Cybercrimes

Cybercrimes are illegal activities in which computers are used as a target or a tool or in
some cases both. Cybercrimes include unlawful acts such as theft, defamation, forgery and
mischief, all these activities are subject to the Indian Penal Code. Because of easy access to
computers and technology, there has been a steep rise in cybercrimes. This necessitated the
need for a law regulating the same.

Continue reading

The Role of Cyberlaw in Cyber Security

While the words cyberlaw, security, cyberspace are in daily news and headlines, what exactly is cyber is the question we are going to answer first. Cyber is generally related to technology, computer-generated information and virtual reality. Cyberspace specifically refers to the virtual network where people communicate. Cyberspace has aided easy communication to take place across the world. It is composed of large computer networks which have many sub-networks.

Continue reading

Hate speech laws in India

Online hate speech in India is a hugely relevant topic in cyber laws right now. Thanks to the unclear definitions on what exactly hate speech is, and due to the boom in the availability of internet access and cyberspace, there has been a surge in online hate speech cases. The scenario as of now is such that it has become a part and parcel of social media and the internet. The situation is thus precarious as of now and there needs to be immediate attention on the laws surrounding online hate speech.

Continue reading

The Pegasus Spyware Controversy: Where do Indian laws stand on the issue?

The Pegasus Spyware controversy has been a huge talking point in India over the course of the past week. The issue raised several important questions on privacy of the common man and surveillance by the government. Notwithstanding the vehement denial by the Indian government of the allegations made, the spyware continues to remain a hot topic for discussion and debate. 

Continue reading

Procedure to Report Cyber Crime Online through Government Portal

By Nevin Clinton

Advancements in technology, especially in cyberspace, has brought with it a plethora of advantages that makes day-to-day life easier. Features that were unimaginable in the past are now just a click away. However, there are several dangers that are associated with cyberspace as well and the number of cyber crimes are growing rapidly around the world.

What is a cyber crime?

Cyber crime is any crime that involves the use of cyberspace or computers. A computer or a network of computers could be used either as a tool to achieve the end of a criminal activity or they could be the target. All crimes that are covered under the Indian Penal Code will therefore fall under the purview of cyber crime if there is the use of computers involved.

Cyber Crime Laws in India

Cyber Crime has a rather unique position in the Indian legal system. Both the Indian Penal Code and the Information Technology Act, 2000 govern it. There are some provisions that overlap while there are some that are unique to the latter act. In cases where there is an overlap and provisions from both statutes apply, it is those of the more specific IT Act that come into force if there is an involvement of cyberspace.

How to report a cyber crime online?

The Ministry of Home Affairs has a portal called the National Cyber Crime Reporting Portal where a citizen of India can report a cyber crime. The portal was brought in to ensure that complaints on cyber crime are reported and registered in quick time. The focus of the portal is aimed towards protecting women and children in particular, but general complaints can also be made. Once a complaint is made, it will be directed to the police authority that has jurisdiction to investigate.

For better and more focused reporting of complaints, the MHA has listed 24 broad cyber crimes. These include child pornography, cyber bullying, cyber stalking, credit card fraud, spamming, phishing, data breach, online drug trafficking, and more. 

So to report any cybercrime, one has to follow these steps

  • Go to the National Cyber Crime Reporting Portal (https://cybercrime.gov.in/
  • Click on ‘File a Complaint’
  • Accept the terms that pop up confirming that all facts that you state are true to the best of your knowledge.
  • You will then have two options – Reporting cyber crimes relating to women and children, and other cyber crimes.
  • After clicking on the category, you will be directed to a page where you will have to provide details about the incident. Fill up the details including your state, place of occurrence of the incident, photo proof, and a complete description of the crime. You will then be directed to a page where you will have to provide any information that you might have on the suspect(s). After you submit the same, your complaint will be registered.
  • Note that for crimes involving women and children, you can choose to report them anonymously. For others, you will have to provide details about yourself by signing in.
  • Finally, you must provide as much information as possible for the authorities to take swift action.

