Sunday, October 21, 2018

Need for a model prohibitory provision for preventing and punishing Cybercrimes targeting women

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER



The festive seasons not only bring joy and happiness, but also brings tinges of tensions, disappointment, frustrations and unnecessary worries especially for women and girls. This is because of the negative use of digital and information technology; women and girls may be photographed inappropriately, touched inappropriately and may be photographed in such conditions, they may be stalked, their data may be unauthorisedly accessed and misused and over all, they may also be targeted for revenge porn. It may generally happen even during non-festive seasons too. But during the festive seasons such off-line and online harassment targeting women may increase more. In my previous research I have observed that this may happen due to two main reasons : lack of strict central laws relating to public place photography and engagement of the police force in crowd management. It may necessarily become almost impossible to protect every woman and girl in the crowds from the perpetrators who may be digitally empowered to violet the privacy.  The second reason plays a major role in motivating the perpetrators to take the harassment of women and girls online so that victims may not be able to understand the impact of victimisation immediately; simultaneously the perpetrators may not only satisfy their sadistic ego by harassing women and girls online, but may also gain unethically by  supplying the voyeur pictures and clippings to adult sites and even to YouTube. By the time  the victims understand and feel the impact of victimisation, their reputation may have been badly damaged due to viral spreading of the images.  
A year back the ministry of women and children rolled out project for portal to complain about online harassment. But this could neither reduce the alarming growth of online victimisation of women. The reason could be ill drafted laws and poor execution of the existing laws. These ill drafted laws may include S.66A of the Information Technology Act, 2000(amended in 2008) which prescribed punishment for offensive, annoying etc speech, which was later scrapped off in the case of Shreya Singhal vs Union of india & others (however, the Information Technology Act has not been amended so far to either amend or delete this provision from the present version of the Provision); Ss. 354 C and D of the Indian Penal Code which speaks about voyeurism and cyber stalking, S.509 of the Indian Penal Code which speaks about word gesture etc about harming the modesty of women etc.[1] I have also created a model law for penalising revenge porn and had submitted the same to the ministry of women and child affairs.[2] However, no step has been taken on this so far even though revenge porn does exist in the Indian cyber space context as well.
It needs to be noted that the internet has provided a broader platform for expressing views and opinions and women are using it share their opinion on various issues including sexual harassment that may have been meted out to them through Me too movement. But this would definitely have another side of the coin. Many women may prefer to bring up the issue of sexual harassment on public platforms through social media; but the accused persons may neither leave these victims on the cyber space. They may try to counter attack them through trolls, bullies and hired-hackers who may try to vandalise the victims reputations online by infringing the digital privacy of the Me Too fighters. This in other ways may also affect the documentary evidences that the victim/s may have saved in their electronic devices for further court proceedings.
At this juncture It is time that  the existing law must be amended to include provisions for offensive communication and revenge porn. On behalf of Centre for Cyber Victim Counselling a  draft model Law  is proposed as below:

Model law for prohibiting Cybercrime against women

Chapter 1 : preliminary
S.1 Extent and purpose:
It extends to the whole of India.
It has been seen that even though Criminal Law Amendment Act, 2013 has introduced several new provisions for the safety of women, but still there exists lacuna. Further, the Information technology Act, 2000 (amended in 2008) also failed to prevent crimes against women which include cyber bullying, trolling and revenge porn.
In view of the above, this model law is proposed to bring amendment to (a) the present provisions especially in the Indian penal Code (specifically in Ss. 354 C & D) and insert new provision for prohibiting and punishing revenge porn, (b) amend and introduce new version of S.66A to create preventive law to prevent offensive communication including bullying, trolling, online harassment etc against women and individuals in general, (c) to introduce special provision in the Information technology Act, 2000 (amended in 2008) to provide confidentiality to the victims.
Chapter 2 : Proposed amendments
S.2 Insertion of a new provision on Revenge porn:[3]
The model Revenge porn prohibitory provision :(This can be included in Chapter XVI of the Indian Penal Code as S.354E, which may be inserted after S.354D (stalking)).

1.    Anyone, who in order to satisfy his anger and frustration for a broken relationship, takes revenge  through publishing, transmitting, conveying, publicizing false and sexually provocative portrayal of his/her victim, by misusing the information that he may have known naturally and that he may have stored in his personal computer, or that which may have been conveyed to his electronic device by the victim herself, or may have been stored in the device with the consent of the victim herself; and which may have been done to publicly defame the victim essentially, commits the offence of revenge porn.

