With the increasing digitization and internet penetration in the country, India has witnessed a surge in cybercrimes in recent years, presenting a myriad of challenges for law enforcement agencies. Cybercrime refers to criminal activities that are conducted over the internet or using digital technologies, computer systems and networks. These crimes encompass a wide range of illegal activities, including hacking, online fraud, identity theft, phishing scams, cyberbullying, and spreading malicious software.
Understanding the laws and offences related to cybercrimes is essential in combating this growing threat. This article delves into the various offences under the Indian Penal Code (IPC) and relevant acts of the Government of India, shedding light on the legal framework designed to address cybercrimes in the country.
Some common cybercrimes
The most common cybercrimes that are prohibited by the Government of India are:
- CHILD PORNOGRAPHY/ CSAM: Involves the creation, distribution, or possession of explicit content involving minors. Child Sexually Abusive Material (CSAM) and Cyber Grooming (online sexual exploitation or abuse of minors) which is illegal and morally reprehensible.
- CRYPTO-JACKING: Illegally using someone else’s computer to mine cryptocurrencies without their knowledge or consent.
- CYBER BULLYING/STALKING: Harassment, threats, or humiliation of an individual or a group using digital communication channels, leading to emotional distress and psychological harm.
- DENIAL OF SERVICES/ DISTRIBUTED DOS: Overloading a targeted system or network with traffic to make it unavailable to users, disrupting services.
- ESPIONAGE: Illegally obtaining sensitive information, often related to national security or trade secrets, from a foreign government, organization, or individual.
- ONLINE FRAUD/Scam: Various fraudulent schemes to deceive individuals or organizations online, leading to financial losses. This includes phishing, job offers or matrimonial alliances, identity theft, and credit/debit card fraud.
- ONLINE DRUG TRAFFICKING: Illicit sale and distribution of drugs through online platforms, often facilitated through the dark web and cryptocurrency transactions.
- ONLINE SEXTORTION: Coercing individuals into providing explicit images or videos, often through threats or blackmail, with the intent to extort money or other forms of exploitation. A similar cybercrime is Sexting which involves explicit or sexually suggestive messages, images, or videos.
- RANSOMWARE: Malicious software that encrypts files or locks computer systems, demanding payment (ransom) for their release.
- SMSHING/ SIM SWAP: Phishing attacks are conducted through SMS (text messages) to trick individuals into revealing sensitive information or downloading malicious content. In SIM swap, the unauthorized switching of a person’s mobile service to another SIM Card, is often used for identity theft and financial fraud.
- PHISHING: Fraudulent attempts to obtain sensitive information, such as passwords and credit card details, by disguising it as a trustworthy entity through electronic communication.
- SPAMMING: Sending unsolicited and often irrelevant or inappropriate messages, advertisements, or links, usually in bulk, to a large number of recipients.
- UNLAWFUL CONTENT: Digital content violating laws or ethical standards, like hate speech, terrorism-related material, or pirated content.
Recognize these potential threats, take preventive measures, and report suspicious activities to authorities.
Additionally, know the essential steps involved in filing a cybercrime complaint online with Cyber Police or reporting to Local Police to protect yourself from being a victim or financial losses.
Offences under IPC
India has enacted stringent cybercrime laws recognized in the Indian Penal Code (IPC):
- Criminal Intimidation (Section 503): This section addresses sending threatening messages, with legal consequences for instilling fear or apprehension of harm.
- Defamation (Section 499): Defamatory messages fall under this section, protecting individuals from false accusations that harm their reputation.
- Cheating (Section 420): Cyber frauds, including bogus websites, are covered, ensuring legal action against fraudulent online activities.
- Forgery (Section 463): Forgery of electronic records, such as spoofing, is punishable, emphasizing data integrity and authenticity.
- Extortion (Section 383): Extortion includes web-jacking incidents, safeguarding individuals and organizations from coercive online tactics.
- Obscenity (Section 292): Creation or distribution of explicit and pornography content online is addressed here, maintaining decency and morality on the internet.
- Stalking (Section 354-D): Protection against online harassment is provided, ensuring safety and mental well-being in the digital space.
Acts of the Government of India
1. Information Technology Act 2000 (IT Act 2000):
The Information Technology Act, 2000 (IT Act 2000) was enacted on 17 October 2000 to govern cybercrime and e-commerce. It was amended in 2008 to include new provisions on cyber terrorism, data protection, child pornography, and intermediary liability.
The IT Act 2000 was most recently amended in 2022 by the Information Technology (Amendment) Act, 2022. The amendments were made to strengthen the law against cybercrime and to make it more effective in dealing with emerging challenges. Some of the key amendments include:
- New offences: Such as the offence of doxing (disclosing personal information of another person without their consent) and the offence of impersonating a government official.
- Increased penalties: For certain offences under the IT Act 2000, such as the offence of hacking and the offence of spreading child pornography.
- Powers for law enforcement: Such as the power to intercept electronic communications and the power to block access to websites.
- Social media platform requirements: For over 50 million users in India, appoint a grievance officer, remove harmful content within 72 hours of receiving a valid complaint, and preserve certain types of data for up to 180 days.
The IT Act 2000 also provides for a legal framework for the investigation and prosecution of cybercrimes. The Act establishes a Cyber Crime Cell within the Central Bureau of Investigation (CBI) to investigate cybercrime cases and a special court to try cybercrime cases.
2. Digital Personal Data Protection Act 2023:
The Digital Personal Data Protection Act (DPDP Act) 2023 was passed by the Indian Parliament in August 2023 and came into effect on January 1, 2024. The Act applies to the processing of digital personal data within India, regardless of whether the data was originally collected in digital or non-digital format and subsequently digitized.
The DPDP Act defines personal data as any data that relates to a directly or indirectly identified natural person. The DPDPA also categorises some personal data as sensitive personal data, such as financial data, health data, biometric data, genetic data, religious or political beliefs, etc., which require higher standards of protection and consent.
The DPDP Act also grants individuals several rights to personal data, including the right to access, correct or erase, withdraw consent for the processing data, and port personal data to another data fiduciary. The Act also includes these provisions:
- Establishment of a regulatory authority called the Digital Personal Data Protection Authority (DPDPA), which is responsible for enforcing the provisions of the DPDPA and issuing guidelines, codes of practice, and orders with the power to impose penalties and compensation for violations of the Act.
- Laws and legal framework for data protection and cybercrimes within the DPDP Act including provisions related to various cybercrimes, such as hacking, data breaches, and cyberstalking, Empowering law enforcement agencies
The DPDP Act is the primary law governing data protection in India, but some other laws and regulations that also deal with data protection and cybercrime:
- The Indian Penal Code, 1860
- The Bankers’ Book Evidence Act, 1891
- The Credit Information Companies (Regulation) Act, 2005
- The Aadhaar Act, 2016
The Digital Personal Data Protection Act 2023 is a significant step forward in protecting the privacy of Indian citizens. It establishes some important principles for the processing of personal data and grants several rights to data principals including various provisions on cybercrimes.