Abstract:

This paper begins with a detailed understanding of the concept of identity theft. A crime where
people are victims of identity fraud and the criminals are very difficult to prosecute. It then
shows the prevalence of white-collar crimes in India and how these crimes are spreading like
rapid fire in every sphere of society. The paper discusses how the widespread political, social,
economic and technological changes along with the variations made in the legislations in
different countries have allowed these crime groups to highly increase in the international arena.
As an example, it also talks on how India has prevalently misused the idea of collecting personal
data under the title of public welfare in one of its recent bills. The paper, thus proves that identity
theft has developed as such a highly regarded crime because it in today’s world acts as one of the
Government’s means to track into the world of its citizens. The idea also lies to reflect how the
Government can be considered as a part of the white-collar group and how its actions have led to
the development of the mentioned crime. The paper lastly, concludes by suggesting some
measures to prevent this crime from being one of the fastest-growing white-collar crimes in India
to it attaining the top spot.

Introduction:

With the constant rise in digitalization, the computer stores information in binary data form
deeply on the data form. It is this way that the device tracks a lot of information’s in an effective
way. Subsequently, with the invention of personal computers and microprocessors the idea of
using computers for exclusive use of an individual rose. The process was not only affordable but
also made management and storage of information easier. But this evolution has also led to
increased interactions and sharing of private data using computer, ultimately leading to illegal
activities known as cybercrimes. Identity theft is one such crime. Identity theft refers to a crime
when a person fraudulently obtains information of another person and later uses it for economic
or personal gain.1 The theft happens in a two step process. Firstly, the personal information gets
stolen. Later, the information gets used to impersonate the victim and commit the fraud. 2 Identity
theft has already made its place among the fastest growing sector in not only the developed
1
Mohit Chawla, Cyber Laws governance in India, 2015 https://www.cyberlawsindia.net/
2
Michael Stuart, identity Theft, computer identity fraud & protection, p.g no. 14-17 (2004)

1
countries but also the developing countries. The primary reason for US being affected stands
firm to the fact that all the personal information is linked to a single social security number. The
number allows an individual to avail all government schemes and records related to the
individual whose social security number it is. This allows very little safeguarding to the
individuals whose number gets leaked. Landing on Indian records, there has been an 11%
increase in identity theft and ransom ware, followed by phishing attacks increase to 9%.3 India
also been ranked amongst top 5 countries to be affected by cybercrimes in 2013.4
Problematically, there is a very low conviction rate despite the high levels of cybercrime.5

IDENTITY THEFT: STATUS OF WHITE COLLAR CRIME IN INDIA

1. Understanding identity theft

Before moving into identity theft, the basic understanding of what constitutes identity stands as a
question. The literal meaning of Identity is nothing but the collection of unique characteristics
which distinguishes the person from other people.6 Legally, the identity of an individual means
through which the individual can be recognized as per the government records such as, birth
certificate, voter ID, license etc. the document which constitutes the name, citizenship, address,
photo, blood group and importantly, a distinguishing feature (suppose a mole). It is by which the
authorities track the people who reside or visit the territory.

Identity theft includes procurement of such information to use it in accessing resources by the
criminal to take over the victim’s identity and commit crimes. 7 However, mostly when there is
leak or breach of public information, it leads to identity fraud. The digital expansion has now
complicated the concept of identity theft and technology, on the other hand, has made it much
3
Indian Survey on Risk, 2014, (1 ed. 2014), http://www.ficci.com/Sedocument/20276/report-India-risk-
Survey2014.pdf
4
Ibid
5
Rajkumar Wagh, Comparative Analysis of trends of cyber laws in USA and India, 2 international journal of
advanced computer science and information technology pp. 42-50 (2016),
http://technical.cloudjournals.com/index.php/IJACSIT/article/view/Tech-160
6
The advent of various kinds of identity theft and frauds committed in modern era, Internet Journal of Criminology
(2011)
7
Siddhart Rao, Study on identity theft: recommendations for IT Act, 2000 (1 ed.)

2
difficult to track it. Ultimately, leading to the practice in a broader scope with less chances of
detection.

The crime of identity theft is of two steps:

i. Wrongful collection of personal identity information of another individual.

ii. Wrongful use of the information with an illegal and malafide intention.

The first step can be done in many ways like where the person fraudulently uses the data himself
or buys it for illegal trade. The procurement of such data can happen through hacking, phishing,
email/spoofing, carding, vishing. The stolen information stands a threat as it can used to procure
illegal weapons by terrorists where the victim is a subject to stricter laws. The victim can
however avoid such a circumstance by immediately reporting to police when it comes to their
notice.

