Introduction
Criminal activities of every kind carried out using digital technologies may be considered under the category of cybercrime. Cybercrime is a growing issue, even though it is universally agreed that cybercrime exists there is no universal definition of what it is really means. There are various terms such as cloud crime, computer misuse, internet crime which are used interchangeably to cybercrime. With the increase in population of internet users and rapid digitization in various sectors, India has witnessed a sudden increase in criminal activities in cyberspace, posing significant threat to individuals, businesses and governments worldwide. Despite of rapid digitization India lacks sufficient awareness with respect to cybersecurity. This lack of awareness leaves them vulnerable to cyber threats.
Incidences and rise in cybercrime in India
India has become a prime target for cybercriminal activities such as data breaches, identity theft, hacking, spreading malware, financial crimes, online gambling, defamation, forgery and other malicious activities. A new form of cybercrime known as digital arrest has emerged where the fraudsters impersonate law enforcement officials and deceive their targets into interrogate over video call with an ill motive. One of the primary motives of the cybercriminals is to seek certain financial gain and monetary reward by perpetrating virtual theft and online identity fraud. The most common form of cybercrime varies from country to country. The most common form of cybercrime in India is financial fraud. This accounted for 75% of cybercrimes in India between 2020 and 2023.
The rise in cases of cybercrime has been a growing concern. Cybercrime cases have risen by 57% in the recent years. Karnataka, Telangana and Uttar Pradesh collectively accounted for half of all cybercrime cases in 2021.
In 2022, 65983 cybercrime cases were registered which went up from 52974 in 2021. There was surge in cybercrime cases in 2022 with a jump of 24.4% compared to the number of cognisable offences registered the previous year. According to the Latest National Crime Records Bureau (NCRB) data released on 3rd December 2023, relatively richer states of
Karnataka, Telangana and Maharashtra accounted for more than half of these cases. Offences include those registered under the Indian penal code (IPC) as well as the information technology act, 2000 and cover crimes such as frauds, ransomware and impersonation. 64.8% of cybercrime cases registered were for fraud.
With the increase in rate and cost of data breach, there is constant increase in the victim count in the last 2 decades. The average cost of data breaches increased to $2054 per hour. In 2022, investment fraud was the costliest form of cybercrime, with an average of $70811 lost per victim. With regard to businesses in 2022 data breaches costed an average of $4.35 million.
The covid pandemic immensely affected cybersecurity as many businesses and organisations had to move to remote working environments. Cybercriminals took advantage of this and in no time malware attacks increased by 300% in 2019. Which obviously increased the hourly victims not just in india but throughout the world. In the early of 2019 hourly victims were 53 which increased to 90 in 2020, which is an increase in 69%.
Few of the most recent cyberattack cases in India are: the malware attack on the servers of Pune based cosmos bank which shook the Indian banking sector when hackers, for years, stole nearly $13 million. Hackers siphoned this money from the bank’s ATM servers and hacked online transfers and transferred and withdrew it outside India. One of the most serious cyberattacks that shook the Indian government was the data leak of Aadhaar cards of thousands of Indians which raised major concerns about a breach of private data and violation of the right to privacy granted under the Indian constitution. In 2016, the union bank of India faced a giant phishing attack and lost 17 million marking it one of the biggest financial frauds in india. India was according to the analytics in India piece, among “the top nations which came under ransomware attacks in 2019”. Ransomware demands were as high as $5 million.
Cybercrime- status of controlling measures
There is a need for strengthened cybersecurity measures, public awareness, and regulatory frameworks to combat ever evolving cyber threats effectively in order to curb increase in the rate of cybercrime cases.
Punishments for cybercrimes and other cyber related offenses are imposed under the Indian penal code, 1860 and the information technology act, 2000.
Information technology act 2000 was the first cyber law passed by the Indian government. The act gives recognition and protects the fields of ecommerce, e-banking and e-governance while also including the punishments in the field of cybercrime. The main objectives of the IT Act 2000 are to give legal recognition to the transactions done by electronic means of communication generally and to give legal recognition to digital signatures and e-contracts. Cyber offense sections 43, 65, 66 and 67 specify punishments for various cybercrimes such as hacking, tampering with computer source documents, sending offensive messages, identity theft, cheating by impersonation, publishing obscene material, etc.
The act also provides for the constitution of the cyber regulations advisory committee, which shall advice the government as regards any rules, or for any other purpose connected with the said act. The act also proposed to amend Indian Penal Code,1860, the Indian Evidence Act,1872, the Bankers Book Evidence Act,1891, the Reserve Bank of India act, 1934 to make them in tune with the provisions of the it act. Most of common cybercrimes can be addressed by these acts, but there is a need to address specific cybercrimes that evolve along with the technological advancement. Like for example recently, several deepfake videos targeting leading actors went viral, sparking public outrage and raising concerns over the misuse of technology and tools for creating doctored content and fake narratives. However, if the IT Act 2000 is not sufficient to cover specific cybercrimes, law enforcement agencies can apply some of the sections under the Indian penal code, 1860.
Teenagers and young adults are particularly vulnerable to various types of cybercrimes as they actively engage with mobile phones and internet hence are a being exposed to crimes involving child pornography or child sexually abusive material and revenge porn. Though these are regulated under section 67(b) of it act, the ministry of women and children has decided to change and regulate new laws that specifically deals with cybercrime against women and young adults.
If we compare the Indian cyber laws with that of any other country, we can reach to a conclusion that cyber laws in india are not too strict. Like for example, the punishment for child pornography in India under the Pocso act is imprisonment that extends to only 5 years whereas the punishment for the same offense in USA is imprisonment that will extend to 15- 20 years.
