Theft of Internet Hours

Published by Kunal Kapoor on

Loading

Introduction:

March 2020, the beginning of a new era with the onset of the global pandemic as the lethal virus spreads across countries. CoronaVirus or COVID-19 impacted the whole world drastically. Almost every country announced nationwide lockdowns, businesses shut, the new fiscal year started at its lowest possible rates, and everyone stuck at their homes. This lockdown period has resulted in the expansion of virtual reality.

Educational Institutes started conducting classes online, business transferred to the digital markets, zoom, google meet, microsoft meet etc became the common mode of communication between people. As a result, the digital economy[1] is what saved the worst economical disasters across the globe. Amidst this expansion, the protection of the rights of citizens becomes a crucial part of the legal framework. This brings us to the question, are the Indian legislations adequately equipped with the laws to safeguard the data from being stolen by cyber thieves?

Data has become the most valuable resource in the world in the opinion of many journalists and authors.[2] The internet is, nothing but, a collection of data being stored, transferred, purchased, and sold all over the world. Massive measures of data are made every single day by associations cooperating on the web in order to remove an incentive from isolating the examples that speak to the decision time which represents the truth of their associations. It is a significant weapon for corporations to catch huge market shares of the overall industry.

Information controlled by an association incorporates individual information of customers, classified information, monetary information, in-house data created over the range of the business, programming, proprietary advantages, etc. So any data/report in an electronic structure is more vulnerable to theft than any paper archive. This is because they are versatile and simple to duplicate. That as well as the amount of information that could be taken in one attempt is alarming.

Definition of Data

Data is the representation of information, knowledge, facts, concepts, or instructions, which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being possessed, or has been processed in a computer system or computer network, and maybe in any form (including computer printouts, magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.[3] The Personal Data Protection Bill 2019 defines it as a representation of information, facts, concepts, opinions, or instructions in a manner suitable for communication, interpretation, or processing by humans or by automated means.[4] In layman’s terms, data is the information available in various forms or actions performed by an operating system. It can be stored and transferred through various electronic means.

Data Theft

Theft is defined as the act of dishonestly taking any movable property out of the possession of any person without the consent of that person, moves that property in order to such taking, is said to commit theft.[5] The term ‘movable property’ includes corporeal property of every description, except land and the things attached to the earth or permanently fastened to anything which is attached to the earth.[6]

Data theft is referred to the act of unauthorized replication, possession, or omission of confidential or personal information. The act is done with the intent of violating someone’s privacy. This is what a person would understand by reading the two words together. In reality, the Indian law does not define the term ‘data theft’. According to Indian laws, theft is committed only when there is a change in possession of movable property. However, information is not considered as a movable property but illicitly taking information is a culpable offense.

Types of Data Theft

Data theft or cyber theft is carried out by means of computers or the Internet. Following are the most commonly found types of Data theft.

Identity Theft

This refers to the act of illegally possessing a person’s personal information which defines them as a person. It is the most common form of cyber theft. In it, a person fraudulently represents to be the principal person for an economic benefit. For example – creating fake accounts, impersonation, etc. This act can result in further consequential crimes in the name of the victim or harm the victim in other ways such as defamation.

Internet Time Theft

It alludes to the theft in a manner where a person has unauthorized access to internet services paid by someone else. By obtaining another person’s ISP user ID and password by illegal means, one accesses another internet connection without the knowledge of the possessor or the service provider.

Theft of Intellectual Property

Intellectual property refers to copyrighted material. The act of stealing such material is known as Intellectual Property Theft. These include theft of trade secrets, trademark violations, piracy, etc.

Laws Governing Data Theft

The Information Technology Act 2000 is the prime legislation that deals with the laws governing cyber crimes. Under the act, the convict can either be legally put into a settlement arrangement of compensation or a criminal arrangement for exposing private data information without consent. Chapter XI of the said act states the penalties for the relevant crimes. Following are the provisions dealing with cyber theft-

  • Section 43: If any person without permission of the owner damages the computer, computer system, etc. he/she shall be liable to pay compensation to the person so affected.
  • Section 66: If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with a fine which may extend to five lakh rupees or with both.
  • Section 66B: Punishment for dishonestly receiving stolen computer resource or communication device is Imprisonment for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.
  • Section 66C: Provides for punishment for Identity theft as: Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine with may extend to rupees one lakh.
  • Section 66D: On the other hand was inserted to punish cheating by impersonation using computer resources.
  • Section 72: If any person who, in pursuance of any of the powers conferred under this Act, rules or regulations made thereunder, has secured access to any electronic record, book, register, correspondence, information, document, or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.
  • Section 72A: Any person including an intermediary who, while providing services under the terms of a lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be punished with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh rupees, or with both.

In the case of Gagan Harsh Sharma v. The State of Maharashtra, the accused was booked under Secs 408 and 420 of the IPC and also under Secs 43, 65, and 66 of the IT Act for the act of stealing data and software from their employer. The court held that:

“Offences under Secs 408 and 420 of the IPC are non-bailable and cannot be compounded other than with the permission of the court. Offenses under Secs 43, 65, and 66 of the IT Act are compoundable and bailable. Therefore, the petitioners pleaded that the charges against them under the IPC be dropped and therefore the charges against them under the IT Act be investigated and pursued. It had been further argued that if the Supreme Court’s ruling in Sharat Babu Digumarti were to be followed, the petitioners could only be charged under the IT Act and not under the IPC, for offenses rising out of the same actions. The Bombay High Court upheld the contentions of the petitioners and ruled that the charges against them under the IPC be dropped”.