2. Legislations governing in India

There are provisions in Indian Penal Code, 1860 which governed the crimes of forgery and fraud
but it was later amended by the Information technology Act, 2008 as it also included the
electronic record, ultimately widening the ambit of such computer data related crimes. Provisions
such as section 464 criminalizing forgery, Section 465 criminalizing making of false documents,
section 468 criminalizing forgery for purpose of cheating, Section 469 criminalizing forgery for
purpose of harming reputation, Section 469 criminalizing the use of a genuine document as
forged and section 474 of having possession of a document with intention of using the genuine
document as forged were coupled with IT Act. Section 420 could be used in circumstances when
the Act requires including unique identification information of any individual.8

In the present scenario, the IT Act, 2000 is the main legislation governing cybercrimes in India.
The objective of the Act, however, was to mainly recognize e-commerce and that’s why it did
not define cybercrime. Before the 2008 amendment, the Act could impose civil liability for
unauthorized access to computer or network which would have facilitated an illegal act under
section 43 by way of compensation under the pecuniary limit of one crore. Also, Section 66

8
Mulla on Indian Penal code, 1860 196(16 ed. 2014)

3
criminalized hacking which would result to destruction, deletion or alteration of any resource in
the computer. 9

The Amendment of 2008 introduced the term ‘Identity Theft’. 10 Section 66C of the Act governs
the crime and provides punishment for the same.

The ‘sensitive personal data’ however required stronger laws to be formulated which could
ensure the protection of private data. The ambit of the term has been defined by IT rules, 2011. It
involves the data related to one’s password, financial information, sexual orientation, biometric
information, medical records. Such a clause would be exceptional to the State or central
government for monitoring, surveillance or interception. The same was provided under Section
69 of the Act.

3. Examples of widespread Identity theft

Identity theft has not only affected India but the entire world, including developed and
developing countries. According to the data, there are about 15 million residents in US alone
whose identities have been fraudulently used every year. The total loss is approximately around
50 billion. The threat does not end here as the risk still remains around millions of Americans
whose personal data are vulnerable even with the Government and corporate database. Even in
India as per the research, one out of four people are victims of identity theft and the data has bnly
increased since 2011.

Some instances of cases filed under section 66C are-

i. State cabinet minister Girish Bapat’s fake profile

State cabinet minister Girish Bapat’s identity was stolen to create a fake profile and share
inappropriate pictures on a social networking site. The FIR was registered in Pune under Section
500 of IPC and section 66c of IT Act.

ii. Rs 71000 lost by a senior citizen

9
Information technology Act, 2000
10
Ibid

4
The banks provided various alerts through SMS and email and this misled the senior citizen from
Mumbai. A misrepresented female executive asked for debit card details and the amount debited
immediately. The FIR was registered under section 420 of IPC and Section 66C of the Act.

iii. Fradulent Mumbai man cheating on English Nationals

A resident of Mumbai fraudulently obtained details of 53 UK nationals and used their credit card
numbers to shop for over Rs 18 lakh. The advantage was obtained through his position in a
private company which provided customer services to cardholders in UK. The FIR was
registered under Section 420 and 408 of IPC and Section 66C of IT Act.

iv. Student hacking Whatsapp accounts

A student from Rajasthan had hacked Whatsapp accounts and sent obscene messages to other
people on victim’s contact list.

As evident in instances of RBI phishing scam, ICC WC 2011 and also the password scam which
targeted Google email account holders, phishing scams are the usual ways of committing identity
theft in India.

In the case of Nasscom v Ajay Sood and ors. 11, the Delhi Hc in a landmark judgment declared
that phishing as an illegal act and that damages could be claimed against such an act.

The world and its famous cases of identity theft-

i. The case of Micheal Bloomberg

Michael Bloomberg, a famous American businessman and also owner of Blommberg LP

Company tops the list of famous cases. Being under the limelight, most of his information were
open to public. A criminal used the information and withdrew a four figure amount through an
online transaction from his account. Also, another criminal had used a forged cheque under his
name and transfer a huge amount to his own account.

ii. Social security numbers used in identity theft

11
119 (2005) DLT 596

5
Golfer tiger woods social security number was hacked and the access to the date of birth, credit
card information was used to undertake an online transaction. Similar thefts have also taken
place against celebrities Will Smith and Whitney Houston.

iii. The case of CEO of identity protection company

Lifelock’s CEO’s social security was exposed in NBC’s show. The identity was then used to take
an advance loan.

iv. Li Ming’s case

Li Limg, a student had faked his own death by forging in a local paper. He attempted to obtain
new license nine months later with an intention to apply for new credit cards.

The stolen identity details can also be used for graver offences which could lead the victim into
serious trouble. Such as the case of Simon Bounce. Identity theft against him landed him under
the list of internet paedophiles, ultimately leading to his arrest by the UK police.

