White Collar Crimes with special reference to Cyber Crimes
For a warrior, nothing is higher than a war against evil. The warrior confronted
with Such a war should be pleased, Arjuna, for it comes as an open gate to heaven.
But if You do not participate in this battle against evil, you
will incur sin, violating your
Dharma and your honour. - Bhagavad-Gita 2.31
Within the field of criminology, white-collar crime as according to Edwin Sutherland is “a crime committed by a person of respectability and high social status in the course of his occupation".
White-collar crime is difficult to define because it can be committed by anyone with money and apply to many different activities. White-collar crime is illegal activity carried on within normally legal business transactions. For example, white-collar crime comes from within legal businesses such as banking, stock trading, or insurance claims. White-collar crime is also nonviolent.
The main motive behind these white-collar crimes is personal gain. Individuals or groups may use and abuse their positions within a company to hide or steal money. White-collar crime can be committed by one individual or it can involve a number of individuals in a large corporation who deceive investors.
Victims of white-collar crime can be an individual; a group of individuals; a local organization whose treasurer secretly spends its money for his own benefit (embezzling); a company like a bank whose officers use its funds for their own gain; the government cheated by the companies who win its contracts; or a large corporation whose officials purposely falsify its financial records.
White-collar crimes therefore overlaps with corporate crime and cyber crime.
The internet in India is growing rapidly. It has given rise to new opportunities in every field we can think of – be it entertainment, business, sports or education. There are two sides to a coin. Internet also has its own disadvantages. One of the major disadvantages is Cyber crime – illegal activitiy committed on the internet. The internet, along with its advantages, has also exposed us to security risks that come with connecting to a large network. Computers today are being misused for illegal activities like e-mail espionage, spams, software piracy and so on, which invade our privacy and offend our senses.
It is a saying that:
"The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb".
The term “cyber crime” is a broad term that is usually applied to a broad range of crimes in which computers are, in some manner, involved. This term, however, is vague and actually refers to a collection of dissimilar forms of criminal conduct that are powered by different motives.
Every computer system is threatened by the large number of crimes which we usually call cyber crimes, but every computer system does not face an equal risk of being victimized by all of those crimes.
Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime.
As Internet usage continues to rise throughout the world, the threat of cyber crime also grows. While some of these crimes are relatively harmless and commonplace, others are very serious and carry with them felony charges.
Different types of cyber crimes
· Computer Viruses
Viruses are used by Hackers to infect the user’s computer and damage data saved on the computer by use of “payload” in viruses which carries damaging code. Person would be liable under I.T Act only when the consent of the owner is not taken before inserting virus in his system. The contradiction here is that though certain viruses causes temporary interruption by showing messages on the screen of the user but still it’s not punishable under Information Technology Act 2000 as it doesn’t cause tangible damage. But, it must be made punishable as it would fall under the ambit of ‘unauthorised access’ though doesn’t cause any damage. This ambiguity needs reconsideration.
It is an act in which the hackers, by using e-mail messages which completely resembles the original ones ask for the verification of certain personal information, like account numbers or passwords etc. Here the customer might get deceived by the originality of that message, which may lead to huge financial losses if the information is used for fraudulent acts like withdrawing money from customers account without him having knowledge of it.
This is carried on by use of deceiving Websites or e-mails. These sources mimic the original websites so well by use of logos, names, graphics and even the code of real bank’s site.
· Phone Phishing
It is done by use of in-voice messages by the hackers where the customers are asked to reveal their account identification, and passwords to file a complaint for any problems regarding their accounts with banks etc.
· Internet Pharming
Hacker here aims at redirecting the website used by the customer to another bogus website by hijacking the victim’s DNS server and changing his I.P address to fake website by manipulating DNS server. This redirects user’s original website to a false misleading website to gain unauthorized information.
· Investment Newsletter
We usually get newsletter providing us free information recommending that investment in which field would be profitable. These may sometimes be a fraud and may cause us huge loss if relied upon. False information can be spread by this method about any company and can cause huge inconvenience or loss through junk mails online.
· Credit Card Fraud
Huge loss may cause to the victim due to this kind of fraud. This is done by publishing false digital signatures. Most of the people lose credit cards on the way of delivery to the recipient or its damaged or defective, misrepresented etc.
The most common type of cyber crime is spam. While email spam laws are fairly new, there have been laws on the books regarding "unsolicited electronic communications" for many years.
Credit fraud is another common form of cyber crime. Certain computer viruses can log keystrokes on your keyboard and send them to hackers, who can then take your Social Security number, credit card number and home address. This information will be used by the hacker for his own means.
· Cyber terrorism against the government organization.
Cyber terrorism may be defined to be “ the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives”
Another definition may be attempted to cover within its ambit every act of cyber terrorism.
A terrorist means a person who indulges in wanton killing of persons or in violence or in disruption of services or means of communications essential to the community or in damaging property with the view to –
(1) Putting the public or any section of the public in fear; or
(2) Affecting adversely the harmony between different religious, racial, language or regional groups or castes or communities; or
(3) Coercing or overawing the government established by law; or
(4) Endangering the sovereignty and integrity of the nation
and a cyber terrorist is the person who uses the computer system as a means or ends to achieve the above objectives. Every act done in pursuance thereof is an act of cyber terrorism.
