This Article is written by S Muthu Praba & S Sankar Ganesh, students of Dr. Ambedkar Law University, School of Excellence in Law, Tamilnadu
In this modern era of digitalization, internet and social media has became an inevitable part of human life. The emerging risks in the virtual platform creates more vulnerable environment for all the people irrespective of their age. During the COVID-19 pandemic, people carry out all their activities virtually through different media, which has resulted in miscellaneous intrusions from anonymous persons paving way for cyber threats. India is a country which has stringent legislations for the various offences occurring throughout the country. The Information Technology Act, 2000 and various rules given by the government regarding the prevailing conditions in the society curtailed the increasing cyber threats. Proper regulatory measures have been introduced to ensure strong cyber security in the virtual platform. The researchers give limelight on the prevailing cyber threats and existing legal remedies available in India compared to the international perspective. Though there is no explicit legislation for cyber law, the IT Act and various other acts together serve the sole purpose of reducing cybercrimes. Judicial precedents help in the application of various provisions of the legislations thus rendering justice to the people affected by virtual crimes.
CYBER THREATS IN INDIA
Cyber threat is defined as the possibility of a malicious attempt to damage or disrupt a computer network or system. Cyberattacks occur through different means with multiple intention of threatening the targeted system or person. In 2020, the most observed forms of cyber threat are:
- Distributed denial of service (DDoS attacks)
- Social engineering
- Cloud computing vulnerabilities
- Third Party Software
During the pandemic, data breaches and other cyber security issues reported are rapidly increasing when compared to the first quarter of the year 2019. Around 3,137 cyber security related issues were reported every day in 2020 in mediocre level. Due to the unintended shift to the digital services, people became more vulnerable to cyber threats. In 2020, nearly 1.16 million cases of cyberattacks were reported which is far greater than that of the cases reported in 2019. Further, the Indian Computer Emergency Response Team (CERT-In) has observed 11,58,208 cyber security incidents in the year 2020 which has led to various cyber threats.
Researchers have warned that the cyber threats are likely to increase in 2021 due to the extended virtual working platform. The government has issued several guidelines and other cyber security measures in order to curb the cyberattacks.
CYBER LAWS IN INDIA
Though there is no exclusive legislation for cyber laws in India, they are governed by the existing legislations which deal with cyber security and related issues. The Information Technology Act, 2000 guides all the Indian legislations regarding e-commerce, e-banking and e-governance thus providing various provisions offences occurring in computer networking and virtual platform.
The Indian Penal Code, 1860 is invoked along with the IT Act as it also deals with certain offences applicable in cyberspace also. The forgery occurring in digital format and examination of such evidence are governed by the Indian Evidence Act.
The cybersecurity obligations and other responsibilities of the companies registered under the Companies Act, 2013 are refined under this legislation. The SFIO (Serious Frauds Investigation Office) is vested with the power to prosecute the company and its directors. They became stern and proactive after the Companies Inspection, Investment and Inquiry Rules, 2014.
Under the Ministry of Electronics and Information Technology (MEITY), the government issues notification regarding the rules and regulations of cyber security which must be coordinated by the authorities to the public. Further, data protection framework and data governance related rules are structured whenever required.
The National Institute of Standards and Technology (NIST) has authorized Cybersecurity Framework (NCFS) for cyber risk management through which the guidelines and standards for cyber- related issues are fixed.
In Shreya Singhal v Union of India, the honourable Supreme Court upheld the validity of Section 66A of the Information Technology Act, 2000. This decision was made by the court based on three concepts viz, Discussion, Advocacy, and Incitement.
It was held in Shamsher Singh Verma v State of Haryana, the accused challenged the High Court Order, The Supreme Court held that Compact Disc is also a document, and it is not necessary obtain permission or disclaimer regarding a document under Section 294 (1) of CrPC personally from the accused, the complainant, or the witness.
It was held in Avnish Bajaj v State (NCT) of Delhi, it was regarding the broadcasting of cyber pornography materials, the accused was arrested but it was contended by the accused that he is only the service provider. The court granted bail subject to 2 sureties and the burden of proof to him as only the service provider and not posted such materials.
It was held State of Tamil Nadu v Suhas Katti, a landmark case, in which the accused was a family friend and who intended to marry a girl, but she was married to some other person. The accused created a false e-mail account in the name of the victim and posted slanderous, obscene, and annoying information about the victim. The court convicted the accused person under 469, 509 of IPC, 1860 and Sec 67 of IT Act, 2000.
It was held in CBI v Arif Azim (Sony Sambandh Case), it’s a peculiar cybercrime, in which a person unknowingly used the credit card information of another and purchased Sony TV. The credit card user informed the wrong usage of the card to the bank and the bank approached the company, then it was found that a call centre guy Arif Azim misused the information and committed the crime. The Court relying on the age and the first-time offence, had a lenient action on that boy.
It was held in SMC Pneumatics (India) P Limited v Jogesh Kwatra, the employee of the company sent filthy emails to employers, subsidiaries and derogated, defamed the company. It was found that the employee sent the mails from a internet café. The defendant was terminated from the service. The Court held that the evidence is not qualify as certified evidence U/s. 65B of Indian Evidence Act, 1872.
It was held in Manik Taneja v State of Karnataka, the accused posted a bad comment about the inspector, police personnel of a particular police station in the face book page of the Police. The police filed a case against him. The Court held that the social media platform is to express the grievance and it was made with good intention. Hence the accused was not doing was not punishable offence.
It was held in Gagan harsh Sharma v The State of Maharashtra, the individuals were accused of theft of data and software from the employer, they were booked under Sec 408 and 420 of IPC along with Sec 43, 65 and 66 of IT Act, 2000. The accused pleaded for dropping of provisions under IPC and to charge only under IT Act, 2000 relying on Sharat Babu Digumarti Case. The Bombay High Court upheld the plea of the petitioners and dropped the provisions under IPC.
INTERNATIONAL PERSPECTIVE ON CYBER THREATS
Secret is the only thing which is under amaze in this cyber world. Every country is fighting against the cyber threat, cyber warfare to protect its secrets, its citizens.
In UK, National Cyber Security Centre (NCSC) formed and headed by the cyber security experienced professionals to tackle the cyber threat and cyber warfare. The policy of “active defence” and “hacking back the hackers” are the potentials used by NCSC to fight against the cyber threat or cyber warfare.
In US, the nation with latest technologies and leading in the cyber security has enacted an act, to handle Cyber threats viz, Cyber Security Act of 2015. In addition to that Cyber Security National Action Plan has also been initiated by the Government to work with commercial tech giants, to handle cyber threats and to protect the citizens.
In Europe, NIS directive was initiated in the year 2016 to protect from cyber threats. Computer Emergency Response Team (CERT) was formed by the directive to protect and to have greater control.
In China, introduced a law with more stringent measures and broad new cyber security law to protect and to have control over cyber threats.
In India, Digital India is proposed and taken into every root of the Government Concerns. Indeed, aiding to keep Digital India ahead of the latest cyber-threats is a key unease for those working on the project, whether they are connoisseurs in policy, government services, or security technologies such as PKI.
The world is changing and so the technical and technological developments. Everything which soothes the operation will have more impact on us, thus the Cyber Space, which helps us to reach more but it has every potential threat.
Every nation and every individual are apprehended to the cyber warfare and cyber threats, through the bold and clear strategy this can be handled. Its an endless limit to the desire of individuals and hence the threat has no limitations.
The world in which we live is transforming, and so are the perils that we face daily. Governments around the globe must now ensure they are adaptable and swift enough to distinguish when the muggers are moving ahead, and act accordingly.