Cyber Investigation - How Prepared are the Indian Police?
India has emerged as a favorite hub for cybercriminals, mostly hackers and other malicious users who use the Internet for committing crimes. As per a study conducted by Assocham-Mahindra SSG, total number of cyber-crimes registered during 2011-14 stood from 13,301 and 1, 49,254 respectively and rising at an alarming rate. In 2015, the number of cyber-crimes in the country may double up to 3 lakhs and could pose serious economic and national security challenges.
Emerging trends of cyber-crimes include hacking, identity theft, spamming, phishing and cyber stalking. With these emerging trends in crime, it is high time for the Indian police to revamp and reform investigating methodology for a successful prosecution of such cyber case. The Indian system of policing and criminal investigation is still stuck in the old ways of information gathering and beating out a confession from the suspects. The police force are completely untrained on modern methods of criminal investigation, which requires skills for managing and operating highly sophisticated technologies.
Several potholes exists within the system due to which a gap continues between reporting of crime, arresting a criminal and finally ensuring successful prosecution of the accused in Cyber Cases. Jurisdiction remains highly debated issue till date as to the maintainability of any suits till date. Today with the growing arms of cyber space the territorial boundaries seems to disappear & the concept of territorial jurisdiction as envisaged under S.16 of Criminal Procedure Code and S.2.of the Indian Penal Code will have to give way to alternative method of dispute resolution.
Police are facing this particular problem as there remains a sense of confusion as to whose jurisdiction the case will fall. Let us take an example; a school teacher finds out that a sum of 30,000 INR was withdrawn from his savings account without his knowledge and permission. The amount withdrawn was from ATM located outside the city limits and some outside the state limits. In these situations, the complainant is faced with a problem of filing the complaint at which jurisdiction. Though S.75 of the Information Technology Act provides for extra-territorial operations of this law, but they could be meaningful only when backed with provision recognizing orders and warrants for Information issued by competent authorities outside their jurisdiction and measure for cooperation for exchange of material and evidence of computer crimes between law enforcement agencies.
A law regulating the cyber-space has already been enacted by India thought there is lack of any operational manual which describes the methods of conducting an investigation relating to cybercrimes. A SOP (Standard Operating Procedure) has to be set so that the present force can conduct its investigation without any ambiguity.
With the advent of cyber cells at various cosmopolitan cities in India, there is also an imperative need to build a high technology crime & investigation infrastructure, with highly technical staff at the other end. The current staff of cyber cells comprises of a mixture of police officers and IT experts. While additional recruitment is welcome, the effort should be to improve the technical capabilities of the police department as a whole, rather than only the cybercrime cells. Police are quite often handicapped in undertaking effective investigation for want of modern gadgets such as high-capacity data-transfer tools, software’s, designed for analysis of phones, tools for recovering passwords using brute force, etc. Forensic science laboratories are scarce at the district level, which can render timely assistance to the investigating Police.
The result is that Police heavily lean towards oral evidence, instead of concentrating on scientific and circumstantial evidence. Though various governments have taken this issue into account in the recent years, a definite example can be taken of Maharashtra government; the Maharashtra government has planned on tackling cyber-crime by deploying 1000 police officers as cyber investigators. The statements/FIRs/reports recorded are not fed to the computer immediately so as to maintain a database because there is no computer network or there is no personnel trained in the job or for want of specific instructions. The benefits of online filing of FIR needs to be implemented to reduce the burden on police.
There is a need to ensure specialized procedures associated with expertise manpower for prosecution of cybercrime cases so as to tackle them on a war footing. It must be ensured that the system provides for stringent punishment of cyber-crime and cyber criminals so that the same acts as a deterrent for others. Presently, most of the offences committed under the Information Technology Act are Bailable with punishment up to 3 years imprisonment. This punishment should be increased to a term which would change the mindset of a cyber-criminal of committing similar and like offences again. Separate bench are required to be constituted for fast tracking of Cyber cases in an effective manner. With the constitution of cyber judges, the law enforcement agencies can prove the merits of their respective cyber cases without any hindrance.
Just like the U.S. Secret Service or the FBI, which provides training to state and local law enforcement officials in cybercrime forensics and related topics, similar programmes can be conducted by CBI, which has its separate cyber cell and a manual for conducting investigation. The methods of the CBI can be used by the Police include close supervision of investigation of the important cases by senior officers and evolving a mechanism so that the investigating officers and Superintendents of Police can get legal advice during the investigation.
Cyber projects like National Cyber Coordination Centre (NCCC) of India, Cyber Attacks Crisis Management Plan of India, Internet Spy System Network And Traffic Analysis System (NETRA) of India, Crime and Criminal Tracking Network and Systems (CCTNS) Project of India, etc. have still not been implemented successfully by Indian government and there is an urgent need to implement these projects in India as soon as possible.
Quick response to the Interpol references and bilateral requests, liberal sharing of forensic technology and more cross-country training exchange programmes besides timely alert can be a major step to curb the cyber menace.
Cyber crime can only be effectively countered when there is a proper coordination and guidance available from various stakeholders, such as industries, local police as well as the state and central governments. To facilitate such cooperation as well as to give impetus and to govern the effective implementation of various initiatives, we need to have adequately tasked and staffed agencies working at various levels. Indian Computer Emergency Response Team (CERT-In) is the national nodal agency set up to respond to computer security incidents as and when they occur. Some of the activities undertaken by CERT-In toward cybersecurity include coordination of responses to security incidents and timely advice regarding imminent threats, conduct trainings on specialized topics of cybersecurity and development of security guidelines on major technology platforms.
There should be an e-filing system for filing of FIR keeping in mind the digitalization of many government bodies and also to reduce the burden on the victims to approach physically at the police station. Process re-engineering is required to ensure that the current cumbersome procedure of a complainant having to go to a police station to file an FIR is replaced with a single emergency response interface, which can bring the police to the doorstep of the victim in distress. There is a need of a centralized online cybercrime reporting mechanism in India, which provides victims of cybercrime, a convenient and easy reporting mechanism that alerts authorities of suspected criminal or civil violations. Also for law enforcement agencies at the national, state, and local level, there should be a central referral mechanism for complaints involving cybercrime.
In many cases, private corporations have more experience with cybercrime investigations than local police agencies & henceforth, the Police can seek cooperation with private corporations without compromising the security. For example in the United States, a privately-led Identity Ecosystem Steering group (IDES) has been established to support the National Strategy for Trusted Identities in Cyberspace (NSTIC).
A number of police agencies have formed partnerships with computer science departments at local universities. These partnerships not only provide expertise to the police, but also serve as a recruiting tool for students who have an interest in cybercrime and policing. A knowledge hub thus can be established which can also attract students to pursue a career as cyber investigators.
ABOUT THE AUTHOR: Adv. Partha Misra
Edited: Adv. Neeraj Kumar Jha (Sr. Partner) Agnihotri & Jha Associates ; Author: Adv. Partha Misra (Legal Exec.) Agnihotri & Jha Associates
Copyright Agnihotri & Jha Associates
More information about Agnihotri & Jha Associates
Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer. For specific technical or legal advice on the information provided and related topics, please contact the author.