2.    Whoever commits the offence of revenge porn, shall be punished in the first conviction with imprisonment of either description for a term which shall not be less than one year, but which may extend to three years, and shall also be liable to fine of not less than 1 lakh rupees and pay reasonable compensation to the victim for damaging his/her reputation in real life and online. If he be punished on a second or subsequent conviction, he shall be punished with imprisonment of either description for a term which shall not be less than three years, but which may extend to seven years, and shall also be liable to fine of not less than 5 lakh Rupees and reasonable compensation to the victim.

 Provided that the perpetrator must also be liable to remove the offensive image either original or morphed, irrespective of the fact whether the image was conveyed to him by the victim herself or not, from his own electronic device/s and from the websites and social media profiles where he may have uploaded the same for the purpose of taking revenge.

Provided further, that the investigating officer shall immediately after coming to know of the offence of revenge porn committed by the perpetrator as reported by the victim or anyone on behalf of the victim, contact the concerned website to remove such contents including any text accompanying the image/s which may falsely portray the victim.
Provided further that if the website concerned fails to cooperate with the police on being alerted by the investigating police officer and also if the website concerned fails to remove the content within 36 hours  after being alerted by the victim herself, the said website would not be exempted from third party liability as has been explained under S.79 of the Information Technology Act, 2000 (amended in 2008) and would be liable to pay compensation to the victim for an amount not less than Rs. 5 lakhs and also fine.

Explanation:

In Subsection 1, the words “publishing, transmitting, conveying, publicizing false and  sexually provocative portrayal of his/her victim” shall include  publishing, transmitting, conveying  any image of woman whether nude, semi-nude or normal to anyone individual and/or to any website including social media, with an intention to take revenge on that said woman.

(Rationale behind proposing a new law: Why S.354C IPC would not be able to regulate revenge porn:

1.    S.354C IPC speaks about voyeurism which is inclusive of “private acts” whereby victim’s private body parts may be shown. It does not mention anything about publishing/conveying/morphing etc of pictures of women for taking revenge. The ultimate motive, i.e., taking revenge is absent here.

2. S.354C does not speak about morphed pictures published/conveyed/transferred etc for gratifying revenge. In cases of revenge porn, majority of the offensive images may be morphed. This has neither been covered under S.66E of the Information Technology Act.

3.    Creation of revenge porn may be done with normal, innocent, un-morphed pictures as well. In such case, we need to look into the accompanying text that describes the image. For example, a normal picture of the woman victim may be published with a text describing her as “horny”, “Prostitute”, “my sexy wife during honeymoon”(when in reality, the woman is not married to the perpetrator, or even if married, did not allow publication of such normal photo with such text ).

4.    Revenge porn differs from non-consensual pornography as well. Non-consensual pornography is a larger term which may include revenge porn, voyeurism or even sexual slavery including forcing the woman to be captured naked for some unethical gain. Hence, revenge porn needs a separate definition.)

S.3.  Amendment to the definition of voyeurism under S.354C of the Indian Penal Code (punishment for voyeurism) : In the place of “Any man”, it should  Any one and the amended provision should be  read as follows:
Any one who watches, or captures the image of a woman engaging in a private act in circumstances where she would usually have the expectation of not being observed either by the perpetrator or by any other person at the behest of the perpetrator or disseminates such image shall be punished on first conviction with imprisonment of either description for a term which shall not be less than one year, but which may extend to three years, and shall also be liable to fine, and be punished on a second or subsequent conviction, with imprisonment of either description for a term which shall not be less than three years, but which may extend to seven years, and shall also be liable to fine.
Explanations:   For the purpose of this section, “private act” includes an act of watching carried out in a place which, in the circumstances, would reasonably be expected to provide privacy and where the victim’s genitals, posterior or breasts are exposed or covered only in underwear; or the victim is using a lavatory; or the victim is doing a sexual act that is not of a kind ordinarily done in public.
  
Where the victim consents to the capture of the images or any act, but not to their dissemination to third persons and where such image or act is disseminated, such dissemination shall be considered an offence under this section.

