Law in Motion: Cyber Crimes – 13

Besides crimes like violation of privacy by publishing in an electronic form or transmitting in electronic form material which is lascivious or appeals to prurient interest, the IT Act also makes it an offence to publish or transmit material containing sexually explicit acts etc. in electronic form. Similarly, publication/ transmission of material depicting children in sexually explicit acts is also made punishable. However, in addition to mere publication or transmission, the following acts may also be ‘crimes’ in so far as children are concerned – creating text or digital images, collection of obscene material depicting children, seeking or downloading or browsing information which depicts children obscenely or even acts which advertise, promote or exchange or share or distribute such material in electronic form.

These acts are generally referred to as pornography and child pornography.

Personation using Computer Sources – The world of computers and internet and the worldwide web provides an enormous degree and scope of anonymity for the users. The flexibility of operations and ease of use and access has also spurned criminals to use the very same resources for causing harm to others. This harm may be monetary loss or loss of reputation or even ‘Cyber stalking’ or ‘Cyber extortion’ or ‘Cyber ransom.’

Since it is extremely easy to hide one’s actual identity and assume either someone else’s identity or create a fake identity, it is easy to defraud people, dishonestly. Assuming an identity is extremely easy- the identity may be of a non-existent person, or a dead person, or even of an existing person. The impersonator hides behind a wall of names and/ or numbers or email addresses or organisations or even behind persons known to you. The impersonator may even use fake or doctored photographs or audio-visual files to hide his/her true identity.

Most often, it is an impersonator trying to use identities of people who do not exist.

This provision of an offence under IT Act is an addition to the provisions of the IPC which may get invoked.

Cyber Terrorism – Besides the Unlawful Activities (Prevention) Act in India, which outlines terrorism or acts which may be construed as constituting terrorism, the Information Technology Act of 2000, has by a subsequent amendment introduced a provision on ‘Cyber Terrorism’

Section 66F: Punishment for cyber terrorism.

“(1) Whoever, —

(A) with intent to threaten the unity, integrity, security or sovereignty of India;

or to strike terror in the people or any section of the people by—

(i) denying or cause the denial of access to any person authorised to access computer resource; or

(ii) attempting to penetrate or access a computer resource without authorisation or exceeding authorised access; or

(iii) introducing or causing to introduce any computer contaminant,

and by means of such conduct causes or is likely to cause

death or injuries to persons; or

damage to or destruction of property; or

disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community; or

adversely affect the critical information infrastructure specified under Section 70; or

(B) knowingly or intentionally penetrates; or  

accesses a computer resource without authorisation or exceeding authorised access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons of the security of the State or foreign relations, or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India,

• the security of the State,

• friendly relations with foreign States,

• public order,

• decency or morality, or

• in relation to contempt of court,

• defamation or incitement to an offence, or

• to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism.

(2) Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life.”

However, the only difference between the UA(P) Act and the IT Act is that this legislation criminalises only those acts where a person/organization – variously categorised under the omnibus word ‘WHOEVER’ Creates terror in the people or any section of people by:

• denying or causing the denial of access to any person authorised to access computer resource; or

• attempting to penetrate or access computer resource Without Authorisation or ‘Exceeding Authorised Access’; or

• by Introducing or Causing to Introduce any computer contaminant.

The purpose of these acts should be to either

- Cause death or injuries to persons or

- Damage to any property, or a

- Destruction of property;

- Disruption of property, or

- Disruption or damage of supplies

- Disruption or damage of services essential to the life of the community or

- Adversely affecting critical Information Infrastructure

The other category of acts which have been categorized as cyber terror acts are as follows: -

- Accessing a computer/ computer system or resource without authorisation or exceeding authorized access;

- Accessing information from computer resources, information or data or computer database which is Restricted for reasons of foreign relations or Security of State;

- Accessing information/data/database which cause/ or are likely to cause injury to interests of the Sovereignty and Integrity of India or Security of the state, friendly relations with foreign states, public order decency or morality or in relation to contempt of court or defamation or incitement to an offence, or

- Access to information/ data or database which goes advantage to any foreign nation or group of individuals.

Cyber terrorism is punishable with imprisonment upto life.

After the advent of Internet and its wide prevalence and reach, the traditional methods of work and human interaction have changed. The means of generation of information have changed, the means of transmission of information have changed, the means of storage of information have changed, response mechanisms have changed too. These changes have impacted ordinary human beings, smaller businesses, large conglomerates, government functioning and the quality, quantity and speed of interaction among these players.

Things which in the recent past existed in smaller compartments as stand- alone bits have started getting inter-linked and integrated. The list of activities which have been impacted is virtually endless and continues to grow every day.

However, even in such an environment, certain things are more important and integrated/ inter-linked. These are what are called CRITICAL INFRASTRUCTURE. Any interference with this critical infrastructure could adversely impact lives of millions of individuals and threaten the existence of nations. Some such critical infrastructure are as follows: -

(1) Mobile Communications Networks

- Satellite based

- Fibre based;

- Microwave based etc.

(2) Communications Grids;

(3) National Power Grid and Power Transmission Grid;

(4) National Banking Infrastructure – Hardware/ Software as well as transmission channels;

(5) National Railway and Transport Networks;

(6) Seaports and Airports and their connectivity;

(7) Defence related establishments;

(8) Establishments related to Foreign Policy;

(9) Big Business Establishments Involved in Core Sectors;

(10) Health Infrastructure – Research labs and Hospitals etc.

In fact, Section 70 of the IT Act authorises the Government to declare certain things as Critical Information Infrastructure or any computer or computer system or computer network as PROTECTED SYSTEMS. Additionally, the Government may also similarly list out the names of persons who are authorised to access protected systems and the degree of access they enjoy/ are granted.

Unauthorised access of access beyond permissible limits to protected systems is punishable with up to 10 years of imprisonment.

Additionally, wherever any person who has been authorised to access any electronic record, book, register, correspondence, information, document or other material, discloses such information to any other person in breach of the confidentiality is also said to commit an offence (Section 72) which is punishable with up to 2 years of imprisonment.

Therefore, for example, any person working in any Government office or a business enterprise, who has access to information, which cannot otherwise be made public (e.g., Under RTI Act), discloses such information or sells it would have committed an offence.

Offences like cyber terrorism affect the general public at large and their impact is huge too. However, governments and organisations usually have adequate resources by way of money, men, materials and safety/ security protocols to protect themselves. Institutions can also deploy resources to investigate, track and take corrective measures to minimise the future damages.

This leaves individual users and human beings. This is the most vulnerable category of victims and the most victimised ones. Their redressal mechanisms do exist but often fail to deliver because the magnitude, quantum or seriousness of the crime is not high. Moreover, in absolute terms, the losses incurred by individual victims are miniscule as compared to those incurred by Governments or by business entities, whether big or small.

However, it is this that we would turn our attention to now.

Rupin Sharma
rupinsharma@gmail.co