“A 350 percent increase in phishing websites was reported in the first quarter of the year, many targeting hospitals and health care systems and hindering their work responding to the COVID-19 pandemic”, the UN counterterrorism Chief Vladimir Voronkov said. “In many parts of the world, terrorists are exploiting local grievances and poor governance to regroup and assert their control.”
Fast paced technology has induced us to adapt to modern methods of transactions, business deals, and even dating. The impossibility to isolate ourselves technologically Cyber Crimes, or crimes committed with the help of a computer device, is not a new phenomenon, and the sight of newspapers covering people being duped by scammers has made us ponder over the present situation of cyber laws in India.
The term ‘cybercrime’ can be traced back to early eighties when the horizons of internet started expanding to unknown ends and the Worm of the 88[i] can be rightly given the status of the first registered cybercrime ever committed.
The phenomenon of crime by computer can be divided into four focal periods-
- The first period can be called the discovery period which spanned roughly from 1946-1976 and the focus of attention was on describing the computer abuse phenomenon.
- The second period can be characterized as the criminalization period. The principal activity during this period (1977-1988) was concentrated on correcting numerous deficiencies on the criminal law.
- The third period revolved around demonization of the hacker. The five year period was characterized by an intensive law enforcement effort to identify, apprehend, and sanction those who are often pejoratively referred to as hackers and crackers.
- The fourth period is the present one and which can be labelled as the censorship period. As a result of the explosive growth of the internet, the current focus of attention has been directed towards limiting the access of computer users to various dangerous material currently available on the Web, such as collection of sexually explicit writings, pornographic pictures and information on violence and terrorism.
Jurisdictional theories pertaining to cybercrimes
There are various theories of jurisdiction. They are as under:
- Territoriality Theory
The main and most common principle is the territoriality principle which in its most simple form means that a sovereign state has the authority to judge criminal acts that have been committed in its territory. But in order to apply this theory it is necessary that the place where the crime is committed is established.[ii]
- Nationality Theory
The nationality theory, also referred to as Personality theory, recognizes that a sovereign state can adopt criminal laws which govern the conduct of the sovereign’s nationals while outside of the sovereign’s borders. The nationality principle has the effect of allowing a sovereign to adopt laws that make it a crime for its nationals to engage in conduct that is not illegal in the place where the conduct is performed. This theory is dealt with in two ways:
i. Active Nationality Theory:
This theory recognizes that a state can prosecute and punish its sovereign nationals for a crime committed by them outside its territory. A state may exercise criminal jurisdiction over its nationals on the basis of their active nationality.
ii. Passive Nationality Theory:
The passive nationality theory recognizes that a sovereign can adopt criminal laws that apply to conduct of foreign nationals who commit crimes against the sovereign’s nationals while the sovereign’s nationals are outside of the sovereign’s territory.
- Protection Theory
The protection theory recognizes that a sovereign can adopt a statute that criminalizes conduct that occurs outside of its borders when that conduct affects the sovereign itself. Under that principle a nation can adopt laws that make it a crime to engage in an act that obstructs the function of government or threatens its security as a state without regard to where or by whom the act is committed.[iii]
- Universality Theory
The Universality theory recognizes that a sovereign can adopt criminal laws that apply to conduct performed by any person anywhere in the world when the conduct is recognized by nations as being of universal concern.[iv]
- Derived Jurisdiction Theory
This is not an independent basis for jurisdiction. A state that has no jurisdiction over certain acts according to its national laws or case law and embodied principles, may assume jurisdiction if the state that has jurisdiction so determines. This can be done in the form of a formal request or on the basis of an international treaty.[v]
The position of Indian laws on cybercrimes
Cybercrimes were initially covered under the key criminal code of India-the Indian Penal Code. However, after the enactment of Information Technology act, the categorization of various cybercrimes became more streamlined. The main objective of the IT Act is to facilitate legal reorganization and regulation of commercial activities through electronic medium. It is mainly based on the United Nations resolution No. A/GES/51/162 of 1997 as well as on the UNICITRAL Model Law on Electronic Commerce.