Also, with the increased use and development of ai like ChatGPT, there are no previous laws that deals with the aspects of ai. So, the cyberlaw framework in India lacks in some ways and so there is a need for amendment of the previous laws and enactments of new laws to combat the problem of increasing cybercrimes cases.
Hinderances in control of cybercrimes
Although many countries have applicable cyberlaws and policies against cybercrimes but the enforcement of the same is a challenge because of lack of cooperation on part of the victims, other stakeholders and witnesses with the police or other investigating agencies. Many victims have not effectively reported their incidences of cybercrime with the appropriate authorities across the globe. The main reason for not reporting cybercrime is the fear of damage to reputation and goodwill of the victims. Also, another main reason associated with lack of reporting of cybercrime is the immense cost required for investigation and prosecution, i.e. hiring lawyers at a very high cost in addition to filing fees and other incidental costs of litigation. Also, many victims consider investigation and prosecution are energy and time-wasting exercises. These reasons overlook the benefits that could be derived from investigation and prosecution, and victims consider the benefits are worthy enough of the troubles and so the cybercrimes continue to flourish.
Pendency of cybercrime cases
Limited resources, complex investigations and evolving nature of cyber offenses adds to non-disposal of cases on cybercrimes in Indian judiciary. Assessment of the efficiency of the law enforcement in the detention and investigation of cybercriminal incidents can be made through the case disposal rate and the backlog of pending cases in both law enforcement agencies and the judiciary.
The data on the disposal of cybercrime cases by the police show that between 2016 and 2021 only 35% cases were disposed on an average. The rest are cases pending for further investigation. The total number of cases for investigation grew in the year 2020 and 2021 due to covid pandemic where during the health crisis, cyber risks and cyber threats have increased mainly because of increase in the use of internet.
Absence of universal law
Having one universal law governing cybercrimes is very important. Cybercrimes respects no jurisdictions because it is possible for a criminal sitting in a foreign country to perpetrate his act that would have effects in India, or any other country in the world.
Cybercrime is transnational and the laws associated with cybercrime are only confined to a particular nation or region. The cyberlaws which are national or regional cannot possibly cope with the problems engendered by cybercrimes. The only law that could frontally address the menace of cybercrimes is that law which has no jurisdiction i.e. Globally applicable and until such universal law with regard to cybercrimes are made, the mankind shall continue to be plagued by challenges of enforcement posed by cybercrime laws. Greater international cooperation in investigation and arrest of cybercriminals of other nationalities and establishment of treaties and permissions between nations are essential to curb the transnational nature of cyber offences.
Conclusion
Network security and protection is considered as a shared responsibility between security and law enforcement agencies, government bodies, businesses, organisations and individuals. Even though it is difficult to supervise and control large amount of information and transaction that passes through networks at all times, several legal and social measures must be taken with the increasing dependence on the use of cyberspace.
One of the important cases where the supreme court suggested major changes to be taken in order to combat the increasing cases of cybercrime is Vijay Madanlal Chaudhary v. Union of India where the Supreme Court held that the CBI must probe into all videos which are made public, a task force must be set up to deal with specific matters like fraud etc. It also held that there should a toll-free number where the victims can immediately seek help. Further it stated that the national cyber offender’s register of convicted cyber offenders must be maintained. Ministry of home affairs should toe up with Facebook, WhatsApp, Instagram, and YouTube so that quick action can be taken. A specialised training must be given to senior law enforcers on matters relating to cybercrimes.
With the advancement of technology need for new legal reforms has advanced. One of these reforms is requirement for the knowledge for cyber laws which is still in its emerging stage and continues evolving every passing day. Even the most learned legal scholars find it difficult to solve the legal problems posed by technology. Today almost all our activities are dependent on technology, making it essential for the law to keep pace with it.
Article contributed by Priyanka S H
References
1. Dolly Krishnan and Mohit Verma, cybersecurity and cyber laws around the world and India: major thrust highlighting Jharkhand for concerns, Thelawbrigade.com,(December 6th,2023,9:34 am), https://thelawbrigade.com/generalresearch/cybersecurity-and-cyber-laws-around-the-world-and-india-major-thrusthighlighting-jharkhand-for-concerns/
2. Suhani dhariwal, rise in cases of cybercrime in India: reasons, impacts and safety Measures, writinglaw.com, (December 6th ,2023, 5:00 pm), https://www,writinglaw.com/rise-of-cybercrime-in-india/#google_vignette
3. Tashveer kaur, a critical analysis of effectiveness of cyber law in India, Intolegalworld.com, (December 8th ,2023, 4:16 pm), https://www.intolegalworld.com/article?title=a-critical-analysis-of-effectiveness-ofcyber-law-in-india
4. Chetan Chauhan, cybercrimes see highest spike among cognisable offences in 2022, Hindustantimes.com, (December 9th ,2023, 8:45 pm), Https://www.hindustantimes.com/india-news/cybercrimes-see-highest-spike-amongcognisable-offences-in-2022-says-ncrb-101701714486481.html
5. Yoshita Gwalani, centre for academic legal research, volume 1, journal of applicable Law and jurisprudence, pg no.2, pg no. 15&16, 2020
6. Daniel Ventre and Hugo Loiseau, cybercrime during the sars-cov-2 pandemic (2019-2022), volume 3,pg no.11, pg no. 19, 2023
7. Volume 593, Mohamed chowki, Ashraf Darwish, Mohammad Ayoub khan, Sapna Tyagi. Cybercrime, digital forensics and jurisdiction, pg no. 98-99, springer 8. Sachs, ram. Hacking the election, yale journal of international law, (December 15th, 2023, 6:00 pm), www.yjil.yale.edu/hacking-the-election/
9. Vijay Madanlal Choudhary v. Union of India [2022 scc online sc 929]