S.4. Amendment to S.354D of the Indian Penal Code (punishment for stalking including cyber stalking): In the place of Any man, it should be anyone. The amended version should be read as follows:
1) Anyone who—
   follows a woman and contacts, or attempts to contact such woman to foster personal interaction repeatedly despite a clear indication of disinterest by such woman; or
   monitors the use by a woman of the internet, email or any other form of electronic communication,commits the offence of stalking;
 Provided that such conduct shall not amount to stalking if the man who pursued it proves that—

it was pursued for the purpose of preventing or detecting crime and the man accused of stalking had been entrusted with the responsibility of prevention and detection of crime by the State; or
  
it was pursued under any law or to comply with any condition or requirement imposed by any person under any law; or
  
in the particular circumstances such conduct was reasonable and justified.
 (2) Whoever commits the offence of stalking shall be punished on first conviction with imprisonment of either description for a term which may extend to three years, and shall also be liable to fine; and be punished on a second or subsequent conviction, with imprisonment of either description for a term which may extend to five years, and shall also be liable to fine.

(Rationale behind broadening the concept of perpetrator for Ss.354 C&D: It has been seen that women may also commit voyeurism and cyber stalking for victimising fellow women.  This amendment may help reduce such sorts of victimisation.)

S.5. Insertion of new provision prohibiting photography of individuals in general without the consent of the individuals concerned (this may be inserted after S.268 of the Indian penal Code as S.268A)
1. Anyone who uses his camera devices in any public place to capture the images of anyone including men, women, children, people belonging to LGBT groups, with a motive to either sexual gratification of the self, or sexual gratification of others, or uses these images for unethical gain, or for ridiculing or causing hatred,  defamation , damage to the reputation of the said persons by way creating, circulating, spreading etc of such images through electronic medium  without the consent of  such men, women, children  or member of LGBT group when the said men, women, children, or member of LGBT group are  not expected to give consent and/or not expected to be alert for not allowing such photography,  and also publishes, transmits, circulates the same through electronic medium shall be punished with an imprisonment  of either description for a term which shall not be less than six months r, but which may extend to one year , and shall also be liable to fine of not less than 20 thousand  rupees and pay reasonable compensation to the victim for damaging his/her reputation in real life and online. If he be punished on a second or subsequent conviction, he shall be punished with imprisonment of either description for a term which shall not be less than one  year, but which may extend to three years, and shall also be liable to fine of not less than 50 thousand Rupees and reasonable compensation to the victim.

 Provided that the perpetrator must also be liable to remove the non-consensual offensive image either original or morphed, from his own electronic device/s and from the websites and social media profiles where he may have uploaded the same for the purpose mentioned above.

Provided further, that the investigating officer shall immediately after coming to know of the offence mentioned above committed by the perpetrator as reported by the victim or anyone on behalf of the victim, contact the concerned website to remove such contents including any text accompanying the image/s which may falsely portray the victim.
Provided further that if the website concerned fails to cooperate with the police on being alerted by the investigating police officer and also if the website concerned fails to remove the content within 36 hours  after being alerted by the victim herself, the said website would not be exempted from third party liability as has been explained under S.79 of the Information Technology Act, 2000 (amended in 2008) and would be liable to pay compensation to the victim for an amount not less than Rs. 5 lakhs and also fine.

Explanation:

In Subsection 1, the words “capture images” shall also include  capturing images of accident victims and doing so without offering any help to the victim, any other heinous, serious or petty crimes and doing so without reporting the matter to the police and offering help to the victim, capturing images of  rape or sexual molestation or sexual assault of any women or children, taking self portraits or selfies in the above situations.
Explanation 2: The act of capturing the images of men, women, children and members of the LGBT groups may not be considered as an offence if the same is done for academic and research purposes, provided the person/s capturing such images has prior consent of proper authorities, or for medical research purposes or for the purpose of creating documentary evidences which must be provided to the criminal justice machinery including the courts for further legal actions to punish the wrong doers.