What happens after a complaint is made?

After a complaint is made on the portal, the police authorities in the concerned state receive it and will decide on how to proceed with it. This is why filling up the correct state or UT while filing a complaint is important. In cases where the location of occurrence of the crime is not known such as child pornography, one can select his/her own residence as the state. The police in the said state will then investigate and direct the complaint to police of the state where they have jurisdiction.

Conclusion

Statistics from Norton Lifelock show that 27 million Indian adults fell victim to some form of cyber crime in 2020. Further, more than 50% of Indian adults are said to be unaware of how to keep themselves safe in cyberspace. Therefore, it is imperative for each citizen to always stay alert while using computers. The government can help as well by helping in educating and protecting its citizens. The aforementioned portal for filing complaints on cyber crime is a good step in this regard as it helps in quick reporting and tracking of cases while also granting the option of anonymity for the complainant. Due to the same, citizens must be made aware of the existence of this portal and such awareness can aid in curbing cyber crime to some extent at least.

Section 66A of the IT Act: Unconstitutional provision that continues to be invoked

By Nevin Clinton

The Information Technology Act, 2000 (hereinafter referred to as IT Act) is among the most important pieces of legislation in India that is only growing in importance by the day. In today’s digital world, especially during the times of the COVID-19 pandemic, attachment to cyberspace or the internet has become part and parcel of life. Alongside the obvious positives that come with advancements in technology relating to cyberspace, there are several inherent dangers as well.

Freedom of online speech and Section 66A

In the context of social media, a key question that has been concerning lawmakers and courts for quite some time now is that of freedom of speech. When the IT Act was framed, there was a provision added to restrict sending ‘offensive messages’ online. This was given in Section 66A which stated that the following acts would be punished with imprisonment up to three years and fine:

  • Sending grossly offensive information or information having a menacing character
  • Sending false information with an intention to cause ill will, inconvenience, annoyance, danger etc. 
  • Sending emails that mislead, annoy or cause inconvenience to the receiver

The landmark Shreya Singhal case

Once Section 66A came into being, several cases were filed under it for violating its provisions. While the provisions did seem fair enough, cases of exploiting them in order to punish online speech that was either innocuous or satiric started to rise. This led to several lawyers and organizations questioning the validity of how the provisions of the section were being construed and implemented. 

A series of writ petitions were then filed by lawyer Shreya Singhal along with NGOs like PUCL, and companies like mouthshut.com. In a landmark judgment that changed the landscape of online speech, a two-judge bench deemed Section 66A to be unconstitutional as it violated the right to freedom of speech and struck it down. Despite arguments from the other side that the section would come under ‘reasonable restrictions’ to the right, the court ruled that the same would not apply. The section was deemed to be too vague and not narrow enough to constitute a reasonable restriction. The judgment received largely positive reception from journalists, lawyers and people alike. 

The situation post the Shreya Singhal judgment

Despite the fact that the Shreya Singhal judgment clearly deemed Section 66A to be unconstitutional, it continued to be invoked with more than 700 cases pending at present. The lack of communication to police officers and the lack of publicity about the exact section and its striking down led to the same. Apart from police officers, even lower courts and trial court judges were unaware of the ramifications of the Shreya Singhal judgment. This was brought to the attention of the Supreme Court in 2019 and the Court asked DGPs in all states to publicise and expressly convey to the entire police force that Section 66A was struck down. Despite this direction, there were still cases of the section being used. 

One of the key reasons for this situation arising was the fact that the section was not removed from the bare text of the IT Act. It was only mentioned in the footnotes that the Shreya Singhal judgment deemed it unconstitutional. This could have been prevented by either completely taking out the section or mentioning the unconstitutionality in the bare text itself (through brackets) instead of just the footnotes. 

