Cyber Crimes and Cyber Investigations:
In recent times, India has become favourite spot for cybercriminals, who are most likely hackers and other malicious users who commit crimes through internet. The total number of cyber crimes registered during 2011-2014 stood from 13,301 and 1,49,254 respectively according to a study conducted by Assocham-Mahindra SSG. These crimes are rising at an alarming rate. These cyber crimes could pose serious economic and national security challenges and in 2015, these may get double upto 3 lakhs.
Trends which are in fashion for cyber crimes includes:
- Identity theft
- Cyber stalking
As these trends are emerging, it is high time for the Indian Police to bring reforms into their investigating methodology for a successful prosecution of such cyber case. Till today, the Indian system of policing and criminal investigation is stuck in the old ways to gather information and beating out a confession from the suspects. The police force completely lacks training on modern methods of criminal investigation for which skills are required to manage and operate highly sophisticated technologies.
There are several dots which exists in the system which is the reason that there is a gap between reporting a crime, arresting a criminal and ensuring successful prosecution of the accused in Cyber Cases. Jurisdiction remains a question of maintaining suits till date and it is a highly debatable issue. Cyber space is emerging so strong that is has lead to disappearing of territorial boundaries due to which the concept of territorial as envisaged under S.16 of Criminal Procedure Code and S.2. of the Indian Penal Code will have to look for other possible ways of dispute resolution.
Why the police is facing problem?
The major reason why police is facing problem lies in a sense of confusion as to whose jurisdiction the case will come under. For eg, it came into notice of a school teacher that an amount equal to Rs. 30000 was withdrawn from his savings account without his without his consent and knowledge. The ATM from which the amount was withdrawn located outside the city limits and some was withdrawn from the one located outside the state limits. In such situations, the complainant is troubled as to which jurisdiction, he should file the complaint to. Although, S.75 of the Information Technology Act has provision for the extra-territorial operations of this law, but it makes sense only when backed with provision which recognize orders and warrants for information issued by competent authorities outside their jurisdiction and strategic measure which provides the cooperation to exchange material and evidence of computer crimes between law enforcement agencies.
The law regulating cyberspace in India has been enacted, but it lacks any operational manual of how to conduct an investigation relating to cybercrimes. A Standard Operating Procedure(SOP) is required to prevent ambiguity.
With the arrival of cyber cells at various cosmopolitan cities in India, a need to build high technology crime and investigation infrastructure with highly technical staff has arisen. The current staff of cyber cells contains a mixture of police officers and IT experts. While additional recruitment is important, the main focus should be to improve the overall technical capabilities of the police staff rather focusing just on cyber cells.
Following are the gadgets without which police feels handicapped while carrying out any investigation:
- High capacity data transfer tools
- Software’s designed for analysis of phones
- Tools for recovering passwords using brute force, etc.
- Assistance of Forensic science laboratories is also required which is scarce at the district level.
Consequences which have to be faced due to non availability of gadgets is that police heavily lean towards oral evidence, instead of focusing on circumstantial and scientific evidence.
Although various governments have taken this issue into account in the recent times. Maharashtra government gives the perfect example of this. It has planned to tackle the issue of cyber crimes by deploying 1000 police officers as cyber investigators. Moreover, statements/FIRS/police records are not fed to the computer to maintain a database because there is no network and personnel also are not trained in the specific department. FIRS/statements should be made online to reduce burden on police.
Suggestions and Measures to be taken to reduce this:
- Specialized procedures along with expertise manpower are required to tackle cybercrime cases with excellence. Stringent punishment for cyber criminals, has to be ensured so that it acts as a deterrent for others. Presently, the offenses which come under the Information Technology Act are bailable with imprisonment of 3 years. This should be increased to such an extent which would change the current mindset of a cyber criminal. Separate bench is required to be formed to fast track the cyber crime cases. The constitution of cyber judges has helped the law enforcement agencies to prove the merits of their cases without any hindrance.
- Similar to U.S. secret service or the FBI, which provides training to law enforcement officials on topics like cybercrime forensics, CBI can also start to conduct such kind of programmes. The methods of the CBI can help police to closely supervise investigation of important cases by senior officers so that the investigating officer and Superintendents of police can get legal advice.
- Projects mentioned below have still not been implemented successfully by the Indian government, and these need to be implemented as soon as possible. These are:
- National Cyber Coordination Centre of India (NCCC).
- Cyber Attacks Crisis Management Plan of India.
- Internet Spy System Network and Traffic Analysis System of India (NETRA).
- Crime and Criminal Tracking Network and Systems Project of India (CCTNS).
- Cyber Crime can only be effectively countered when there is proper guidance and coordination available from various stakeholders like government, state and central government and local police. To facilitate the effective implementation of the initiatives taken, various adequately tasked and staffed agencies working at various levels should be executed. Indian Computer Emergency Response Team (CERT-In) is the national nodal agency set up to respond to computer security incidents as and when they occur. The activities which undertaken by CERT-In toward cybersecurity include the following:
- Coordination of responses to security incidents
- Timely advice regarding imminent threats
- Conduct training on specialized topics of cybersecurity
- Development of security guidelines on major technology platforms.
- There should be e filing of FIRS to reduce the burden on victims to physically move to the police station.
- Process re engineering is required to replace the procedure of a complainant going to the police station with single emergency response interface which will help to bring the police to the doorstep of the victim.
- Centralized online cybercrime reporting mechanism in India is required that alert authorities of suspected criminal or civil violations.
- For law enforcement agencies at the local, state and national level, there should be a central referral mechanism for complaints involving cybercrime.
- There are many cases in which private corporations have more experience with cybercrime investigation than local police, in those cases police can seek help with these corporations. E.g. In U.S. a privately led Identity Ecosystem steering group (IDES) has been established to support the National Strategy for Trusted Identities in Cyberspace (NSTIC).
- Various police departments have formed partnerships with computer science departments at local universities. Apart from providing expertise to the police, it also serves as a recruiting tool for students who have interest in cybercrime and policing. Thereby, a knowledge hub can be created.
Major Step to curb the Cyber Menace:
Fast response to the Interpol references and bilateral requests, liberal sharing of forensic technology and more cross country training exchange programmes alongwith timely alert.