S.6. Amendment to Information Technology Act, 2000(amended in 2008):

Punishment for offensive speech (this can be inserted after S.66 (offences related to the computer) of the Information Technology Act, 2000 (amended in 2008). This may also be considered as the amended version of S.66A (punishment for annoying etc speech), which was scrapped off by the Supreme court in Shreya Singhal’s case)
1.      Anyone who sends, posts produces, publishes, creates, circulates or sponsors to be circulates  any offensive speech including any text or cartoon or caricature or image accompanied with text to any woman by way of electronic, digital and information communication, which may damage her reputation, damage the reputation of her family and  children create threat to her, her family and children, damage her reputation to an extent that may affect her job or may affect her reputation in the prospective job, shall be punished with an imprisonment for in the first conviction with imprisonment of either description for a term which shall not be less than one year, but which may extend to three years, and shall also be liable to fine of not less than 1 lakh rupees and pay reasonable compensation to the victim for damaging his/her reputation in real life and online. If he be punished on a second or subsequent conviction, he shall be punished with imprisonment of either description for a term which shall not be less than three years, but which may extend to seven years, and shall also be liable to fine of not less than 5 lakh Rupees and reasonable compensation to the victim.

 Provided that the perpetrator must also be liable to remove the offensive speech from his own electronic device/s and from the websites and social media profiles where he may have published etc the said speech targeting the woman.

Provided further, that the investigating officer shall immediately after coming to know of the offence of posting, publishing etc of the offensive speech committed by the perpetrator as reported by the victim or anyone on behalf of the victim, contact the concerned website to remove such contents including any text accompanying the image/s which may falsely portray the victim and damage her reputation.

Provided further that if the website concerned fails to cooperate with the police on being alerted by the investigating police officer and also if the website concerned fails to remove the content within 36 hours  after being alerted by the victim herself, the said website would not be exempted from third party liability as has been explained under S.79 of the Information Technology Act, 2000 (amended in 2008) and would be liable to pay compensation to the victim for an amount not less than Rs. 5 lakhs and also fine.

Explanation:
For the purpose of this section, offensive speech targeting women shall include the followings:
1.      Any speech which lowers the moral character of the woman concerned within the meaning of Article 19(2) of the constitution of India.
2.    Any speech which defames the woman concerned in the society as a whole within the meaning of Article 19(2) of the constitution of India as well as Ss.499 and 500 of the Indian Penal Code and Indecent representation of women Prohibition Act.
3.    Any speech which includes Cyber bullying. Cyber bullying  may mean attacking anyone with harsh or rude  words in the cyber space, including publicly available web platforms, social media, private and public  chat rooms, emails, blogs etc, and such harsh or rude words are particularly made to ridicule one’s body shape, gender, gender orientation, physical or mental incapability, race, colour, opinion, educational background, language  etc.
4.    Any speech which includes Cyber trolling. Cyber trolling is  an extreme usage of freedom of speech which is exercised to disrupt the community discussions in social networking sites and which is done to deliberately insult ideologies such as feminism, secularism etc; of the topic starter or the supporters of the topic starter.
5.     Any speech which contains Cyber hate propaganda. Cyber hate propaganda may mean offensive communication between the sender and multiple recipients with intent to spread hatred against a particular individual for her opinion, race, gender etc.

It is expected that if this model Act is considered by the government, the growing rate of cyber crimes against women may be brought down.

Please Note: Do not violate copyright of this blog. If you would like to use informations provided in this blog for your own assignment/writeup/project/blog/article, please cite it as “Halder D. (2018), " Need for a model prohibitory provision for preventing and punishing Cybercrimes targeting women”  22nd October 2018 , published in http://debaraticyberspace.blogspot.com


[1] My observations on these laws can be found in my book. (Cyber Crimes against Women in India. New Delhi: SAGE Publishing. ISBN: 978-9385985775, https://in.sagepub.com/en-in/sas/cyber-crimes-against-women-in-india/book253900  (co-authored with Professor K.Jaishankar.
[2] See the model law @Halder.D(2017) Criminalizing Revenge Porn From The Privacy Aspects: The Model Revenge Porn Prohibitory Provision. Available @
[3] This was published in supra@2