The situation at present

Much like the SC direction in 2019, yet another direction has arrived now in July, 2021 wherein the Court has advised all states to not register cases under Section 66A. The issue was once again brought to the SC’s attention by PUCL which had also been one of the parties in the Shreya Singhal case and this time the Court has made it amply clear that there should strictly be no more invocation of Section 66A. Therefore, as of now, the section is not in force and there can be no cases registered under it. But it still remains to be seen if this direction will be strictly complied with and if a situation similar to the previous direction in 2019 doesn’t arise. 

Withdrawal of safe harbour for failure to comply with IT rules: What it means for Twitter and its users

Nevin Clinton, Flywork.io TeamFlywork.io. 

    There is a huge conflict that has been brewing for quite some time between American social networking giant Twitter and the Indian government. A lot of this has to do with the failure of the company to comply with certain provisions of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (hereinafter referred to as ‘IT Rules’). This has led to the government withdrawing ‘safe harbor’ provisions under the Information Technology Act, 2000 (hereinafter referred to as ‘IT Act’) for Twitter, meaning that the site will now be directly responsible for all the content that it displays. News portals including ANI and the Minister for Law & Justice, Communications, Electronics, and Information Technology Ravi Shankar Prasad have confirmed the same and this could have a plethora of serious implications.

What caused the current standoff?

    First and foremost, it is essential to understand was the situation before the current standoff. Twitter was officially recognized by the Indian government under Section 79 of the IT act as an ‘intermediary. An intermediary can’t be held liable for information that is provided or made available on its platform unless the platform itself initiated the said information in question.

    The IT Rules were then announced in February 2021. With various other obligations like identifying the originator of particular content and taking down flagged content, it required all technology companies in India to appoint three officers. This was because of increasing cases of false information, rumours, and propaganda being spread on social media. It was mandated that these three people who are appointed – a chief compliance officer, nodal officer, and grievance officer must be Indian employees of the company. There was also a warning issued by the central government that if this rule was not complied with, the companies would lose their status as an intermediary with the possibility of a criminal action also being open in case of complaints being filed.

    After this ruling, tech companies like WhatsApp and Google complied with the IT rules and appointed the three officers. Twitter however did not do so and asked for more time. Even after the completion of the extra time allotted, Twitter appointed just one person as a nodal and grievance officer. Further, it was alleged by the government that the person appointed was not an employee of the company but was clarified to be a contractual employee. But with no appointment of a grievance officer, the company lost its status as an intermediary.

What this means for Twitter and its users?

   The withdrawal of the ‘safe harbour’ status of an intermediary has serious implications for Twitter. The platform is now open to a lot of penal action as it will become responsible for its users' posts. Let’s say there is a tweet that is put up by an anonymous account defaming the government. Twitter will then be responsible for the tweets and liable for penal action. However, this does not mean that the user won’t be responsible. Nothing changes with regard to the responsibility of Twitter users, but there is an added responsibility on the site and a huge one at that.

After the statements by Minister Ravi Shankar Prasad, actions against the company have already started in full swing. One such action came about on the 16th of June when an FIR was filed against Twitter for not removing ‘misleading tweets’ that incited communal disharmony with regard to an incident where a Muslim man was allegedly beaten up at Loni in Uttar Pradesh. 

What next?

      It is expected that Twitter will comply with the IT Rules very soon as the burden of appointing a compliance officer is far lesser than being responsible for each and every tweet on the site. There could be sanctions for the delay in the appointment for Twitter and till the same is done, it will not be recognized as an intermediary, meaning that it will be exposed to action that can be taken for the content on its site. Therefore, the quicker Twitter acts, the more damage it will save itself from. This saga has turned out to be one with serious implications and it remains to be seen how it pans out in the future. 

Let the qualified curated professionals at Flywork.io assist you to resolve any legal and allied issues. For more details visit us at Flywork.io.

My Email Account was Hacked!

My email account was hacked. Can I take legal action against the hacker?