4. Problems relating to Data protection Bill

The Government of India proposed the mentioned bill. The bill comes with serious implications
for all technological and digital service provider companies and has already generated
controversies. Despite India’s attempts to create a complex legal framework with the objective of
protecting data but it comes with shortcomings which are inevitable. On a bare reading, there are
three serious flaws with the current draft.

i. Data localization
ii. Law enforcement access to data
iii. Weak oversight

Firstly, the section of data localization requires data fiduciaries to store atleast one copy of
personal data on a data centre or server which is located in India. However, the centre holds the
upper hand to exempt categories falling under the personal data. Also the centre can declare
certain datas as critical and require them to be stored in India. In the present scenario, this would

6
allow all the social sites also known as foreign internet services to physically able a user data in
the country. This would allow law enforcement easy access to this data, which brings to the
second issue.

The law enforcement access to data section would allow processing of data considered personal
by an individual in the hands of centre and in the interest of security and public welfare, the state
can utilize the information which would not be illegal as it would be according to procedure
established by law. Now, this access stands as a threat to the right to privacy that exists in India.
If combined with the section of data localization, the government shall have access to
information about users in social media.

However, this legal framework for surveillance by the government is governed by the case of
PUCL v Union of India. In this case, the Apex Court stated rules to concentrate the power to
order and review surveillance in the executive body which doesnot require court orders or
supposedly, any third party review. The measure intended to act as a stopgap measure by the
Supreme Court and if any subject falls short of international human rights then there will be very
little to safeguard the citizens.

The last section is about the regulatory structure created. The Central government has control
significantly over the controls. The bill further gives powers to data protection authority to
appoint its members by merely the recommendation of an outside committee. For a person to be
an effective regulator of an institution, one must have sufficient time to learn and the bill
providing only five years of term seems ineffective.

5. Is the Government a white collar criminal?

The term white collar crime has grown to be define the fraudulent crimes of business and
government professionals over time. The characterization of such a crime is violation of trust,
concealment of information, deceit through information and categorically not dependent on any
kind of force or violence imposed. White collar crimes end up having huge impacts on the
society. There have been various scams in the country like the Havala scam, 2g scam, fodder
scam, banking scam and many more. This does not necessarily indicate towards the entire
involvement to be criminal but it merely requires one financial fraud in greed of money or power
to commit such an act.

7
Cybercrime stands as one of the biggest cause to these types of crime in the country. It is the
information that single handedly threatens a person’s security and financial status.

Since the actions of Government have direct impact on the society, it is easily identifiable that
when a white-collar group is discussed, the Government is a part of it.

Now, bringing the recent proposed bill and the white-collar crime concept together, the question
can stand is whether the bill in the name of data protection is actually for protection or is merely
a tool of mass surveillance by the Government.

The Supreme Court in its judgment of right to privacy in the case of K.S Puttuswamy v Union of
India12 declared the right as a part of Article 21 guaranteed under the Constitution of India. The
judgment clearly stated that the right is a natural right and is a measure to protect an individual
from the scrutiny of the State. Thus, any action by the State would undoubtedly result in
violation of such a right and would be subject to judicial review. But, the right clarified to have
reasonable restrictions which empower the State to impose restrictions in accordance with a law
in the interest of State’s need and also the means should be in proportion to the objectives of law.

If the bill is passed, it would bring in major implications especially in areas of national security,
foreign investment as well as international trade.

Conclusion

The implementation of laws and penalizing of the criminals of identity thefts are to be taken care
by the legislature. However, the mechanism is prevented by stricter laws. The sensitive identity
information can be accessed by criminals in IT companies as they have the personal database of
people around the world. The data protection laws are not strong to prevent such crimes. The risk
lies with the proposed data protection bill as it brings with it major implications that could
impact the society altogether. Though it is a positive step for implementing laws in regard to
identity theft but the same would specifically hinder into the information of right to privacy of
people despite the reasonable restrictions since the State itself would come up with the means.
The reflection of aadhar card number used for verification being inspired by the US is also a
12
10 (2017) SCC 1

8
risky step since the US position with identity theft especially because of the social security
number is not hidden from anyone. However, there are steps the government could adopt like the
laws can be made in a more victim friendly manner which would allow the recovery from loss
possible. To minimize or prevent identity threat, before digitalization the government should
focus on more biological aspect of identity verification especially in situations of financial
transactions done online or say email account login. The process would also be easily
implemented since it would require such an identity to be stored with the websites before the
registration itself. Lastly, awareness should be created amongst consumers by which they should
know how to protect personal information and also to comply with only safe internet practices.
The data protection and its rights and redressal mechanism should be educated to them in order
to minimize the harm and also to prevent the crimes by detecting the theft early. On a conclusion
notice, the biggest challenge in front of India is not laws formulation but rather the
implementation behind the legislations which is hindering in the process of efficiency of the
present laws to be achieved.