Under the Indian Penal Code 1860, the following provisions are used for cyber-crimes:

Criminal Breach of Trust by Public Servant, or Banker, Merchant or Agent (Sec 409 of IPC) – “any person who is in any manner entrusted with property, or with any dominion over property in his capacity as a public servant or in the way of his business as a banker, merchant, factor, broker, attorney or agent, commits criminal breach of trust in respect of that property, shall be punished with imprisonment for life or with imprisonment of either description for a term which may extend to 10 (ten) years, and shall also be liable to a fine.”

Under the Copyright Act 1957, the following provisions are relevant:

We as of now have a condition where a collection of offenses are punished by both the IPC and the IT Act, regardless of the way that the segments of the two offenses are the equivalent. There are uncommonly subtle differentiations in disciplines under these Acts, unequivocally in perspectives like whether the offenses are bailable or compoundable, or cognizable.
In the international spectrum, the biggest problem faced is the involvement of multiple jurisdictions from various countries. For example, the person having illicit access to the victim’s system is in Russia but the host system is in India. This further leads to the aggravated issues related to the laws and rules. Such issues includes:

  • Gathering evidence is one of the big issues faced when three different countries are involved in the case, who may be having internal disputes with each other. This leads to a lack of specialized expertise of the appropriate authorities.
  • Absence of coordination among various investigation officers.
  • Absence of unequivocal laws in the country managing such violations. Along these lines, whether or not the liable party gets caught, he can without a very remarkable stretch departure by finding various loopholes in the judicial system.

Does India have sufficient Laws for Data Theft?

The issue of data theft does not get the attention it deserves even after being a major worldwide cybercrime. India relies on the Information Technology Act 2000 for matters pertaining to cybercrimes. But fact of the matter is that the aforesaid legislation does not even define the term itself, nor does any other legislation in India. India lacks a separate legislation for cybercrimes.

The United Kingdom has the Data Protection Act 1984, The United States of America has The Piracy Act 1974, Singapore has Personal Data Protection Act 2012, but in India, The Personal Data Protection Bill, 2019 is still in the procedure of legitimation despite having international facts proving the need for such legislation. To improve the situation, various amendments have been made under the Indian Penal Code in the past, yet no provision specifically covers cyber crimes.

The Personal Data Protection Bill 2019 contains proper definitions[7], prohibitions, limitations, restrictions, rights[8], and other provisions with the aim to guarantee that any authority gathering individual data will hold such data with extreme precaution and will just utilize such data for the purpose for which it is collected. Such authority shall have fiduciary liability in case of breach of trust. Penalties have been clearly defined[9] in the bill. The bill is a much-needed legislation in India even though there is no provision for Data Theft.

Conclusion

Internet usage across the country has drastically increased ever since the onset of the pandemic. This makes our economy more vulnerable to white-collar crimes and breach of privacy. The boost from the pandemic has drastically increased the risk each individual and corporation take while processing data on the internet. Although, certain initiatives have been enforced to empower the Indian legal system to deal with cybercrimes, yet there is still a lack of enforcement and proper examination of such crimes. It is recommended that programs need to be run with the judiciary to ascertain that the people using the Internet are aware of their rights, aware of malpractices and illicit activities, and upon encountering such crimes they act quickly. The proposed bill is a crucial step towards recognizing cyber crimes as a separate branch of criminal offenses. They need a unique angle while determining the definition of theft and the judiciary should assist in determining the same through case precedents.  Laws should be stricter and outcomes should be considered to diminish individuals from carrying out such wrongdoings.

References:

[1] Digital Economy Report 2019, The United Nations Conference on Trade and Development, 2019, https://unctad.org/system/files/official-document/der2019_en.pdf

[2] The world’s most valuable resource is no longer oil, but data, The Economist, May 6th 2017 edition, https://www.economist.com/leaders/2017/05/06/the-worlds-most-valuable-resource-is-no-longer-oil-but-data

[3] Sec. 2(o), Information Technology Act 2000

[4] Sec.3, The Personal Data Protection Bill 2019

[5] Sec. 378, Indian Penal Code 1860

[6] Sec. 22, Indian Penal Code 1860

[7] Sec. 3, The Personal Data Protection Bill 2019

[8] Chapter V, The Personal Data Protection Bill 2019

[9] Sec. 57, The Personal Data Protection Bill 2019

Other Sources:

  1. http://www.legalserviceindia.com/article/l146-Cyber-Crime-And-Law.html
  2. https://www.lexology.com/library/detail.aspx?g=4af6c044-dc77-4b1a-9288-986395eff8d1
  3. https://www.mondaq.com/india/white-collar-crime-anti-corruption-fraud/785836/cyber-theft-a-serious-concern-in-india#:~:text=Section%2043%20If%20any%20person,computer%2C%20computer%20system%2C%20etc.&text=Section%2066B%20Punishment%20for%20dishonestly,one%20lakh%20or%20with%20both.
  4. https://blog.ipleaders.in/criminal-threat-cyber-data-theft-analysis-indian-criminal-law/
  5. http://www.iibf.org.in/documents/cyber-laws-chapter-in-legal-aspects-book.pdf
  6. https://ssrana.in/ufaqs/internet-time-theft-in-india/
  7. https://www.naavi.org/pati/pati_cybercrimes_dec03.htm
Categories: Cyber Laws
Tags:

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts
Cyber Laws

Data Mining Information Retrieval for Crime Prevention and Forensics

In its truest sense, digital forensics provides answers to the questions of when, what, who, where, how, and why a digital crime occurred.
Cyber Laws

Criminal Investigative Criteria and Standard of Procedure on Computer Crime

Cybercrime scenes are different from traditional crimes & electronic evidence can easily be altered or tampered with.

Competition Laws

Analysing the Relationship between Data Privacy and Competition Law: An Indian Perspective with Reference to Global Scenario

While maintaining healthy competition among companies, the protection of the citizens’ data cannot be side tracked as secondary priority.