CYBER CRIMES WITH SPECIAL REFERENCE

TO CYBER SECURITY: A STUDY

ity
THESIS

rs
ve
SUBMITTED FOR THE AWARD OF THE DEGREE OF

ni
U
lim
us
Doctor of Philosophy
M
h

In
ar
lig

Law
A
y,
ar
br
Li
d
za

SUBMITTED BY
A

SUNOWAR AMEER
na
la
au
M

UNDER THE SUPERVISION OF

PROF. (DR.) JAVAID TALIB

DEPARTMENT OF LAW
ALIGARH MUSLIM UNIVERSITY
ALIGARH (UP) INDIA

2021
 Abstract

ABSTRACT
Technological advancements have created plethora of new opportunities for criminals
to misuse information technologies such as unauthorized access into the computers of
others, hacking, Trojan attacks, e-mail and IRC related crimes, denial of service
attacks, etc. The growth of cyber crime in the world as well as in India is rapid and to
curb its scope and complexity is the emergent need of today. Cyber space offers a
plenty of opportunities for cyber criminals either to cause harm to innocent people or
to make money quickly at the cost of innocent citizens. The growing danger from
crimes committed against computers, or against information on computers, is

ity
beginning to claim attention in national capitals. In most countries around the world,

rs
however, existing laws are likely to be either insufficient or unenforceable against

ve
such crimes. Self-protection, while essential, is not sufficient to make cyberspace a

ni
U
safe place. The rule of law must also be enforced. Cyber crimes are easy to learn and

lim
to commit. However they require few resources relative to the potential damage
us
caused to person as well as world at large without being physically present in a
M
h

jurisdiction.
ar
lig

Moreover, due to the transnational nature of cyber space effective enforcement of

A
y,

Law has become more complicated in curtailing the increasing incidents of cyber
ar

crime. Techniques used in committing cyber crime dramatically increase both the
br
Li

technical and legal complexities for investigating and prosecuting agencies. Hence, it
d

can be said that it is impossible to eliminate cyber crime from the cyber space but it is
za
A

possible to prevent them by generating awareness among the people about the tools,
na

techniques and modes which the cyber offenders invariably use in committing the
la
au

cyber crimes so that they can be countered by using protective and preventive devices.
M

Although various states have initiated legislative measures to combat cyber

criminality, but these alone would not be sufficient to eliminate cyber crime unless
computer users in general are made aware of the loopholes and weaknesses
underlying the operation of computer system and thereby lessen the scope for cyber
criminals to commit these crimes.

India is among few countries, which enacted IT Act, 2000 to curtail the incidents of
cybercrimes. But the aim of the legislation was to cover commercial and economic
crimes only. There are no direct provisions, which specifically deal with the

1|Page
 Abstract

protection of nitizens and only some stray provisions of the Act deal with the crimes
in cyber space. The IT Act is silent on the issue of cyber security in the cyber space.

The growing incidences of cyber-crimes in cyber space can be minimized by taking

the following precautionary steps i.e one should not chat with unknown people in
cyber space. One should keep the passwords protected and keep changing it. One
should not save the personal and important stuff on the computer as the hacker can
access that. If anything seems wrong, there should be immediate contact with the law
enforcement agencies without any hesitation. Government, public and private sector
should make their IT infrastructure secure. One should keep the vulnerable

ity
information on that system which is not connected to the internet. The nitizens should

rs
ve
report the cyber-crime as soon as possible so that the offenders do not have an

ni
opportunity to escape.

U
lim
The right to privacy is important for the general development of the human being.
us
This idea must be characterized appropriately. This right is under danger because of
M

dynamic improvement in the field of technology and overdependence of individual on

h
ar

such technology. Such advancements have attacked the individual’s personal as well
lig
A

as private life. Right to privacy and Data protection are twins however not
y,

indistinguishable. They are identified with one another. Privacy rights are not
ar
br

supreme. The Indian courts through a number of decisions have proclaimed that it is a
Li

fundamental right under section 21 of the constitution. The new advances present new
d
za

methods for security infringement, for example, spamming, phishing, cookies, etc.
A

There is a requirement for a far-reaching arrangement on privacy. In India, this right

na
la

is scattered in different Acts. In the scenery of web-based business and Business

au

Process Outsourcing (BPO) division, the Indian government has laid down the Rules.
M

But we need foolproof privacy law. The Information Technology Act, 2000 has a
number of civil and criminal obligations to prevent the security information
infringements. Method of data collection has been prescribed under the Rules. The
Data Protection Bill, 2018 imposes very strict and huge penalty in case of privacy
breach but this Bill is still pending before the Parliament. It ought to be converted into
an Act after threadbare discussion on the provisions so that privacy right may be
ensured and data protection infringements may be dealt with strictly in this modern
technological age.