Reasons for cyber crimes:
Hart in his work “The Concept of Law” has said ‘human beings are vulnerable so rule of law is required to protect them’. Applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be:
1. Capacity to store data in comparatively small space
2. Easy to access
5. Loss of evidence
The Indian parliament considered it necessary to give effect to the resolution by which the General Assembly adopted Model Law on Electronic Commerce adopted by the United Nations Commission on Trade Law. As a consequence of which the Information Technology Act 2000 was passed and enforced on 17th May 2000. The preamble of this Act states its objective to legalise e-commerce and further amend the Indian Penal Code 1860, the Indian Evidence Act 1872, the Banker’s Book Evidence Act1891 and the Reserve Bank of India Act 1934. The basic purpose to incorporate the changes in these Acts is to make them compatible with the Act of 2000. So that they can regulate and control the affairs of the cyber world in a more effective manner.
Provisions of IT Act, 2000
Nature and Punishment
Damage to Computer system etc. Compensation for Rupees 1crore
Hacking (with intent or knowledge) Fine of 2 lakh rupees, and imprisonment for 3 years.
Publication of obscene material in e-form Fine of 1 lakh rupees, and imprisonment of 5years, and double conviction on second offence
Not complying with directions of controller Fine upto 2 lakh and imprisonment of 3 years.
Attempting or securing access to computer Imprisonment upto 10 years.
For breaking confidentiality of the information of computer Fine upto 1 lakh and imprisonment upto 2 years
Publishing false digital signatures, false in certain particulars Fine of 1 lakh, or imprisonment of 2 years or both.
Publication of Digital Signatures for fraudulent purpose. Imprisonment for the term of 2 years and fine for 1 lakh rupees.
Analysis of the statutory provisions
The Information Technology Act 2000 was undoubtedly a welcome step at a time when there was no legislation on this specialised field. The Act has however during its application has proved to be inadequate to a certain extent. The various loopholes in the Act are-
· The hurry, in which the legislation was passed, without sufficient public debate, did not serve the desired purpose.
· “Cyber laws, in their very preamble and aim, state that they are targeted at aiding e-commerce, and are not meant to regulate cyber crime”
According to Mr. Pavan Duggal the main intention of the legislators has been to provide for a law to regulate the e-commerce and with that aim the I.T.Act 2000 was passed, which may also be one of the reasons for its inadequacy to deal with cases of cyber crime.
Positive Aspects of the IT Act, 2000
· Prior to the enactment of the IT Act, 2000 even an e-mail was not accepted under the prevailing statutes of India as an accepted legal form of communication and as evidence in a court of law. But the IT Act, 2000 changed this scenario by legal recognition of the electronic format.
· From the perspective of the corporate sector, companies shall be able to carry out electronic commerce using the legal infrastructure provided by the IT Act, 2000 which was not possible earlier because there was no legal infrastructure to regulate commercial transactions online.
· Corporate will now be able to use digital signatures to carry out their transactions online. These digital signatures have been given legal validity and sanction under the IT Act, 2000.
· In today’s scenario, information is stored by the companies on their respective computer system, apart from maintaining a back up. Under the IT Act, 2000, it shall now be possible for corporate to have a statutory remedy if any one breaks into their computer systems or networks and causes damages or copies data. The remedy provided by the IT Act, 2000 is in the form of monetary damages, by the way of compensation, not exceeding Rs. 1, 00, 00,000.
· IT Act, 2000 has defined various cyber crimes which includes hacking and damage to the computer code. Prior to the coming into effect of the Indian Cyber law, the corporate were helpless as there was no legal redress for such issues.
The Grey Areas of the IT Act, 2000
· The IT Act, 2000 is likely to cause a conflict of jurisdiction.
· Electronic commerce is based on the system of domain names. The IT Act, 2000 does not even touch the issues relating to domain names.
· The IT Act, 2000 does not deal with any issues concerning the protection of Intellectual Property Rights in the context of the online environment.
· As the cyber law is growing, so are the new forms and manifestations of cyber crimes. The offences defined in the IT Act, 2000 are by no means exhaustive. The IT Act, 2000 does not cover various kinds of cyber crimes and Internet related crimes. Certain crimes which doesn’t comes under the ambit of the IT Act, 2000 are-
a) Theft of Internet hours;
b) Cyber theft;
c) Cyber stalking;
d) Cyber harassment;
e) Cyber defamation;
f) and cyber fraud etc.
· The IT Act, 2000 has not tackled several vital issues pertaining to e-commerce sphere like privacy and content regulation.
· Another grey area of the IT Act is that the same does not touch upon any anti- trust issues.
· The most serious concern about the Indian Cyber law relates to its implementation. The IT Act, 2000 does not lay down parameters for its implementation. It seems that the Parliament would be required to amend the IT Act, 2000 to remove the grey areas mentioned above.