As far as the Act is concerned, appropriate penalties have been imposed for offenders under Sections Sec.43, 66, 67, 70, 72, 73 and 74 for damaging any computer system, hacking (with intent or knowledge), publication of obscene material in e-form, attempting or securing access to computer, for breaking confidentiality of the information of computer, for publishing false digital signatures, false in certain particulars and for publication of Digital Signatures for fraudulent purpose, respectively.
The problem which arose soon after was the business nature of the act rather than a criminal nature. Besides, the statute was more on papers than on execution because lawyers, police officers, prosecutors and Judges felt handicapped in understanding its highly technical terminology. Primarily, the IT Act, 2000 was not very effective in dealing with several other emerging cybercrimes like cyber harassment, defamation, and stalking. The need to make it more relevant in today’s context led to enactment of the Information Technology (Amendment) Bill, 2008 which received the assent of both the Houses of the Parliament in the same year.
Most common forms of cybercrimes
Cybercrimes can be broadly classified into-
a) Crimes affecting individuals
Maximum cybercrimes which are committed today affect individuals. In this category, the victim is the user of the computer or someone uses the computer by the name of the victim. The availability of the data in the cyberspace through hacking or by other means with capability to access may cause criminal infringement of privacy.
- Child Pornography: Child pornography is punishable under section 67B of the IT act.[vi] It is often regarded as a subset of child abuse. It is all about visualizing the images of underage engaged in sex and lewd activities, which though does not hurt the child physically but takes a toll on the psychological, emotional, and reputational well-being of the child as these images can be further used for child abuse. Moreover, the images of child pornography can be used to groom or seduce children into engaging in sexual acts.[vii] The entire malpractice of child pornography through the medium of the Internet passes through three stages- production, distribution, and downloading of the content. The anonymous commission of crime through mediums like P2P networks further make it difficult to find and punish the offender.
- Cyberbullying: It can be rated as defamation with Internet overtones or defamation being committed in the digital environment. The perpetrator uses the Internet and other communication means not only to express ill feeling towards the victim but also the expression which tend to lower him in the eye of others. This has become more prominent with the rising of social media platforms like Twitter and Facebook.
Before the Amendment Act of 2013, section 66-A[viii] was applied in cyberbullying cases.[ix] The landmark case of Shreya Singhal v. Union of India,[x] took a sagacious view of 66-A where the grey area in the law curtailing the fundamental right to freedom of speech and expression online was discussed and the section was struck down on being violative of article 19(2).
- Cyberstalking: Stalking limited to internet is known as cyberstalking. In other words, it mainly consists of false accusations, monitoring, making threats, identity theft damage or solicitation for sexual favours. It is done by means of unsolicited e-mails, spamming, thronging the victim’s computer with spyware or viruses and posting abusive content. This makes it a form of cyberbullying. Punishable under section 354-D of the IPC, it caters to the changes introduced by the Criminal Law Amendment Act of 2013. The only drawback of this act is that it lacks a gender-neutral application.
b) Crimes affecting economy:
The use of internet and computer in business (e-commerce) provides various speedy and less expensive procedures in the high- tech business. Thus, traders and businesspersons use this mode for transferring the huge amount of money. However, this process is also not without disadvantages.
The businessman and common man uses this technology to save their time, but criminals use the technology which is unknown to the general user of the internet and the technology is more sophisticated technology which is more easier way to commit the criminal activities.
- Cybersquatting: Squatting means occupying an abandoned place or building not belonging to the occupier. The strategy adopted by the offenders makes use of the fact that as domain name registration is for a limited period and can be purchased by anyone if it is not renewed by the owner. Yet another crime typical of the Internet age is defined as registering trafficking in or making misuse of a domain name intending to receive dividends from the goodwill of another trade mark or business house. Since the IT act does not address domain names, the apex court clarified the position of law in Satyam Infoway Ltd. v. Siffynet Solutions Pvt. Ltd.[xi], by holding that internet domain names are applicable to same laws as that of IP laws and the same was observed in Yahoo Inc. v. Akash Arora.[xii]
- Denial of Service attacks: In DoS attacks, potential attackers look for vulnerable websites, launch a mini-attack and then extort money by sending an email claiming responsibility and threatening to launch a larger attack if the digital ransom is not paid. They may also steal files, disseminate false information, sabotage operations and divulge confidential information.
c) Crimes affecting National Security:
When the illegal activity in the cyber space, that affect the society and nation at large are called cybercrime against the national security. This mode of the cybercrime threats the national and international perspective.
