On October 17, 2023, FDPPI and Manipal Law School propose to hold a round table to commemorate the Digital Society day on the broad theme of raising Cyber Crimes and how to tackle them.
I propose that the organizers consider the program as not just an awareness of Cyber Crimes to the masses but to elevate them to the regulators with a message as titled above.
My views on why I want this new approach is guided by my observations over the last 25 years since I started my journey on Cyber Law and Cyber Crimes when I have found that it is the apathy of the regulators (though often we keep our criticisms at the level of police only and donot question the Adjudicators and CERT IN for their dereliction of duty) that has contributed to this state of affairs.
Unless the regulators realize their responsibilities and start acting tough, the criminals will only feel emboldened to continue to commit crimes.
Hence we need to awaken the regulators first before we cry out for public awareness of Cyber Crimes as if it is the panacea for all cyber crimes.
I therefore record some of my views in this regard and urge the participants of the roundtable being organized by FDPPI and Manipal Law School on 17th October at 2.00 pm at the Yelahanka Campus of the MLS to be extended to the virtual world both in terms of speakers from outside India and observers of the discussion.
Those experts who want to share their views may kindly contact the organizers through e-mail on fdppi4privacy @ gmail.com
There are no two opinions about Cyber Crimes being on the raise in India. As India that is Bharath is trying to promote its digital leadership to the world through globalization of the UPI system and the use of Aadhaar for Direct benefit Schemes, the raise of Cyber Crime hubs in towns like
Bharatpur, , Mewat, Bhiwani, Nuh, Palwal, Manota, Hasanpur, Hathan Gaon (all in Haryana),Ashok Nagar, Uttam Nagar, Shakarpur, Harkesh Nagar, Okhla, Azadpur (all in Delhi) (all in Delhi) Banka, Begusarai, Jamui, Nawada, Nalanda, Gaya (Bihar),Barpeta, Dhubri, Goalpara, Morigaon, Nagaon (Assam), Jamtara,Deoghar (Jharkhand), Asansol, Durgapur (West Bengal), Ahmedabad,Surat (Gujarat), Azamgarh (Uttar Pradesh) and Chittoor (Andhra Pradesh).
raises an alarm.
We are all aware of the “Darkweb”, but the trends in these towns and villages indicate that “Dark Towns” are emerging in physical space and like the Drug lords of Columbia and Mexico these are going to be sore points on the raising status of India as a Digital leader of the world.
Recently a few criminals arrested by Police in one of these towns were released by the villagers who attacked the Police party indicating that law and order is passing on to the mafia.
These organized Cyber Criminals are supported by the eco system of Bankers and Mobile Service Providers in these places who assist them in committing Cyber Crimes. Many business offices have emerged even in Noida where people are recruited into organized crimes and operations are run like a professional company.
Apart from these types of criminals there is also a gang of Cyber Urban Naxalites who try to target attacking Government assets as a target practice and hack into any Government service just to prove their hacking skills. In many such instances instead of strongly responding to such white collared criminals, CERT In remains a mute spectator and MeitY behaves as if it is not concerned. This lack of action by these regulators is worse than a Police inspector in a station refusing to register an FIR.
While MeitY and MHA are focussing on bringing new laws such as DIT or new IPC, there is little attention on ensuring that there is a national Cyber Crime policing outfit which will provide a long term cadre to experts in Cyber Crime police and render Cyber Crime Police stations as training ground for officers who after three years go back to bandobast duties.
Change is required more than in the law int he way law is administered. This requires the regulators to be educated on what the public think is their commitment to prevent Cyber Crimes. For the last 23 years we have been blaming the public for lack of awareness and always protecting the intermediaries and others who fail to do their duty.
In the Umashankar Vs ICICI Bank case as well as an earlier SBI case iN Kerala and a recent Gauhati High Court case, Judiciary has been open to hold the intermediaries liable for Cyber Crimes.
But this message that Intermediaries are the key to control Cyber Crimes has not gone to the regulators.
Otherwise, how can RBI give any banking license to Bankers in Jamtara like towns who are laundering money of innocent cyber crime victims? How is that the army is not called in to sweep these towns of “Cyber Weapons” in committing Cyber Crimes? Why is MHA not recognizing that Cyber Crimes are irretrievably linked to Terrorism, drug trade etc, Why is our Finance Ministry reluctant to ban the Criminal’s currency called Bitcoins?
These are the questions that need to be raised today on “Awareness”. Let us not treat the public as facilitators of Cyber Crimes by ignorantly passing on OTP. The OTP is not considered the safest measure of authentication and it is being used as the best available option for the time being. Without control of SIM cloning and other forms of OTP stealing, there is no technical safeguard which can be used by an ordinary citizen to protect himself.
Hence all financial cyber crimes should be the responsibility of the Intermediaries, no questions asked. If Bankers and mobile operators feel the pinch they will be more responsible in doing their KYC and distribute the weapons of crime.
Banks harass genuine customers with KYC demands again and again and in the process keep the KYC details every where in the network exposing the customers to greater danger.
We cannot ask these Banks what happened to my KYC last year and why are they asking for KYC once again.
We cannot ask them why it is so difficult for my ID to be verified while the criminals can very easily get their IDs verified and Banks accounts opened?
Why are we not questioning why Domain Name Registrars are able to hide the Domain Name registrant’s identity to facilitate phishing?
Why are the e-mail providers substituting the IP address of criminals with their own proxy addresses and creating hurdles for investigators?
Why are we not implementing the TRAI suggestion for Caller ID display on phone calls and why are we not introducing a similar system for E-Mail providers? though we are trying to implement such user ID display for WhatsApp and Twitter?
Why is that Meity succumbed to the pressures of business and gave up on Data Localization in the DPDPA to make it difficult for Police even to start an investigation?
These are the questions I would like to ask ..who else but Sri Rajeev Chandrashekar the MOS and Sri Ashwini Vaishnav the Minister of IT, Amit Shah, the MOH and ultimately Mr Narendra Modi the PM.
Let this “Jago Regulator Jago” campaign spread and every citizen of this country raise their voice that “Awareness is not only for the public but also for the Regulators”.