We all agree that use of Cyber space by Common people is on the increase and has reached a level where we are worried about the internet/Mobile addiction and its adverse impact on the society. Government itself is encouraging a higher use of Internet through the Digital India program. E Commerce is also developing into a business model that is pushing the Citizens into online shopping and mobile Banking in a big way.
This is therefore a fertile ground for Criminals to take to Cyber Criminal activities and the Cyber Crime industry to grow faster than any other genuine business.
This will be the biggest headache for the Governments both at the Central and State level and needs to be addressed at the earliest. Despite the higher Cyber Crime and Cyber Security risks, the future is where the population will take up to Internet even more.
Hence we need to learn to live with Cyber Crimes and find solutions on how to shield ourselves to the extent possible.
When the Citizen of the country faces any crime situation, the first friend he looks out is the Police. Hence whenever any citizen faces a problem arising out of Cyber Space, he will approach the Police for a solution. Cyber Crime police therefore have become the most sought after police personnel by the public.
However, the number of Cyber Crime cases are so huge that the Cyber Crime Police everywhere feel that they are over burdened and unable to do justice to their job. The requirement of building adequate skills are being addressed by different agencies within the Government including National Police Academy, along with the assistance of NASSCOM, DSCI, CDAC etc. to the extent possible. But the requirements are so huge that there will always be need to do more in this respect.
Governments in Center and States have not yet considered “Cyber Space Policing” as some thing which should be in the domain of “National Policing Structure” and clinging on to the age old concept of “Policing is a State Subject”. For border less crimes like Cyber Crimes, Policing have to be integrated at the International level but we are struggling here with a need for coordination within India. Just as we have brought a federal management structure for GST, we need to bring a”Federal Cyber Crime Management Council” under the Home Ministry to address the requirements of the Cyber Crime Policing and ensure that there is a single Cyber Policing authority for the whole country.
“One Country one Police” should be implemented at least in the Cyber Crime scenario.
We wish that Mr Rajanath Singh has the same acumen as Arun Jaitely to bring about this reform in the coming days.
In the current structure, Cyber Crime Police are working with a systemic disadvantage even to work within their current skill levels and hence it is becoming increasingly difficult for them to manage complaints from public.
Public will not be able to understand and even if so, appreciate the difficulties of Cyber Crime policing and increasingly feel that their complaints are not addressed by the Police.
At the same time Police will continuously feel justified in rejecting Cyber Crime complaints because they know that they have no time to look into every complaint.
When we take note that even in celebrity cases like Hrithik Roshan complaint against Kangana Ranaut, the progress is slow, one can wonder how badly equipped are the Police in handling the volumes.
While Supreme Court and Legal luminaries are more worried about issues like “Privacy”, no body seems to consider that
it is a Fundamental Right of a Citizen of a Country to get his complaints heard by the Police.
The sense of “Security” that a citizen is entitled to, comes from the feeling that if he is facing discomfort from a wrongful action from another, he can run to the Police for help and help will be available immediately.
Are Cyber Crime Police today capable of providing such security?.. The answer is clear and resounding “No”. Cyber Crime police stations are overwhlemed with cases and jurisdictional police stations lack expertise and hence complaints just end up as “Acknowledgements” and most of the time confined to dust bins without any investigation.
If this situation is not addressed, soon people will stop even approaching the Police and start approaching private hackers to take their revenge. Just as we have allowed “Naxalism” to grow in the physical society, we will be seeding “Cyber Naxalism”.
Ten years from now the same Cyber Crime Police will be fighting more of Cyber Naxalism than affording protection to genuine Netizens.
We therefore need to act in such a manner that the burden of Cyber Crime Police is brought down (even while efforts to increase the work force may continue). The Capacity building that DSCI is trying to do through setting up of Cyber Labs need to continue but will not be sufficient to meet the requirements of the society.
Public will therefore continue to feel that Cyber Crime police are incapable and uninterested.
I request all my friends in the Police to respond with suggestions on how we can relieve the Cyber Crime Police from such tasks that are today taking up most of their times but is not resulting in the satisfaction of the complainants.
