INDIA’S CYBER INFRASTRUCTURE

CONTEXT

There has been a steady spike in cases of cybercrime in the last five years but the capacity of the enforcement agencies to investigate cybercrime remains limited. According to the National Crime Records Bureau from 12,317 cases of cybercrime in 2016, there were 50,035 cases registered in 2020.

Arjun Pandit Rao Khotkar vs. Kailash Kushanrao Gorantyal &ors.-The Court held that a certificate under section 65B(4)of the Indian Evidence( IE)Act was a mandatory prerequisite for the admissibility of (Secondary )electronic record if the original record could not be produced.

LOOPHOLES

1) No procedural code-There is no separate procedural code for the investigation of cyber or computer-related offences. As electronic evidence is entirely different when compared with the evidence of traditional crime, laying down standard and uniform procedures to deal with electronic evidence is essential.

2) Shortage of technical staff-There has been half-hearted efforts by the state to recruit technical staff.

A regular police officer, with an academic background in the arts, commerce, literature, and management may be unable to understand the nuances of the working of a computer or the internet.

3) Lack of coordination between centre and state”-police” and “public order “being in the state list, the primary obligation to check crime and create the necessary cyberinfrastructure lies with states.

At the same time, the IT Act and major laws being central legislations, the Central government is no less responsible to evolve uniform statutory procedures for the enforcement agencies. Though the Government of India has taken steps that include the setting up of the Indian Cybercrime Coordination Centre (14C) under the Ministry of Home Affairs to deal with all types of cybercrime.

4) Archaic labs- offences related to cryptocurrency remain underreported as the capacity to solve such crimes remains limited. The central government has proposed launching a digital rupee using blockchain technology soon. State enforcement agencies need to be ready for these technologies.

5) Need for Data localization-most cybercrimes are transnational with extraterritorial jurisdiction. The collection of evidence from foreign territories is not only a difficult but also a tardy process. India has an extradition treaty with 48 countries and an extradition arrangement with 12 countries.

In most social media crimes, except for the prompt blocking of an objectionable website or suspect’s account, other details do not come forth quickly from large IT firms.

SOLUTIONS

• Training-providing proper training so that act as a first responder who could identify digital evidence and secure the scene of the crime or preserve digital evidence till the arrival of an expert
• Recruitment of technically qualified staff who can analyze digital evidence.
• The state of Goa, through C.I.D. C.B.,North Goa ,Goa .vs. Tarunjit Tejpal took objection to the fact that the investigating sub-inspector, who seized the relevant CDs, did not know the meaning of the term “hash value”
• Nupur Talwar vs. State of U.P. and Anr. The Allahabad High Court observed that the Indian Computer Emergency Response Team (CERT-IN) expert was not provided with the details of the Internet logs, router logs, and laptop logs to prove whether the Internet was physically operated on a fateful night.
• The broad guidelines for the identification, collection, acquisition, and preservation of digital evidence are given in the Indian Standard IS/ISO/IEC 27037:2012, issued by the Bureau of Indian Standards (BIS), this document is fairly comprehensive and easy to understand for both the first responder ( who could be an authorized and trained police officer of a police station )as well as the specialist ( who has specialized knowledge, skills, and the abilities to handle a wide range of technical issues.)
• Cyber police stations-Setting up a separate cyber police station in each district or range, or having technically qualified staff in every police station.
• The Information Technology (IT) Act, 2000 insists that offences registered under the Act should be investigated by a police officer, not below the rank of an inspector. The fact that police inspectors are limited in number in districts, and most of the field investigation is done by sun –inspectors. Therefore, it will be pragmatic to consider a suitable amendment in section 80 of the Act and make sub-inspectors eligible to take up investigations of cybercrimes.
• Upgrade cyber labs-offences related to cryptocurrency remain underreported as the capacity to solve such crimes remains limited.
• The centre helps in upgrading the state laboratories by providing modernization funds, though the corpus has gradually shrunk over the years.
• While most state cyber labs are sufficiently equipped to analyze hard disks and mobile phones, many are yet to be notified as Examiners of Electronic Evidence (by the Central government)to enable them to provide expert opinions on electronic records.
• Since there is now a state of art National Cyber Forensic Lab and the Cyber Prevention, Awareness, and Detection Centre (CYPAD) of the Delhi Police, there may be an extension of professional help to states in getting their labs notified.
• Data Localization –this must feature in the proposed Personal Data Protection law so that enforcement agencies can get timely access to the data of suspected Indian citizens.
• CyberTipline reports on online child Sexual Abuse Material from the U.S.’s nonprofit agency, the National Center for Missing & Exploited Children (NCMEC). India needs to develop in–house capacity and makes intermediaries accountable to identify and remove online CSAM for immediate action by the police.
• Statutory force-as resolved in the conference of the Chief Justices of the High court in April 2016, and a five-judge committee was constituted in July 2018 to frame the draft rules which could serve as a model for the conception of digital evidence by courts. The committee, after extensive deliberations with experts, the police, and investigation agencies, finalized its report in November 2018, but the suggested Draft rules for the Reception, Retrieval, Authentication, and Preservation of Electronic records are yet to be given a statutory force.

 CONCLUSION

Centres and states must work in tandem and frame statutory guidelines to facilitate the investigation of cybercrime at the same also need to commit sufficient funds to develop cyberinfrastructure.