The COVID-19 pandemic was a shocking and exceptional event that changed the lives of millions of people around the world resulting in a different way of living and working, commonly known as New-Normal according to societal norms. Because of this pandemic, the world is mostly running on the internet as work from home has become the order of the day and it is the only option for people to accomplish their daily activities. The way of working has changed in this lockdown, but along with this the techniques of committing a crime have also changed. Apart from the harsh impact of the pandemic on society and business, it created cyber-crime related situations which influenced society and business as a whole.
Cybercrime has wide-ranging, long-lasting effects across society, targeting individuals, small and large businesses, academia and governments. Even before the pandemic, cybercrime was recognized as a major global risk. The increased concern due to the epidemic increased the number and extent of cyber-attacks as well as the likelihood of cyber-attacks being successful. There is no doubt that crime rates have come down as people are returning but digital or online scam has seen a boom. Digital platform undoubtedly works as a communication interface, but sometimes it also serves as a way for criminal elements and ultimately leads to security concerns. Work from home, the new normal has become a new way of exploiting the people by the cybercriminals. Since the utilization and number of individuals on the internet expanded due to this pandemic, the requirement of cyber laws was felt in India.
CYBER-CRIMES IN INDIA
Initially, there were few users on the Internet, so cyber-crimes were not much, but with the introduction of 4G technology, cyber-crimes gradually increased. Subsequently, with the arrival of the Corona epidemic in 2020, there was a huge surge in cybercrime. Various types of cyber-crimes that are growing in India are as follows:
Phishing is a cybercrime where the criminal approaches the data of the user through a website or a mail that looks real and legal but is a fraud. People are using social media like WhatsApp, Twitter, Instagram, etc. more frequently for their work and enjoyment. Additionally, they are using payment apps like Paytm, Phone Pay, Google Pay, etc. to pay their bills, buy medicines, purchase grocery, recharge their phones, etc. these activities have opened the door for spyware and ransomware attacks. Spyware steals users' personal information and account details, while a ransom attacker dominates and captures the user's login credentials. During the entire lockdown, phishing attacks have increased a lot and because of this people are severely affected as they have lost their hard-earned money. For instance, an app named ‘Covidlock’ misunderstood as an app to show the current status of the spread of coronavirus has been used as ransomware to target the worried and concerned population.
HACKING IN FIRMS AND COMPANIES
Corona outbreak has caused a severe increase in the number of cyber-attacks and due to this outbreak, a VPN structure has been set up by many companies so that their employees can have access to all the data which has also become the target of the hackers. They try to hack the software of the companies so that they can get all the important information and details. For instance, recently hackers also tried to steal sensitive information such as PAN Cards and phone numbers by hacking the computers of the Indian State Tax Department. They also tried to hack PM’s COVID fund and made several attempts to hack the bank's server and Stock Markets.
RUMOURS AND FAKE NEWS
Another major issue that has come to the fore is rumours or fake news that were frequently spreading across the world. For example, misleading information was spread on social media that ‘Chicken is the carrier of Coronavirus’, an audio clip also went viral in which it was asserted that vegetable vendors are spreading coronavirus by licking or spitting on the vegetables, and many more fake news or rumours were spread. Taking the benefit of people’s fear for Covid-19, many scammers made fake websites for selling items keeping in mind the insufficiency of masks and sanitisers during the lockdown. Although, the website disappeared after some time and the items were never received. Recently, the Cyber Division of New Delhi released URLs of the websites, warning the people about their malicious activities and urged them to not access any of them. Some of them were coronavirusstatus[.]space, vaccine-coronavirus[.]com, survive coronavirus[.]org. It was observed that various rumours about COVID19 were fake and meant to create fear and tension among people.
PATIENTS AT RISK
Cyber-attacks have occurred not only at regional health centres but also at WHO to steal the credentials of WHO employees. In addition to this, thousands of others associated with those working against the novel coronavirus were also leaked. Although, the leaked data did not set the WHO system in danger as this information was old but it did affect the old server which is currently being used by the retired staff as well as with the partners. The quantity of cyberattacks against the association is five times more than a similar period in 2019. Ransomware attacks have been found in health centres where the necessary documents of the patients are taken and not given back till a specific amount of ransom is recompensed. Health centres have been aroused to ransom sites that declare themselves to be government guided websites to keep a look on the corona sufferers but then the system gets hacked.
CYBER LAWS IN INDIA
In India, any crime committed by the use of technology is prevented through Cyber Laws. Cybercrime laws protect citizens from sending delicate information online to a stranger. There is no separate legal framework of cyberlaw as it is a combination of IP, Data Privacy, Contract, and Security Laws. To create an effective atmosphere for commercial use of I.T and to deal with the problem of Internet-related crimes Information Technology Act, 2000 was enacted which provides punishment and remedies for the same. The Act was enacted to create an effective environment for commercial use of technology and tackle the problem of Internet-related crimes. And also, this is the only particular law that is the basis of cyber laws. Internet-related offences that are punishable under Information Technology Act, 2000 are:
Section 65 – If a person intentionally tampers or alters the computer source document then he/she shall be punishable with imprisonment which may extend to 3 years, or with a fine up to 2lakh rupees or with both.