 

If you ask me what one of my worst fears is today, I would say it is “this username and password does not match.” Every time I misspell my password I have this latent fear that my account has been hacked. We have all had friends posting on Facebook saying that their account has been hacked and the “hacker” has been posting things (often objectionable) from their profile.

 

With everyone realising the power of the Internet it has become nothing less than a second identity, and when this is stolen it is no less than theft. At times the email accounts get hacked by viruses and this is generic without any specific reason, for instance, just by clicking on a link a website starts posting on your behalf. These cases are of a less serious nature and a mere changing of passwords is enough. The real problem begins when the account is hacked by someone who does so with a mala fide intention, be it revenge, hatred or sadistic pleasure. It gets even more serious when the accounts of public figures get hacked and their confidential information is leaked or worse the hackers post on their behalf to the multitude of fans that take their word as gospel.

 

Now, how does an account get hacked? There are more ways than one to hack into an account, be it an email account or a social networking account. The first and the obvious would be, when one divulges his or her password to another person, this usually is one of the weapons people use for revenge. Forgetting to log out from public computers is another big factor. The more technologically based processes of hacking are that of Phising, Cookie Hijacking and Keylogging. Phishing is, when a person is made to provide information online about oneself (name, address, passwords, bank details etc.) on the faith that the information has been sought by a valid website, where in reality it is a fake one created in order to use the information provided, for identity theft. Cookie Hijacking is the process of using the user data stored in someone’s computer to get information about their online accounts. Keylogging, is a more sophisticated means of hacking, where the hacker with the use of certain software and hardware can know your passwords by the keys you type on your computer.

 

I got all this information from a not so difficult research, and there were even websites that showed how to hack. Hacking is much easier and simpler than it seems to be, and the internet provides all the help that you need. This is the reason that laws need to have a deterrent effect on the practice of hacking.

 

If you start to think that this post will just advice you to keep your password protected, then you are mistaken, because the Information Technology (IT) Act of 2000 does provide legal remedies to sue a hacker.

 

Section 66 of the Information Technology Act deals with the offence of ‘hacking with a computer system’. It starts with ‘whoever with the intention to cause or knowing that is likely to cause’, showing that mens rea is needed in order for this to be an offence .The act is of causing loss and damage wrongfully, to people in general or to a specific person in particular by altering any information without the person’s consent or knowledge .The accesses to the persons account must be secured by the dishonest means and should cause some serious injury to the victim. Sub-section (2) states that the punishment would be imprisonment of up to three years or a punitive fine of up to two lacks and or both. This shows that the Indian courts do take the crime of hacking very seriously and the harsh punishment is almost equivalent to theft.

 

       On similar lines Section 66C of the Act deals with the Punishment for identity theft. According to this section the dishonest use of an electronic signature[i] or password could result in imprisonment of either description for a term, which may extend to 3 years and fined up to 1lakh rupees.

 

On the question of where to file a complaint: most states have their cybercrime cell websites, where you can file a compliant, with the required documents. A simple Google search can help you to locate the contact details of the correct cyber crime cell that is designated for your jurisdiction.

 

If you think that the Indian legal system has not woken up to cyber crime then that opinion should be changed. The question is how effective is the crime control mechanism. There are laws, but is the police-force deft enough to combat terrorists who are up-to-date in cyber crime warfare? Can these same provisions apply to criminals that infiltrate government security systems and cause grave danger to the country?  With most of the classified data being processed online, the cyber cell has to be more alert and cautious in order to combat this new threat. Cyber crime is not just related to hacked Facebook accounts it goes much deeper and to graver incidents which can have far reaching consequences for an individual person or a nation as a whole. As for people like you and me we should keep our friends close and our online accounts closer.

 

 

 

[i] An electronic signature is something that binds the document sent to the person who sent it. An electronic signature can be anything from one’s name typed out or a virtual copy of one’s own signature.