Saturday, September 29, 2018

The great Facebook hack: Liability of Facebook as service provider

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER


Photo curtsy: Google

By the late evening of 28th September, 2018 almost all of Facebook users would have received messages in their electronic devices that their “session expired”. It indicated that the subscriber needs to log in again to continue the Facebook activities. Many of the users felt it was a hoax, many felt it was a hackers act and some could understand it was an alert alarm as they were always ‘online’ and never logged off even when their phones were ‘sleeping’ or switched off. By late night-early morning on 29th September, 2018 the Facebook subscribers got an official information from Facebook help center stating that the company had discovered that there was an attack on their system and the attackers had illegally accessed Facebook access tokens which would give way to access the subscribers’ data. On an emergency precautionary step, Facebook logged off all users so that they can log on again with a secured code provided by Facebook. It was confirmed that Facebook was trying to exercise due diligence to protect the data of the users and in the course of the same users were directed to log off.
Due diligence has been addressed by  S.512 © of the Digital Millennium Copyright Act, 1998 which indicates that the intermediary may be saved from third party liabilities (especially for copyright infringements) if  the intermediary practiced due diligence, i.e., it   did not have the requisite level of information about the said infringement, it must not have been financially benefited from such infringement, it must have taken expeditious measures to take down the content concerned or block the access to the material concerned upon receiving the information of the infringement. The same has also been addressed by S.79 (3) of the Information Technology Act, 2000 (amended in 2008) and has been further explained in Information Technology intermediary guidelines Rules, 2011 whereby the term cyber security incident has been defined as follows:
Rule .2(d) "Cyber security incident” means any real or suspected adverse
event in relation to cyber security that violates an explicit or implicity
applicable security policy resulting in unauthorised access, denial of
service or disruption, unauthorised use of a computer resource for
processing or storage of information or changes to data, information
without authorisation;

The rules further goes on to explain what are the due diligence practices that should be adopted by the intermediary under Rule.3(3), which states that  The intermediary shall not knowingly host or publish any information or shall not initiate the transmission, select the receiver of transmission, and select or modify the information contained in the transmission as specified in sub-rule (2):
Interestingly Rule. 4 of the Intermediary Guidelines Rule further provides a clear direction to the intermediaries as what is to be done and within how much time when the intermediary has come to know about any information which harms the interest of users or threatens the security of the nation etc (which are mentioned in rule 3), by stating that The intermediary, on whose computer system the information is stored or hosted or published, upon obtaining knowledge by itself or been brought to actual knowledge by an affected person in writing or through email signed with electronic signature about any such information as mentioned in sub-rule (2) above, shall act within thirty six hours and where applicable, work with user or owner of such information to disable such information that is in contravention of sub-rule (2). Further the intermediary shall preserve such information and associated records for at least ninety days for investigation purposes.
This Rule 4 (read with Rule 3) mentions that the intermediary should either remove the offensive content or block the access to the content. Facebook in its action in practicing due diligence and exercising reasonable security practices (in India, the guiding principle in this regard is mentioned in the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011), had alerted the users, logged them off and logged them in with fresh code and also expressed that they are not aware whether any individual has been affected by such unauthorised access to the Facebook system as a whole.
By doing this Facebook actually tried to escape its liability as a ‘negligent body corporate’ or a company which may be brought to the courts under S.43A of the Information Technology Act, 2000(amended in 2008). Compare the incident of Facebook- Cambridge analytica data breach and how the EU parliament addressed the issue by accusing Facebook for having extremely poor cyber security measures compared to Europe. Facebook users were also advised by an Illinois court to go for a class suit against the company (Facebook) for unethically scanning and storing personal photos and information of the users.[1] The recent news also suggests that in the US Facebook users have started going for class actions against Facebook for data breach which occurred apparently because of  the company’s negligence in securing the data.[2] Under the Indian information technology Act, 2000(amended in 2008), S.43A empowers the victims of privacy (including data ) breach to claim compensation from the faulting body corporate to a maximum limit of Rs. 5 Crores, which however is subject to modification depending upon the damage suffered by the victims, reputation harm etc and the discretion of the adjudicator. Not many users have applied this law for bringing big companies under the Indian scanners. There are however some cases of bank’s liability or hospital managements liability which are now coming up because of the awareness among the users/data owners and their lawyers.
However, web companies like Google, Facebook etc may have another option to shred the liability: they may always shift the major burden to the data owners or data managers, i.e. the private individuals who upload data almost every minute in average to expose their private information.[3] It is for this that we need to be vigilant on our own practices of data sharing.
Stay safe, play safe.
Please Note: Do not violate copyright of this blog. If you would like to use informations provided in this blog for your own assignment/writeup/project/blog/article, please cite it as “Halder D. (2018), " The great Facebook hack : Liability of Facebook as service provider”  30th September, 2019 , published in http://debaraticyberspace.blogspot.com







[1] See Halder Debarati (2018), FB, Its content regulation policies & photo matching tech: boon or bane for Indian women from privacy law aspect. Published in LiveLaw on April, 20018 @https://www.livelaw.in/fb-its-content-regulation-policies-photo-matching-tech-boon-or-bane-for-indian-women-from-privacy-law-aspects/
[2] See for instance, see Knoop Joseph (2018), Facebook sued over data breach that involved 50 million accounts . available @ https://www.dailydot.com/layer8/facebook-breach-lawsuit/
[3] For better understanding about this see Halder & Jaishankar ((November 2016). Cyber Crime against Women in India. New Delhi: SAGE. ISBN: 978-93-859857-7-5.