Section 66 – A person shall be punishable for hacking (if done fraudulently), dishonestly receiving stolen computer resources, identity theft, deception by a person using computer resources, violation of privacy, and cyber terrorism with imprisonment or fine or both.
Section 67 – If a person publishes obscene data in electronic form, then he/she shall be punishable with imprisonment which may extend to 3 years, or with a fine up to 5lakh rupees. Although, in the event of subsequent punishment the imprisonment period may extend to 10 years and a fine up to Rs. 10,00,000.
Section 70 – If a person accesses the protected system without any authorization, then he/she shall be punishable with imprisonment for up to 10 years and with a fine.
Section 72 – If a person accesses any important data without the consent of the person concerned to another person, then he/she shall be punishable with imprisonment up to 2 years, or with a fine up to 1 lakh rupees or with both.
Section 73 – If a person publishes a false digital certificate, then he/she shall be punishable with imprisonment up to 2 years, or with a fine of rupees 1 lakh or with both.
Apart from the above Act, the Indian Penal Code, 1860 also provides certain penalties and remedies for cybercrimes under section 354 (cyberstalking and online harassment), section 505 (spreading fake news), etc.
LACUNAE IN CYBER LAWS OF INDIA
There was no need for cyber laws earlier because cybercrimes were less but as cyber-crime increased, especially in Covid 19, loopholes appeared in cyberlaw like there were no strict data protection laws, data protection agreement, user-friendly mechanism, etc. Basically, in India, problems of cybercrime arise because there is no set definition of cybercrime in any law or act. Although in IT Act 2000 there are few laws and measures yet there are many grey areas. Furthermore, there are no specific findings or scams against large companies and therefore should be dealt with under the areas of hacking and online fraud. No separate policy has been formulated to deal with cybercrime against health care areas also.
Territorial Jurisdiction is another significant issue that isn't explicitly managed by any cyber law. ‘Since cybercrimes are computer and Internet-based crimes, hackers are sitting far away and probably in another state and therefore jurisdiction is difficult to determine.’ Another problem is the prevention of the evidence as most of the proofs are available online and the destruction of the same is easy.
Moreover, the current laws are restricted to only doctrinal penalties as it is difficult to prosecute the offender due to anonymity. There is no strategy to find out these online criminals who are sitting far away from the original location and even there are no concrete measures to take action against them. Hence, there must be strict and separate cyber laws for different crimes so that criminals are afraid of committing these crimes.
PROTECTION NEEDED FOR CYBER-CRIMES
With continuous digitalization and data growth, it is important to create protection with the necessary resources including comprehensive training to ensure data privacy and cybersecurity in India. Also, with cybersecurity being a $ 6.7 billion industry, there is a greater need for stern cyber laws in India. Following steps should be taken for the defence of cyber-crimes:
The Indian Constitution guarantees every person the right to privacy as it is a fundamental right, therefore it is important to have a strict data protection law in India, it is also imperative to have severe rules that protect an individual's privacy, regardless of the prevailing circumstances.
To make the software more secure before it is in the hands of the user, data security impact evaluation must be done by companies testing them at various levels before offering artificial intelligence and software solutions on the devices. Government websites require very strong data security evaluation to protect official data online.
Data in the European Union's General Data Protection Regulation ("GDPR") are protected by effective regulation on users' data, reducing the threat to privacy. Therefore, the application of artificial intelligence should be structured with the aim of Covid-19, after ensuring similar objectives for such laws.
More user-friendly machine learning tools are needed to make users understand and feel secure while browsing on the web. Most users are unaware of Internet websites and threats, this illiteracy of Internet users in India makes them victims of cyber-crimes.
Recently, Home Minister Amit Shah launches the country’s first Cyber Crime Prevention Unit AASHVAST (Assured Assistance Service Helpline for Victim at Shortest Time) in Gandhinagar which includes cyberbullying, cyberharassment, etc. Cyber AASHVAST will assure the citizens of safety against any sort of cyber-crime.
Therefore, to reduce the cyber-crime, a user-friendly cyber policy should be implemented that has a strong security system like training users, quick response, system check & assistance which eventually help the users in securing their network.
The government should tighten the security of the state's digital networks and systems that store important public data and take necessary steps in this regard. The lockdown has revealed the frail cyber laws and after an increase in Cyber Crime, the government has turned its attention to this matter, the cyber police and cyber centre have become more agile. The Government also advises the general public not to fall prey to these sole crimes and take safety measures while filling details and credentials on digital websites. Yet, the government additionally needs to think of some more stringent laws, techniques, and tactics to catch the hackers. In addition, some security applications need to be introduced to prevent companies' systems and healthcare computers from being hacked. There is no doubt that cyber-crime is protected through cybersecurity laws but the still existing Information Technology Act, 2000 requires some reforms as it is a comprehensive task and does not cover other aspects affected by cyber-crimes. Hence, “PREVENTION IS ALWAYS BETTER THAN CURE”.
Increasing Cybercrime Since the Pandemic: Concerns for Psychiatry.
What is Cyber AASHVAST ? - January 12, 2020.
Indian Technology Act, 2000
By- Alisha Maheshwari
BBA LL.B (Hons.), 3rd year
Uttaranchal University, Law College Dehradun.