2|Page
 Abstract

The concept of the cyber security is very inclusive. It cannot be conceptualized only
with privacy, fundamental rights, information, data protection, etc. Its dimensions
vary day by day with the technological advancement of the cyber world. The impact
of the technological revolution is far-reaching, forcing us to recognize information as
a vital resource of the country, which need special attention. New kinds of cyber
security breaches lead to new cyber crimes which should be combated with the new
strategies, the policy as well laws. There is an urgent need to protect the very basic
components of the cyber security i.e. availability, integrity, confidentiality.

There are various international organisations as well regional organisations and

ity
institutions that are working ahead for the better protection of the cyber space and

rs
ve
save it from security attacks. They have articulated various mechanisms, formulate

ni
strategies to combat the newly technological cyber crimes. However, as per records,

U
there is increase in the number of reported cyber crimes, what to say of unreported.

lim
The existing laws and policy in India do not arrest the problem in effective manner.
us
M
India has increasing number of internet users therefore there is need of effective and
h
ar

comprehensive cyber security protection law, policy as well as strategies. The law and
lig

policy should be effectively implemented to avoid this ever increasing problem of

A

cyber criminality.
y,
ar
br

On the basis of analysis of chapters of the thesis and discussion thereunder, it is well
Li

established that Information and Communication Technology (ICT) brings many

d
za

socio-economic changes in all sphere of human lives in 21st century. With the
A

enormous growth in access to cyberspace, E-commerce has become very easy for
na
la

every person. The use of cyberspace as a platform to connect with each other and
au

thereby sharing every information, is susceptible to cyber-crimes which create

M

numerous cyber threats before the global community. The cyber criminals along with
the advancement of the technology are developing day by day new means for
committing new age crime known as the cybercrime. Because of its extra territorial
jurisdiction the perpetrator can commit cybercrimes without being present in that
territory. The concept of Jurisdiction over cyber-crimes has been a debatable topic.
Ellen S. Podger in his famous work has etched-out the cardinal issues in determining
jurisdiction in cyber-crime which are as follows:

3|Page
 Abstract

 First, the absence of geographical boundaries for commission of the crime;

 second, the glaring lacuna in the legal arena with the lack of a settled law
thriving internationally and the existence of conflict of laws;
 Third, the existence of either positive juridical claims where many countries
claim to exercise jurisdiction and the negative juridical claims where there is
no claim for jurisdiction by a single country, resulting in crimes going
unpunished.

Moreover, it has been argued by many authors and jurists that since the internet is a
borderless world, a separate regulatory law is required to ensure its safety, security

ity
and confidentiality. The urgent need of cyber security laws has become one of the

rs
ve
most compelling priorities for the global nations. The issue of cybersecurity is not just

ni
a technical problem that can be ‘solved’; it is a risk to be managed by a combination

U
lim
of defensive technology, judicious analysis, information warfare and traditional
us
diplomacy because of its far reaching consequences. Nations have to take appropriate
M

steps in their respective jurisdictions to create necessary laws, to promote the

h
ar

implementation of reasonable security practices, incident management, information

lig

sharing mechanisms and to educate both corporate and home users about
A
y,

cybersecurity time to time. International cooperation is also very essential in securing

ar

cyberspace.
br
Li

Tracking of cyber criminals is yet another issue which need to be solved at national
d
za

and international levels. It is not only the laws dealing with cybercrimes that must
A

exist in various countries, but the collection of appropriate cyber forensic data in
na
la

various jurisdictions and their proper presentation in the courts of law are essential to
au

book the criminals and to give justice to the victims belonging to different countries.
M

The term Cyber security needs to be defined comprehensively. Given the current state
of play in cyber security, it is not surprising that the most discussion on the cyber
security sooner or later end as a confusing mix of viewpoint on fundamental rights,
privacy, law enforcement, human rights, globalization and national security, thus
leading to gridlock. With the progress of time, different perspective and approaches
are coming out to tackle this confused state of affairs.

