fast detection and mitigation of threats of cybercrime avoiding suspicious links and attachments.
- Regular Updates to Legislation: Always updating the law to meet the new or advanced cyber threats. In the last few years, cyber threats have become more and more rapid, thus, legislative frameworks are more and more robust and adaptive to the constantly changing cyber landscape.
- Capacity Building for Law Enforcement: The main area of investment in the police force which includes skills and tools for cybercrime prosecution.
- Cyber Hygiene Practices: The foremost endeavor to drive common practices including the usage of strong passwords, regular software updates, and avoidance of dubious links and attachments.
CONCLUSION
With such a rapidly growing population getting online with internet connectivity, the problem of cybercrime which is defined as hacking, identity theft, phishing, and cyber fraud has also become rampant in India. As for the main law regulating these crimes, there is the Information Technology Act 2000, combined with the Indian Penal Code and other laws. Section number 66 is for hacking, number 67 is for obscenity, number 69 is for interception of data and number 43A is for privacy of data. But these laws are rarely enforced because of the limitation of jurisdictions, lack of awareness, not enough technical manpower, and also since the threats featuring in the cyber world evolve faster. As the Aadhaar data breach and Twitter hack prove, these threats are very real and extremely dangerous. To meet this, the Indian government has introduced the Data Protection Bill which lays down cybersecurity policies for sectors with infrastructure. It is also seen that there is increasing interest in entering a public-private partnership for the purpose of creating more new solutions and identifying and sharing information. There is a necessity to enhance cybersecurity to ensure the critical field that helps to strengthen the economy and social well-being.
REFERENCES
[i] Indian Express, https://indianexpress.com/article/india/rise-cybercrime-2022-economic-offences-ncrb-report-9053882/ (Last Visited: 25th June 2024).
[ii] The Hindu, https://www.thehindu.com/sci-tech/technology/digital-financial-frauds-in-india-a-call-for-improved-investigation-strategies/article67988607.ece (Last Visited: 25th June 2024).
[iii] The Economic Times, https://economictimes.indiatimes.com/tech/technology/india-ranks-number-10-in-cybercrime-study-finds/articleshow/109223208.cms?from=mdr (Last Visited: 25th June 2024).
[iv] The Hindu, https://www.thehindu.com/sci-tech/technology/20-indian-users-fell-victim-to-cyber-threats-in-the-first-quarter-of-2024-finds-study/article68196110.ece (Last Visited: 25th June 2024).
[v] Business Standard, https://www.business-standard.com/india-news/here-is-how-much-indians-lost-to-cyber-frauds-between-jan-and-apr-of-2024-124052700151_1.html (Last Visited: 25th June 2024).
[vi] IT Act, 2000, Section 66,67,69, Chapter 11, Acts of Parliament (No. 21 of 2000) (India).
[vii] IT Act, 2000, Section 43A, Chapter 9, Acts of Parliament (No. 21 of 2000) (India).
[viii] UpGuard, https://www.upguard.com/blog/biggest-data-breaches (Last Visited: 26th June 2024).
[ix] PRS India, https://prsindia.org/billtrack/digital-personal-data-protection-bill-2023 (Last Visited: 26th June 2024).