- Cyber Terrorism: Cyber Terrorism has been comprehensively defined by NIPC as-
“A criminal act perpetrated by the use of computers and telecommunication of computers resulting in violence, destruction and or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to political, social, or ideological agenda.”
IT Act deals with cyber terrorism under sections 66-F, 70, 43, 70-A, and 70-B.
- SMS Spoofing: With mobile phones reaching every palm and with the invention of Internet mobiles, spoofing is also known as ‘Phishing.’ It is used by perpetrators to deceive the victim by putting him under the belief that a message received has come from a credible source though it is a fake one. By using a web-based software, a cybercriminal can send messages from another mobile to show as if it has come from a known person’s mobile. This has been one of the most key cybercrimes to commit bank/credit card frauds or identity thefts.[xiii]
The conclusion that one arrives is that application of the traditional principles of jurisdiction in the field of cybercrime may lead to a growth of concurring jurisdictional claims. And there is no guiding principle laid down under Indian or international law to determine the scope of applicability of these principles. These principles thus become very subjective and have a case to case basis of application. And though nations may apply various theories essentially, territoriality, nationality, protection and universality to justify their exercising jurisdiction to proscribe and adjudicate the application of prescriptive law to particular types of criminal activity, what is essential is that a nation’s exercise of jurisdiction either to prescribe or to adjudicate must also be “reasonable” i.e. it must have some connection with the crime, the perpetrator, or the victim and must be reasonable also in terms of adjudication.
[i] A malicious program called the Internet Worm appeared on 1st November 1988 and disabled about 6000 of the total Internet hosts.
[ii] Jeffrey Pollock and Debra Lightner, Civil Procedure in the Age of the Internet Jurisdiction, New Jersey
Law Journal (2000)
[iii] Unite States v. Zehe, 601 F. Supp. 196.
[iv] Michael A. Geist, Is There a There There? Toward Greater Certainty for Internet Jurisdiction, 16 Berkeley
Tech Law Journal, 1345, 1356 (2001).
[v] Dr. Kasperson, Cybercrime and Internet Jurisdiction, Council of Europe, Economic Crime Division, France,
Discussion Paper (2009).
[vi] 67B Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc., in electronic form. -Whoever-
(a) publishes or transmits or causes to be published or transmitted material in any electronic form which depicts children engaged in sexually explicit act or conduct; or
(b) creates text or digital images, collects, seeks, browses, downloads, advertises, promotes, exchanges or distributes material in any electronic form depicting children in obscene or indecent or sexually explicit manner; or
(c) cultivates, entices or induces children to online relationship with one or more children for and on sexually explicit act or in a manner that may offend a reasonable adult on the computer resource; or
(d) facilitates abusing children online, or
(e) records in any electronic form own abuse or that of others pertaining to sexually explicit act with children, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees:
Provided that provisions of section 67, section 67A and this section does not extend to any book, pamphlet, paper, writing, drawing, painting representation or figure in electronic form-
(i) the publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper, writing drawing, painting representation or figure is in the interest of science, literature, art or learning or other objects of general concern; or
(ii) which is kept or used for bona fide heritage or religious purposes.
Explanation. -For the purposes of this section “children” means a person who has not completed the age of 18 years.]
[vii] Osborne v. Ohio [1990 SCC OnLine US SC 56]
[viii] Punishment for sending offensive messages through communication service, etc. -Any person who sends, by means of a computer resource or a communication device,-
(a) any information that is grossly offensive or has menacing character; or
(b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device; or
(c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages,
shall be punishable with imprisonment for a term which may extend to three years and with fine. Explanation. -For the purpose of this section, terms “electronic mail” and “electronic mail message” means a message or information created or transmitted or received on a computer, computer system, computer resource or communication device including attachments in text, image, audio, video and any other electronic record, which may be transmitted with the message.
[ix] SMC Pneumatics (India) (P.) Ltd. v. Jogesh Kwatra [CS (OS) No. 1279 of 2001].
[x] (2015) 1 SCC 1.
[xi] 2004 6 SCC 145.
[xii] 1999 19 PTC 201.
[xiii] Matt Hines, McAfee: Cyber-crime will continue to pay (2007).