4|Page
 Abstract

Prevention is always better than cure. It is certainly better to take precautions while
operating the net because the creativity of human mind cannot be checked by any law.
As it is righty said that even devil did not know what is going on in human mind,
precaution, prevention, protection, preservation and perseverance really hold the key
to tackle the problem efficiently. Cyber crime is the deadliest epidemic of our planet
and has emerged as a major source of governments’ concern across the globe.

The Information Technology (IT) is vast and complex area. The growth in the number
of internet usage fuelled by easier availability of Information and Communication
Technology (ICT), the widespread use of computers globally and the computer savvy

ity
young generation are some of the key factors that contribute to the cybercrime. There

rs
ve
is a need of comprehensive cyber security mechanism to protect the privacy of the

ni
individual as well as the national security. The word ‘cyber security’ is yet to be

U
defined in a comprehensive manner because of the complex and fact changing nature

lim
of information and communication technology at global and national level but one of
us
M
the most concise one can be found on the Techtarget website and it states: ‘Cyber
h
ar

security is the body of technologies, processes and practices designed to protect

lig

networks, computer, programs and data from attack, damage or unauthorized access.
A

Cyber security has become a big deal. The risks related to cybersecurity is an issue of
y,
ar

concern. Everyone is worried about the risks involved. To overcome such risks many
br

law firms and organisations have started practicing cybersecurity laws. To understand
Li
d

clearly what the cybersecurity laws are, one should take into consideration the
za
A

following questions:
na
la

1. What necessary steps a victim can take to uncover the traces or evidence of
au

intrusion?
M

2. What are the necessary remedies available to the victim to minimise or stop the
loss incurred by such intrusion?
3. What are the liabilities of perpetrators for such intrusion?
4. How these liabilities are to be fixed in a definite manner so that victim gets relief?
5. What are the regulatory authorities, and what powers do they have to enforce
cybersecurity standards?
6. What further steps are required so that the world as a whole can work as a team?

5|Page
 Abstract

The nature of cybercrime and the legal issues are global. Through international
organizations, such as the International Telecommunication Union (ITU), The
International Criminal Police Organization (INTERPOL), United Nations Office on
Drugs and Crime (UNODC), G8 Group of States, Council of Europe, Organization of
American States (OAS), Asia Pacific Economic Cooperation (APEC), The
Organization for Economic Cooperation and Development (OECD), The
Commonwealth, European Union, efforts have been taken to ensure the
harmonization of legislation in the individual countries. There are various
organisations which are continuously working at global as well as regional level to
combat the increasing number of cyber security problems and thereby cyber

ity
rs
criminality.

ve
ni
There is no doubt that the international organizations like The Internet Corporation for

U
Assigned Names and Number (ICANN), The Organisation for Economic corporation

lim
and Development (OECD), and UN based institution ITU are dealing with the cyber
us
M
related issues and continuously trying to establish global internet governance for
h
ar

global commons. To deal with such kind of emerging problems like cyber-crimes and
lig

cyber security before the country the Indian Parliament has passed the Information
A

Technology Act, 2000 as amended by Information Technology (Amendment) Act,

y,
ar

2008 as well as the National Cyber Security Policy, 2013 with the aim of protecting
br

information infrastructure. But technological innovations in the area of information

Li
d

technology are generating security threats day by day which has resulted in large scale
za
A

denial of basic human rights through information security challenges. In spite of the
na

potentiality of the above existing legislation and policy the problem has not been
la

arrested in an effective manner. Like other legal system, the law relating to
au
M

cybercrime is an evolving and growing process, as newer challenges are continually

surfacing in this field. Consequently, due to the fast growth of internet, various legal
issues have arisen, more particularly in the area of cyber crime such as domain name
disputes, intellectual property right disputes, electronic commerce issues, privacy,
encryption, electronic contacts, spamming, banking crime and so on, which make it
essential for all governments to enact effective and strong regulations to control both
offences and offender. It is high time for policy makers to relook the existing law and
policy to shift their focus on strengthening the internet governance to combat the
cyber security challenges in contemporary scenario.