It is in this context that in the previous article on Social media abuse, Naavi.org pointed out that the solution lies with the intermediaries like Google and ISPs to shed their practice of “Hiding the IP address” and “Requiring Police or Judicial intervention for revealing the identity of e-mail senders and domain name owners”.
We know that these ISPs are not keen on considering Citizen’s interests but are more concerned about the rights of Criminals. It is like our Human rights organizations who are more concerned about the victims of police atrocities but not when Police or Army are itself victims of Abuses.
We therefore suggest Supreme Court hearing the petition on Social Media Abuse should take action as suggested herein. The Home Ministry and the IT Ministry should advise the Attorney General to request the Supreme Court to mandate some of the suggestions which I have tried to make here and in my earlier article on Social Media abuse.
What I have pointed out in this article which I would like to reiterate is that
- ISPs like Google should provide the “Originating IP Address” with all e-mails going out of their system. “Hiding IP Address by ISPs” should be considered as”Abetment to Spamming” and should be discontinued forthwith.
- The ISPs in India should introduce a mechanism where by any person who is a recipient of an electronic message can file an e-mail request with the ISP to seek information of the sender to the last level of name and address of the IP address owner.
- Other network owners should also be compelled to introduce similar measures where by they should provide the information of the identity of the sender of a message when the request is made in a proper manner.
Any non cooperation in this respect should be recognized as an offence.
Presently, under Section 69B, the Secretary of IT at DeiTy has the powers to seek “Traffic Information” failing which there could be 3 years imprisonment to the Intermediary’s CEO and executives.
This power should not be reserved for handling only political requirements but should be extended to the members of the Public.
To extend its scope,
Government should designate a number of persons all over India to act as “Nodal Officers” who can receive public requests and send properly structured requests to Intermediaries so that they may revel the information sought without affecting their commitment to Privacy.
Implementation of this suggestion does not require any change of law or even the rules but a simple administrative instruction. Hence there should be no excuse in implementing this suggestion unless “Providing the Sense of Security to Netizen Citizens of India is not the priority of the Government of India”.
In the meantime Mr T.K.Vishwanathan Committee on ITA 2008 amendment can also take note to declare that “Hiding identity of IP addresses which are used for misuse” is considered as an abetment to Spamming and punishable. The committee can suggest separate rules though I feel that the existing rules under Section 69B itself is sufficient to bring in this change.
The effect of this change would be that most Cyber Crime complaints will first land with these Nodal officers who can acknowledge the receipt of the complaint and forward it to the Police for their records to meet the CrPc requirements. These nodal agencies can issue “IP resolution Requests” to Google and other e-mail service providers as part of the law enforcement authorities. They can then send requests to the ISPs and obtain the details of the end user network. They can also send further request to the network owners to identify the ultimate user of the device from which the abusive mail was sent or a domain was registered.
This three step identification process will provide the identity of the perpetrator of the crime to the victim and he can there after take action either to formally approach the Police or a Court for Civil remedies.
In many cases the complainant may decide not to pursue the case or pursue it only for Civil remedies. The Police will therefore be out of such complaints.
As regards the procedure for requesting the Nodal officer, the key is that complaint should be allowed only by an identified complainant ..such as with Aadhaar ID and a digitally signed (or e-signed) request. As long as the complainant is declaring that “He is feeling that his Privacy or Security is being adversely affected by the act of the sender of the message”, there is no need for any other reason to refuse the request.
This should be handled like an RTI query through a web form (enabled for e-sign) and automatically acted upon so that IP resolution happens in real time.
There could be a general declaration that the complainant accepts that he shall be punishable if he fakes his identity or the reason for seeking the information.
I request that the Central Government takes this suggestion seriously and implement some or all of the above suggestions to bring relief both to the Cyber Crime Police Stations and to the Public.
I also wish that organizations such as Center for Internet and Society or the media houses such as “Republic” should undertake a study on the “Satisfaction Level of Public in India on Cyber Crime Policing” in India and provide some feedback to the Government on whether Cyber Crime Policing could improve with such measures.
If “Digitization of India” is an election issue, “Efficient Cyber Crime handling” is also an election issue and hence the media houses need to flag this in their election surveys at least in the urban areas.
Any suggestions are welcome. I wish all right thinking persons should join this debate.