How Long Will Google take to resolve an IP Address?… Make all intermediaries pay for the delay

What can be done to improve the number of successful investigations of Cyber Crimes in India? is a question most observers of the Cyber Crime scene in India are struggling to find answer to.

The T K Vishwanathan Committee has recently seems to have suggested three improvements namely

a) Creation of a post of State Cyber Crime Coordinator at the level of the Inspector General of Police (Suggested new Section 25B of CrPc)

b) Providing powers to the Sub Inspectors of Police to investigate offences under ITA 2000/8 (Suggested amendment to Section 78 of ITA 2000)

c) Creating “District Cyber Crime Cell”consisting of a DySP as the head with as many Sub Inspectors as may be required and at least three experts in Information Technology, Mobile Telephony, Digital Forensics, Cyber Law or such other Experts with such qualifications to be appointed by the State Government in accordance with the rules.

(P.S: These are presently recommendations and are yet to be confirmed)

Once these suggestions come into practice, there could be a great improvement in the way Cyber Crime investigations progress.

However, it is necessary for us to flag one of the major stumbling blocks to the speedy investigation of Cyber Crime Cases and that is the non cooperation of intermediaries such as Google, Yahoo, WhatsApp, Face Book, Twitter etc followed by the local ISPs such as the Airtel, Reliance or others.

I recall the early days of Cyber Crime investigations that I was personally involved in Chennai

a) A case in which I located an IP address of a suspect and within the next 20 minutes, I and the DySP converged on to the ISP’s office and got the address of the dynamic IP address user from the RAS server almost instantly and landed up in the scene of crime in the next 10 minutes to find the perpetrator still in front of the computer. The person could be apprehended and investigation could go ahead. In this case the IP address was related to the e-mail recipient. (I suppose it was a Yahoo email).

b) Another case in which a threatening e-mail had been received by a Government official and was reported around 4.00 pm on a particular day and within a few hours it had been resolved to an office address and next day before the office was to open, Police were ready at the site to arrest the employee responsible for the offence and continue the investigation

c) The third was the historical Suhas Katti Case in which again the undersigned started with a Yahoo group message which provided an IP address and resolved it to MTNL Mumbai. Then the Police got the resolution of the MTNL IP address within perhaps a day and were ready to travel to Mumbai for further investigation. With all the formalities for travel and travelling by train, the Police were in Mumbai for further investigation on the 7th day after the complaint had been received to continue with the arrest of the accused and further investigation which finally resulted in the first conviction under ITA 2000.

All the above three incidents happened before 2004 when the Police were still very much ill equipped as to the Forensic part of investigation even at the State Forensic Labs. But they represented very successful investigations.

In comparison, after more than 12 years since these investigations, today, except in the case of celebrity complaints or when national security issues are involved, the first step of getting IP resolution of emails from the service providers such as Gmail takes a much longer time.

The local ISPs are better but even they take their share of time to reveal what is instantly available on their records.

As a result of this loss of action during the golden hour of a Cyber Crime, investigation trails go cold and become unsuccessful.

A similar problem is seen when Police are trying to investigate use of mobiles through the Tower dump analysis or Call Record details.

I am presently struggling with a case in Mumbai where Police is unable to get the information from Google for more than 10 days and I presume that it is Google which is holding up information for no specific reason.

If Cyber Crime investigation has to improve in India therefore, there is a need to make these service providers change their attitude towards their role in Cyber Crime prevention.

What is Required to Change

Firstly it is an obnoxious practice that the service providers follow where they hide the “Originating IP Addresses” from the header information and substitute it with a proxy IP address.

Every e-mail contains a “Sender’s Address” (consisting of the name and signature line) and hence any genuine e-mail sender is voluntarily giving his identity in the header information and the body of the message.

Hence email senders would not have any objection if their IP address is revealed in the header information. At the same time the E-mail recipients would consider it as their  “Legal Right” to know who has sent them the e-mail.

On the other hand the Service providers may have a wrong notion of “Privacy” and think that substituting the real originating IP address with a proxy address is “Protection of Privacy”.

I completely disagree with this view and demand that the Honorable Supreme Court clarify this if required.

Only persons who want to send an e-mail or a message so as to deceive the recipient and mislead him/her about the origin of the message would want their IP address to be protected by a proxy address.

This was actually a recognized offence under Section 66A of the ITA 2008, which our  Supreme Court unfortunately decided to scrap under the wrong notion of protecting Freedom of Speech.

“Attempt to deceive” the recipient of a message is itself an “Attempt to commit an offence” in all cases where the recipient has filed a complaint in which the IP address resolution is one of the requirements of investigation.

In view of this, every time Google or other service providers suppress the real IP address, they are “assisting” the suspect in escaping the legal consequences of “attempt to deceive with false recipient ID”. This is a contravention of Section 43/66 of ITA 2000/8.

Under Section 69B and 70B, Government agencies such as the IT Secretary and DG CERT IN have statutory powers to seek the information and if the intermediaries donot cooperate, prosecute them for imprisonment of 1-2 years.

Despite these strong provisions of ITA 2000/8, the Service providers are not responding to requests from the Police which should happen in real time.

I have suggested in an earlier article that Under Section 69B and 70B, the Government can authorize many officers other than the Police also to issue “Demand for IP Address Resolution” so that the burden on the Police would come down.

In the meantime, I would like Google in particular to respond and show cause why their substitution of originating IP address with their own IP address should not be considered as an open support to the criminal activities and why Google Inc should not be made liable for any delay in the resolution of IP address.

I also urge the Ministry of Information Technology to expand the rules of “Due Diligence” under Section 79 of ITA 2000/8 through a notification/clarification to include that

” When it is brought to the knowledge of the intermediary that their proxy IP address is a subject of an investigation of a contravention of ITA 2000/8, they shall  submit the Original IP address to the complainant on production of a reasonable evidence of contravention, within one hour of receipt of the notice, “.

Google should also introduce other measures to respond to complainants as per provisions under Section 79  in real time basis by designating the “Grievance Officer” under ITA 2000/8 and displaying his contact details prominently on their website.

I urge Supreme Court to take Suo moto action to immediately issue a clarification that “Hiding the Originating IP address” in e-mails and other web/Telecom based transactions including the  “Who Is information” is not considered as “Protection of Privacy” and not revealing the same on demand would be considered as a contravention under Indian law as abetment to a suspected offender.

This may not be an issue of interest to celebrity advocates like Prashant Bhushan or Kapil Sibal, who are able to make Supreme Court to take up petitions at the drop of a hat, or from the Government lawyers who want to avoid any confrontation with the Judiciary on a subject with a tag “Privacy”, but it is a matter of public interest in which the CJI himself should move without waiting for an influential “Celebrity Advocate” to approach them.

In the meantime, I request Google to let us know what is the average time they take in providing the IP resolutions when received from the Police and whether they can improve upon their current performance. 




Print Friendly, PDF & Email

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

1 Response to How Long Will Google take to resolve an IP Address?… Make all intermediaries pay for the delay

  1. Pingback: How Do We Improve Cyber Crime Management System in India?.. Need for a Survey -

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.