6|Page
 Abstract

Statement of Problem
The convergence of computer network and telecommunications facilitated by the
digital technologies have given birth to a common space called ‘cyberspace’. This
cyberspace has become a platform for a galaxy of human activities with converge on
the internet. Internet is increasingly being used for communication, commerce,
advertising, banking, education, research and entertainment. There is hardly any
human activity that is not touched by the internet. Thus, the emergence of information
technology has increased the rate of cyber attacks and the present cyber law is proving
to be incapable to meet the needs of present day. Therefore, there is a need to amend

ity
the existing law to provide better cyber security and also to formulate effective cyber

rs
crimes prevention strategies and impart cyber crime investigation training to the law

ve
enforcement agencies of India.

ni
U
lim
Aims and Objectives
us
The main objectives of the present study are as under:
M

1 To understand the basic concepts of the cyber-crime and cyber space.

h
ar

2 To study the cyber space usage in Indian scenario and the cyber security
lig

risks.
A

To examine India’s legal framework to tackle the growing incidents of cyber

y,

3
ar

crime and its prevention.

br
Li

4 To deal with the growing challenges related to cyber security.

d

5 To study the role of CERT-In and other organizations or departments to

za
A

prevent cyber security risks.

na

6 To examine the efficacy of policy initiatives related to cyber security, right to

la
au

privacy and provisions of Information Technology Act, 2000 in order to

M

reduce cyber security risks.

Significance of the Study

This study aims to provide a detailed analysis on the issues of Information
Technology pertaining to cybercrime, cyberspace, cyber security, and right to privacy.
Further, this study would examine the growing incidence of cybercrime in India and
the need for cyber security to protect the netizens as well as the government. This
research work would canvass the present cyber law to check its efficiency in
preventing and regulating such crimes. Furthermore, this work would throw some

7|Page
 Abstract

light on government machinery and its policies for providing cybersecurity to the
nation in order to minimize the risk of cyber attacks.

Research Questions
Q1. Whether the Information Technology Act, 2000 is well equipped to resolve
Information Technology related issues?
Q2. Whether the cyber crime cell and cybercrime labs really help in investigating
cyber crime?
Q3. What is the role of the Indian Computer Emergency Response Team (CERT-In)
and other organizations in preventing cybercrime?

ity
Q4. Whether the policies initiated by the government are effective in avoiding the risk

rs
ve
to cybersecurity and privacy?

ni
Q5. What steps are required to ensure better legal regime on the above stated sensitive

U
lim
issues?
us
Hypotheses
M
h

The growing danger from crimes committed against computer or information on

ar
lig

computers showed that the IT Act, 2000 is not well equipped. Ministry of Home
A

Affairs under the Cyber Crime Investigation program is supporting the establishment
y,
ar

of Cyber Crime Police Station (CCPS) and Cyber Crime Investigations and Forensic
br

Training Facilities (CCIFTF) in each State/ Union Territory of India under Police
Li
d

Modernization Scheme. Every State has opened the cybercrime cell. However, all
za

these cells follow the same Code of Criminal Procedure,1973 (Cr.P.C.) which is
A
na

followed for conventional crimes. The Cr.P.C does not contain effective provisions to
la

combat this ever-increasing problem of cyber criminality generally and issues of

au
M

cybersecurity and privacy particularly. Various steps have been taken at the level of
legislature and executive to respond to computer security incidents, create awareness
on security issues and to improve alertness in critical sector organizations as a part of
the ‘Crisis Management Plan’ (CMP) for countering cyber-attacks and cyber
terrorism. All Ministries/ Departments of Central Government, State Governments
and their organizations and critical sectors have been mandated to continuously assess
the posture of their IT systems and networks still these policies and plans do not
appear to be sufficient as position is far from satisfactory.

8|Page
 Abstract

Research Methodology
The present study is doctrinal in nature which involves an in-depth study of the source
materials, text reviews, case studies. It also traces the legislative development in the
national and international level. Primary as well as secondary sources like legal texts,
books, articles, encyclopedias, research papers, newspapers, and the internet material
will be assessed in order to get the most pertinent information.

