On the digital trail
N. VIJAYASHANKAR
|
Is our law enforcement machinery equipped to deal with crime in the cyber world?
|
PHOTO: AFP
New frontiers: The digital age brings its own problems and solutions.
THE increasing number of cyber crime incidents being reported recently threatens to create distrust in the community over the Internet as a means of e-Business and e-Governance. Slowly, terrorism is creeping into the electronic world in the form attacks on soft economic targets, requiring an urgent tightening up of the cyber crime prevention and prosecution system.
Is our law enforcement machinery, consisting of the police, advocates and the judiciary, prepared to meet this challenge? Let us look at some recent incidents.
In the much-publicised HSBC fraud in Bangalore, money was withdrawn from the accounts of a set of customers of the bank in the U.K. A person in India had provided indirect assistance to the fraudsters by changing some of the information about the accounts. In order to proceed with the investigation, it was necessary for the police to understand the working of BPOs, the security systems used by a bank etc. The law should have empowered them to recognise the crime, arrest the suspected Indian employee of the BPO and proceed further with the investigation. In this critical test of strength, both the police and the law emerged victors.
Up to the task
The reason for the success so far in the HSBC case is that the Information Technology Act 2000 (ITA-2000) defines a crime under Section 66, which includes "Diminishing the Value or Utility of Information residing inside a Computer". The Indian accomplice could therefore be charged under Section 66 along with the others in U.K. and could be arrested for further investigation. The police used this provision to make substantial progress in the investigation. Though the investigation is yet to identify the fraudsters in U.K., neither the police nor the law has been found wanting.
Another case which is of interest to the public is the case in which a court in Chennai sentenced a person last year for offences under Section 67 of ITA-2000 (Publishing and transmission of obscene information in electronic form) along with additional sentence under sections of IPC. This case involved a message posted in a Yahoo e-group and the police had to produce the necessary evidence to convince the court that the offence was committed. Obviously, it was not possible to bring the Yahoo e-group's archives to the Court. Yet the Police succeeded in proving the guilt of the accused by using the appropriate provisions under the law (Section 65B of Indian Evidence Act) and the services of the Cyber Evidence Archival Centre. In this case, it was not only the police and the law that proved their capability for meeting cyber crime threats but the judiciary also proved that it can raise to the task of adequately responding to sophisticated cyber crimes. The judgment also established a trend whereby an offence can simultaneously be brought under ITA-2000 and one or more of other laws such as Indian Penal Code.
The above examples indicate that the Indian law enforcement system is capable of meeting the challenges posed by cyber crimes.
Ignorance and negligence
Much to the surprise of many, in most cyber crime cases that we have come across, the crimes have been facilitated by ignorance or gross negligence on the part of people holding responsible positions in the industry.
For example, a Chennai-based company reported a case of Intellectual Property theft. However, the company had itself erased the required evidence from their computer system and lost out on possible judicial remedy in the case. This is a common problem in almost all cases of cyber crimes reported from the corporate sector.
In another incident reported from Bangalore, an IT Company filed a case against one of their consultants, alleging that the consultant was engaged in commercial discussions with a competitor during the term of an exclusive consultancy contract. The company had substantiated the complaint with a copy of an e-mail allegedly received by the consultant at his private Yahoo e-mail address. Before the police could take any action, the consultant made a counter complaint about the illegal acquisition of the e-mail from his e-mail account by the company, which was an offence under Section 66. The company therefore became the accused with a self-admitted evidence against itself which it had provided along with the complaint. A case of ignorance of law which could cost the company dearly.
These incidents indicate that companies, big and small, are ill prepared to face the cyber crime risks. They need to understand the cyber law compliance requirements to safeguard the security of their information assets and their managers.
Future challenges
The next level of challenge that we are likely to face will be in the area of "Cyber Forensics". It is worth recalling that in a cyber crime case in Bangalore, the police had acted on a false complaint and even gathered what appeared to be "clinching evidence" for the crime. However, a cyber forensic expert who looked at the documents pointed out inconsistencies that the police were not aware of. The case is now waiting to be dismissed after the due process of law.
The future of scenario in India presents an interesting battle between the criminals using the latest technology and the police trying to catch up with them with their own cyber forensic tools and specialists. Hopefully the police will be able to win the war if not the battle and ensure that the "law and order situation in cyber space" in India is good enough for IT players to continue to drive our economy to greater heights.
Printer friendly
page
Send this article to Friends by
E-Mail
Magazine
