India launched itself into Cyber Space regulatory regime on October 17, 2000 with the passage of ITA-2000.

While the IT Bill was being debated in the Parliament during May 2000, the section which attracted the most debate was the powers given to the Police to "Search and Seize ..without Warrant..in any Public Place". Many parliamentarians expressed their concern that the Police force in India would find it difficult to understand the niceties of Cyber Crimes and is likely to misapply such powers leading to harassment of the innocent public and possibly more corruption.

The defense put up at that time in favour of the provisions was that the Act has ensured that only senior Police officers of the rank of DSP and above only are allowed to investigate and also conduct search and seizure under Section 78 and 80 of the ITA-2000 and hence the possibility of misuse is less likely.

In the last three years of the ITA-2000 implementation, there has been some experience accumulated in the Cyber Crime field for us to now reflect if this apprehension was true and if not, is there a case for rethinking on some of the provisions of ITA-2000.

Firstly, the incidence of Cyber Crimes have been steadily growing even though no acceptable crime statistics seem to be available. With the growing use of Computers and Computer generated documents (Electronic Documents as per ITA-2000) in the Commercial space, it is inconceivable today for any offence in the Commercial world to be outside the provisions of Section 43 and Section 66 of the ITA-2000. Hence even without more data one can say that Crimes committed with Electronic documents are ubiquitous. Some of these Crimes may technically fall under IPC or other statutes dealing with economic offences and not under offences indicated under Chapter XI of ITA-2000 or Wrongs indicated under Chapter IX of ITA-2000. Nevertheless they are Cyber Crimes and need to be supported by investigation in the Cyber field.

When a case falling under IPC being investigated by a Police officer below the rank of DSP stumbles upon some evidence of electronic nature, there is a dilemma if the investigation can be continued by the same officer or it has to be taken over by a DSP.

One practically feasible interpretation is that if the Charges are being framed under the statutes outside ITA-2000, then the relevant investigating officer can continue the investigations even of the Electronic documents. If the charges are being pursued under any of the provisions of ITA-2000, then the relevant investigation has to be handled by a DSP.

If so, in case both charges are to be pursued simultaneously, there will be a problem of duality of roles.

Since the developments in the recent days have defined the role of the Adjudicating officer and CRAT as confined to Chapter IX issues of ITA-2000, Chapter XI crimes need to be tried in the same courts where the other charges of criminal nature relating to a given crime are to be tried. It is therefore not possible to  segregate the roles of investigating officers based on parallel trials in different courts. There may be the issue of double jeopardy if such an attempt is made.

There is therefore a strong case for the provisions of Section 78 and 80 of ITA-2000 to be modified to make the investigation possible at levels lower than the level of DSPs in certain cases.

The Risk

Not withstanding the need for giving more freedom to Law Enforcement Agencies in Cyber Crime investigations, it is necessary for us to also focus on the risks of misuse of power by lower level Police officers while investigating Cyber Space related investigation. Some of these risks arise because of the highly technical nature of the Cyber Crimes and the evidence objects involved.

Recently, a case has been reported from USA where action was initiated on a security expert who checked if another  network to which his network was planned to be connected was secure or not. In the process he carried out a "Port Scan" and found some vulnerabilities. While this helped the weak network to correct the loopholes, some harebrained law enforcement person invoked certain provisions of law to charge the network specialist of an "Attempt to Hack" (or something similar). (Details in CNET.com)

In India too, the definition of "Hacking" under Section 66 is too broad to include any act that  "Diminishes the Value of information residing in a Computer" as a punishable crime making the activities of Network specialists too onerous. With RBI separately advising Banks to engage private security specialists to test "Intrusion Vulnerability" of Bank networks, there could be occassions when a good intentioned security check can be deemed to be a crime. In such cases the security specialist would be placed at the mercy of others for having exceeded his brief.

On the other hand, if a bureaucratic Network Security Specialist waits for written permissions for every act of his, the intruder would have long vanished from the scene before the Specialist gets the permission of a non specialist to move in and take action.

Many times, the risk of being framed is also a reflection of the inability of the Law Enforcement Agencies to correctly interpret an event whether it is a Cyber Crime, Or a Cyber Accident. This flows from ignorance and needs to be corrected through education. Since the ITA-2000 had restricted Cyber Crime investigations to the level of DSPs, the first task for the Police force in India was to train all Police officers upto DSP level on "Awareness Of Cyber Crimes".

While action has been initiated in this regard by some States,  perhaps Cyber Crime training is yet to reach more than 25 % of  DSPs.  In such a situation, if Cyber Crime investigation is opened up for all Cadres of Police who investigate other crimes under IPC, there will be more than 90 % Cyber Crime illiterate Police officers who would be empowered to conduct such investigations.

We need to seriously think if the time is ripe to take such a decision.

Solution

A Dispassionate assessment of the training requirements involved in making the Computer illiterate Police officers of today turn into efficient Cyber Crime Investigators, indicates that, in the near future it is not possible to train the required number of Police officers in Cyber Crime investigations despite the best of efforts. The department has neither the funds required for the purpose nor the force would be willing to spare their officers for such training. Until a whole new generation of officers who have been initiated into Computers at the basic education level fill the posts of Police officers at all levels, training all of them in Cyber Crimes is impossible.

It is therefore suggested that a "Special Task Force" be raised in each State as "Cyber Police Force" where officers with the right aptitude are absorbed and are adequately trained. Once such a Police force is available, ITA-2000 can make them the mandatory investigating officers for Cyber Crimes and they can also assist the investigating officers of other crimes by virtue of their special status. Apart from being Computer specialists these officers may have to frequently travel across the country and also abroad in following up the investigations and the profile of such an officer would be totally different from the profile of the department officers at present.

If such force has to work efficiently, it has to have an all India jurisdiction and work parallel to the CBI. It can have officers deputed from the State Cadre so that the State cooperate in such a venture without the suspicions normally associated with transferring cases in their jurisdiction to CBI.

Unless such a wholesome change is made in the Law Enforcement structure, it will be difficult to enforce Cyber Laws in a manner that Citizens would not feel that it is draconian.

Naavi

June 27,2003

Send Your Views if any to Naavi

 

---