Plan of Study
The researcher has systematically divided this research into seven chapters detailed as
under.

ity
rs
Chapter-1 titled “Understanding Cybercrimes” deals with the history of internet,

ve
ni
meaning and concept of cyber space. After giving brief understanding about both of

U
them, the researcher has discussed the meaning and various types of cybercrime

lim
committed all over the world including the methodology used by offenders to commit
us
M
these crimes.
h
ar

Chapter-2 titled “Increasing Incidents of cybercrimes in India” deals with the

lig

various types of cybercrime and its impact. In this chapter, an attempt has been made
A
y,

to briefly discuss cyber security scenario in India vis a vis various criminal activity.
ar

Reports of National Crimes Record Bureau (NCRB) from 2014-2018 dealing with
br
Li

cybercrimes has been discussed and analysed with special reference to cyber
d
za

criminality against women in India.

A
na

Chapter-3 titled “Right to Privacy and Data Protection in Cyber Space” the
la

researcher has taken a closer look in the debate focusing on the related but distinct
au
M

concept of privacy and data protection. An attempt has been made to throw the light
on the recent problem of privacy violation in cyberspace. This study focuses on the
need for a data protection bill in India and the precautionary measures to deal with
this problem in the face of growing threats to privacy. By the end, we will have a
clear idea of what privacy and data protection means. How these two issues differ and
overlap. How both are affected by the digital age. How one can engage with
companies and government to protect and strengthen these rights.

9|Page
 Abstract

Chapter-4 titled “Cyber Security: Challenges Faced by Netizens” conceptualizes the

cyber security meaning, definition and its kind. Further, how these newly emerging
issues of cybercrime, which can be tackled by cyber security tools, are also discussed
here.

Chapter-5 titled “Legal Dimension on Cyber Security: International and National

Perspective” deals with International and National organizations through which the
efforts have been taken to ensure the harmonization of legislation in the individual
countries. There are different associations, which are ceaselessly working worldwide
just and at provincial level to battle the expanding number of cyber security issues.

ity
rs
Chapter-6 titled “Grievance Redressal Mechanism” points out various mechanisms

ve
for addressing the grievances in case of cyber violation or criminal misuse of

ni
U
information technology.

lim
Chapter-7 titled “Judicial Response” deals with the role of judiciary towards
us
M
cybercrime in India. In this chapter researcher has discussed the role played by the
h
ar

honorable Supreme Court of India and honourable High Courts through innovative
lig

judgments regarding cybercrime.

A
y,

Finally the study has been concluded upon the base of research and few suggestions
ar
br

have been given with a view to combat the cybercrime. Some of these suggestions
Li

included:
d
za
A

a) The effective implementation and enforcement of IT law is an urgent need.

na

b) A Cyber Crime Cell/Police Station should be developed to handle cases

la

dealing with computer offences.

au
M

c) A Cyber Forensic Laboratory with all updated technologies should be

endorsed to detect computer related crimes.
d) Public Awareness Programmes should be carried out to sensitize public and
particularly police officers about the Information Technology Act, 2000/2008
e) Government should conduct educational Programmes to train the police
officers in collecting evidence in cyber crime cases.
f) Sensitization programmes on cyber-crimes and cyber security should be
organized by the Police Commissionerate in educational institutions to spread
awareness about computer abuse among students. Students should also be

10 | P a g e
 Abstract

updated about the provisions of the Information Technology Act, 2000 as

amended in 2008.
g) Community Policing Programmes should also be initiated to check cyber
offences. The people’s participation can be of great help in combating cyber
crime and ensuring cyber security.
h) There is need to double locking system to provide better data protection to the
information of every individual.
i) The government should setup the cyber security help desks at regional levels
and for general levels for the general users to provide first level of guidance
and support.

ity
rs
ve
Crime is a social evil and though the Police are primarily responsible to take effective

ni
steps to protect us, the society itself need to collectively address the menace and take

U
such steps as may be necessary to reduce the incidences of cyber crime This requires

lim
an understanding of the nature of the crimes by every member of the society so that
us
M
preventive measures can be taken by all.
h
ar
lig
A
y,
ar
br
Li
d
za
A
na
la
au
M

11 | P a g e