My email account was hacked. Can I take legal action against the hacker?

 

If you ask me what one of my worst fears is today, I would say it is “this username and password does not match.” Every time I misspell my password I have this latent fear that my account has been hacked. We have all had friends posting on Facebook saying that their account has been hacked and the “hacker” has been posting things (often objectionable) from their profile.

 

With everyone realising the power of the Internet it has become nothing less than a second identity, and when this is stolen it is no less than theft. At times the email accounts get hacked by viruses and this is generic without any specific reason, for instance, just by clicking on a link a website starts posting on your behalf. These cases are of a less serious nature and a mere changing of passwords is enough. The real problem begins when the account is hacked by someone who does so with a mala fide intention, be it revenge, hatred or sadistic pleasure. It gets even more serious when the accounts of public figures get hacked and their confidential information is leaked or worse the hackers post on their behalf to the multitude of fans that take their word as gospel.

 

Now, how does an account get hacked? There are more ways than one to hack into an account, be it an email account or a social networking account. The first and the obvious would be, when one divulges his or her password to another person, this usually is one of the weapons people use for revenge. Forgetting to log out from public computers is another big factor. The more technologically based processes of hacking are that of Phising, Cookie Hijacking and Keylogging. Phishing is, when a person is made to provide information online about oneself (name, address, passwords, bank details etc.) on the faith that the information has been sought by a valid website, where in reality it is a fake one created in order to use the information provided, for identity theft. Cookie Hijacking is the process of using the user data stored in someone’s computer to get information about their online accounts. Keylogging, is a more sophisticated means of hacking, where the hacker with the use of certain software and hardware can know your passwords by the keys you type on your computer.

 

I got all this information from a not so difficult research, and there were even websites that showed how to hack. Hacking is much easier and simpler than it seems to be, and the internet provides all the help that you need. This is the reason that laws need to have a deterrent effect on the practice of hacking.

 

If you start to think that this post will just advice you to keep your password protected, then you are mistaken, because the Information Technology (IT) Act of 2000 does provide legal remedies to sue a hacker.

 

Section 66 of the Information Technology Act deals with the offence of ‘hacking with a computer system’. It starts with ‘whoever with the intention to cause or knowing that is likely to cause’, showing that mens rea is needed in order for this to be an offence .The act is of causing loss and damage wrongfully, to people in general or to a specific person in particular by altering any information without the person’s consent or knowledge .The accesses to the persons account must be secured by the dishonest means and should cause some serious injury to the victim. Sub-section (2) states that the punishment would be imprisonment of up to three years or a punitive fine of up to two lacks and or both. This shows that the Indian courts do take the crime of hacking very seriously and the harsh punishment is almost equivalent to theft.

 

       On similar lines Section 66C of the Act deals with the Punishment for identity theft. According to this section the dishonest use of an electronic signature[i] or password could result in imprisonment of either description for a term, which may extend to 3 years and fined up to 1lakh rupees.

 

On the question of where to file a complaint: most states have their cybercrime cell websites, where you can file a compliant, with the required documents. A simple Google search can help you to locate the contact details of the correct cyber crime cell that is designated for your jurisdiction.

 

If you think that the Indian legal system has not woken up to cyber crime then that opinion should be changed. The question is how effective is the crime control mechanism. There are laws, but is the police-force deft enough to combat terrorists who are up-to-date in cyber crime warfare? Can these same provisions apply to criminals that infiltrate government security systems and cause grave danger to the country?  With most of the classified data being processed online, the cyber cell has to be more alert and cautious in order to combat this new threat. Cyber crime is not just related to hacked Facebook accounts it goes much deeper and to graver incidents which can have far reaching consequences for an individual person or a nation as a whole. As for people like you and me we should keep our friends close and our online accounts closer.

 

 

 

[i] An electronic signature is something that binds the document sent to the person who sent it. An electronic signature can be anything from one’s name typed out or a virtual copy of one’s own signature.