Investigations And Search Procedures
Section 75 of Information Technology Act, 2000 takes care of jurisdictional aspect of cyber crimes, and one would be punished irrespective of his nationality and place of commission of offence. Power of investigation is been given to police officer not below the rank of Deputy Superintendent of police or any officer of the Central Government or a State Government authorized by Central Government. He may enter any public place, conduct a search and arrest without warrant person who is reasonably expected to have committed an offence or about to commit computer related crime. Accused has to be produced before magistrate within 24 hours of arrest. Provisions of Criminal Procedure Code, 1973 regulate the procedure of entry, search and arrest of the accused.
Problems Underlying Tracking Of Offence
Most of the times the offenders commit crime and their identity is hard to be identified. Tracking cyber criminals requires a proper law enforcing agency through cyber border co-operation of governments, businesses and institutions of other countries. Most of the countries lack skilled law enforcement personnel to deal with computer and even broader Information technology related crimes. Usually law enforcement agencies also don’t take crimes seriously, they’ve no importance of enforcement of cyber crimes, and even if they undertake to investigate they are posed with limitation of extra-territorial nature of crimes.
Measures To Curb The Cyber Crime
Though by passage of time and improvement in technology to provide easier and user friendly methods to the consumer for make up their daily activities, it has lead to harsh world of security threats at the same time by agencies like hackers, crackers etc. various Information technology methods have been introduced to curb such destructive activities to achieve the main objects of the technology to provide some sense of security to the users. Few basic prominent measures used to curb cyber crimes are as follows:
A) Encryption: This is considered as an important tool for protecting data in transit. Plain text (readable) can be converted to cipher text (coded language) by this method and the recipient of the data can decrypt it by converting it into plain text again by using private key. This way except for the recipient whose possessor of private key to decrypt the data, no one can gain access to the sensitive information.
B) Synchronized Passwords: These passwords are schemes, used to change the password at user’s and host token. The password on synchronized card changes every 30-60 seconds which only makes it valid for one time log-on session. Other useful methods introduced are signature, voice, fingerprint identification or retinal and biometric recognition etc. to impute passwords and pass phrases
C) Firewalls: It creates wall between the system and possible intruders to protect the classified documents from being leaked or accessed. It would only let the data to flow in the computer which is recognized and verified by one’s system. It only permits access to the system to ones already registered with the computer.
D) Digital Signature: These are created by using means of cryptography by applying algorithms. This has its prominent use in the business of banking where customer’s signature is identified by using this method before banks enter into huge transactions.
Prevention is always better than cure. So it is always better to take precautions while operating the net. Sailesh Kumar Zarkar, technical advisor and network security consultant to the Mumbai Police Cyber crime Cell, advocates the 5P mantra for online security: Precaution, Prevention, Protection, Preservation and Perseverance. "Take security seriously," he says. "If you protect your customer's data, your employee's privacy and your own company, then you are doing your job in the grander scheme of things to regulate and enforce rules on the Net through our community." A netizen should keep in mind the following things-
1. To prevent cyber stalking, avoid disclosing any information pertaining to oneself.
2. Always avoid sending photographs online particularly to strangers and chat friends as there have been incidents of misuse of the photographs.
3. Always use latest and up date anti virus software to guard against virus attacks.
4. Always keep back up volumes so that one may not suffer data loss in case of virus contamination
5. Never send your credit card number to any site that is not secured, to guard against frauds.
6. Always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children.
7. It is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal.
8. The web site owners should watch traffic and check any irregularity on the site. Putting host-based intrusion detection devices on servers may do this.
9. Use of firewalls may be beneficial.
10. Web servers running public sites must be physically separate and protected from internal corporate network.
Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime. Crucial aspect of problem faced in combating crime is that, most of the countries lack enforcement agencies to combat crime relating to internet and bring some level of confidence in users.
It’s like ‘eye for an eye’ kind of situation where the technology can be curbed only by an understanding of the technology taken over by cyber terrorists. Even if the technology is made better enough to curb the computer related crime there is no guarantee if that would stay out of reach of cyber terrorists. Therefore Nations need to update the Law whether by amendments or by adopting sui generic system.
There is one spectacle grander than the sea, that is the sky, there is one
spectacle grander than the sky,
that is the interior soul - Victor Hugo
White Collar Crimes – A debate can be viewed at http://www.amicus.iupindia.org/WhiteCollarCrimes_ovw.asp
Nagpal R- Defining Cyber Terrorism
Duggal Pawan - Is this Treaty a Treat?
Duggal Pawan - Cybercrime
“Anusuya Sadhu”, “The Menace of Cyber Crime”, can be viewed at http://www.legalserviceindia.com/articles/article 2302682a.htm
Mr. Duggal's Perspectives on IT Act Amendments can be viewed at http://www.cyberlaws.net/new/pd_on_ITAmendments.php
Gopika Vaidya-Kapoor – Byte by byte can be viewed at http://cybercrime.planetindia.net/byteby_byte.htm
Karnika Seth - Phishing – the new online cyber crime can be viewed at http://www.123oye.com/job-articles/cyber-law/phising.htm
Information Technology Act, 2000
The author can be reached at: email@example.com