Internet immunity? Why does India have an abysmal 0.7% conviction rate for cyber crimes?
The National Crime Records Bureau of India reports a lamentable 0.7 percent conviction rate for cyber crimes in India in the year 2014, with 9,622 cases being registered, and only 72 convictions
By Asheeta Regidi
The National Crime Records Bureau of India reports a lamentable 0.7 percent conviction rate for cyber crimes in India in the year 2014, with 9,622 cases being registered, and only 72 convictions (see chart). These numbers exclude unreported cases, which are said to be at least twice as many. This low conviction rate is the result of several fundamental problems, most of which arise at the very first stage, the reporting of the crime.
The burden of proof
To prove cyber crimes, electronic evidence is a requirement. This may be in the form of IP addresses, e-mails, website content, databases, computer memory, internet browser histories, and so on.
The key concern with electronic evidence in a courtroom is, first, to prove that the evidence is an accurate version of the original information in the device from which it was extracted (authenticity of the evidence). Second, it must be proved that the device from which the information was obtained was not tampered with (integrity of the evidence). Section 65B of the Indian Evidence Act prescribes very strict requirements for the admissibility of electronic evidence. This gives the defence major grounds for invalidating evidence. For instance, it isn’t the practice for the Central Bureau of Investigation and other such agencies to preserve digital voice recorders and mobile phones which they use to record evidence. This renders the original recording unavailable. In the absence of this, fulfilling the requirements of the Indian Evidence Act becomes impossible, and the evidence becomes inadmissible. For instance, in the case of Sanjaysinh Ramrao Chavan versus Dattatray Gulabrao Phalke, the Supreme Court refused to admit a recording since the voice recorder itself had not been subjected to analysis.
The identification and extraction of the evidence is a highly technical process. The handling of this evidence, especially in the initial stages, by persons without the required skills is a major cause for evidence to become corrupted. Electronic evidence is very easily tampered with. Time, therefore, plays a very crucial role in maintaining the authenticity and integrity of the evidence. Delays in reporting the case or investigating the case can greatly damage the evidence. Another issue is that those charged with cyber crimes are mostly eligible for bail, giving the offender a chance to alter evidence after release. Immediate seizure and proper storage of the evidence is also essential to prevent direct or remote tampering with the evidence.
The weakest link
The first stage in the reporting of a cyber crime is the filing of a First Information Report at the nearest police station. The chief problem is the lack of adequately trained persons handling the cyber crime at this stage. There are only 23 cyber crime cells in India, which is utterly inadequate to deal with the increasing number of cases registered every year. As a result, cyber crimes tend to be handled by police officers at ‘normal’ police stations, who are ill-equipped to parse technical details of cyber crime and evidence.
For example, a case of cyber-stalking can be resolved by extracting the IP address and tracing the address of the sender. Without proper guidance, the officers are unaware of the need for this kind of information and how to obtain it. Another common error is improper storage of evidence. Police officers have reportedly poked holes into floppy disks to file them away, passed on seized desktops for use by their children, and poured hot wax on hard discs in order to seal them. For investigations, the police also tend to employ traditional investigation methods to cyber crime, such as DNA testing and fingerprints. The use of these methods instead of computer forensics is another cause for acquittals due to inadequate evidence.
These officers also lack proper instruction and training as to the procedures to be followed, their powers of investigation and seizure. They fall back on general criminal law, the Indian Penal Code, rather than employ the Information Technology Act.
The Cyber Appellate Tribunal and Adjudicatory Officers appointed under the Information Technology Act deal specifically with ‘contraventions’ under the Act, such as hacking. These are, however, civil proceedings. The more serious criminal offences are dealt with in general criminal courts. In the absence of specialised courts, the lawyers, public prosecutors and judiciary involved in these courts also require adequate training to deal with the technicality of cyber crime.
Cyber crimes generally involve a ‘transnational’ element. A large number of cyber criminals are from other countries. Most servers are situated abroad. Both the Information Technology Act and the Indian Penal Code grant long-arm jurisdiction, which means that a person of any nationality is punishable for a crime which involves a computer system located in India. This extensive jurisdiction makes a cyber criminal from anywhere subject to the laws of India. Enforcement, however, becomes an issue. There is a lack of the required procedural formalities, such as adequate extradition and mutual legal assistance treaties between India and other nations. The existing treaties, moreover, contain no specific provision relevant to cyber crime, which is an essential requirement for prosecution or investigation. The Budapest Convention of Cyber crime makes provision for extradition and investigation between nations which are signatory to it. India, however, has refused to ratify this convention since the provisions were drafted by the developed nations without consulting countries like India. Take for instance e-mail addresses generated to be used for lottery scams: These were produced using proxy servers in Germany and Pakistan, rendering them difficult to trace; the lack of cooperation with these countries could hinder ease of investigation.
Victims of ignorance
People are generally unaware of a cyber crime being committed. Quite often, by the time the case is discovered and reported, crucial time is lost, and it is too late to recover the evidence required. People are also unaware of what evidence must be retained. Common behaviour has it that people tend to frequently delete text messages and clean up mailboxes, which could contain crucial incriminating evidence. People are also unaware of the importance of saving a hard copy of the evidence, such as a screenshot or printout.
Measures such as fast-tracking of cyber crime cases and better equipped cyber crime cells are essential for proper trial of cyber crimes. Proper collection of evidence can ensure an effective trial and a quick conviction. This was demonstrated in the case of The State of Tamil Nadu vs. Suhas Katti, where the judgement was passed within seven months of the FIR being filed. Solving the basic problem of evidence first, through properly trained personnel and a better informed public, will itself go a long way in improving the conviction rate.
Overburdened ASHA workers, lack of access to contraceptives: How COVID-19 impacted family planning services across India
COVID-19 impact on family planning: In the wake of the pandemic, ASHA workers had to shoulder additional responsibilities, which prevented them from creating awareness about family planning and distributing contraceptive pills and condoms
Donated by India, COVID-19 vaccines languish and may expire in Afghanistan amid misinformation, scepticism
A mixture of scepticism and misinformation perpetuated on social media has slowed an already under-resourced vaccination campaign in Afghanistan.