Sunday, September 2, 2018

5 key factors about hacking and the laws

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER

Photo curtsy: Google 

Hacking is undoubtedly one of the worst issues that one wants to deals with. Often I get to see women complaining about hacking of their social media accounts, people including men and women fearing about and getting victimized by way of hacking of their email accounts , net banking profiles and overall, the computer devices. New netizens are more prone to getting victimized by hacking; so are their parents if these netizens are pre-teens or teenagers. It is important to know some key factors which are associated with hacking. These are as below:
The five key factors which everyone should know about hacking:
1.    The term hacking is not defined in any uniform style. Different researchers have defined hacking in different ways. All most all academic definitions have indicated that computer hacking or cyber hacking may mean unauthorized access to the computer, computer data etc, changing the data without any authorization etc. In a way, it is directly related to unauthorized data privacy infringement. A ‘smart’ example could be the allegedly unauthorized access into the personal documents including bank access details of the TRAI chief by the ethical hackers when the TRAI chief threw challenge that  ADHAR ‘hack proof’.[1]
2.    Indian laws especially Information Technology Act, 2000 (amended in 2008) does not address the issue as “hacking”. The issue is dealt with by not one, but three Sections, namely, Ss. 65 which prescribes punishment for tampering with computer source documents, 66, which prescribes punishment for computer related offences and 43, which speaks about Penalty and compensation for damage to computer, computer system etc.
3.    Hacking may literally start with unauthorized access or securing to the computer, computer system, computer network etc. Accessing or ‘securing access’ can be done by various ways. This may also include giving way to the hackers by opening suspicious mails/messages or links. It is for this reason that new users of internet and digital technology must be extremely cautious while opening suspicious mails/links etc.
4.    Hacking may also include downloading/extracting data etc, modifying such data, reproducing that data in an altered form etc. It may also include unauthorized access to the computer or computer system or data etc and infecting the same with viruses which will immediately or gradually destroy all data, software etc stored in the computer and computer system. Hacking may necessarily include unauthorized accessing and then using of the computer network, email id, phone number or social media profile for impersonating and unethical gain. It is for this reason that often people complaint about hacking when their accounts have been unauthorisedly accessed, data extracted/accessed and modified and email ID/social media profiles etc are used for impersonating by way of a fake avatar.
5.    Hacking may also involve denial of services, which is why a computer or computer system  thus affected may not get connected to the internet easily and according to the wish of the real owner of the computer or computer system etc, but according to the wishes of the hacker only.
Now you may understand that when your computer shows activities which are not generally expected, you must be alarmed that your computer or the computer network or the computer system has been affected by hacking : typically your device may slow down for no reason, you may start getting to see that the data is altered, your net banking account or email or social media account’s password and username and the related phone number and email id may get changed without your authorization, your documents including your photo may get published or circulated elsewhere without your knowledge. Most scary of these is the camera device of your phone or laptop or Ipad (when they are on switch on mode) etc may become active even when you are not using the camera. It is for this reason that  cyber security experts suggest to not to use the electronic devices when one expects complete privacy from the outside world, like when one is in the washroom.

So, what about the punishment?
Do Indian laws address hacking as “hacking” ? The answer is NO.  But this does not mean that the act of hacking is not punishable.  As discussed above, when the constituting elements mentioned under points nos 3, 4 and 5 create unauthorized access to the computer, computer system,  data etc, Sections 65, 66 and 43 may immediately be applicable for booking the offences for tampering the computer source code, computer related offences and damage to the computer  system etc. As such there are two types of punishments that are prescribed for hacking related offences : punishment as per civil offences which are regulated by S.43 and punishments as per criminal nature of the offence, which are regulated by Ss. 65 and 66. In the later, the punishments may include imprisonment for a period upto three years  and/or fine which may extend to Rs. two lakhs. In case S.66 is applied, then the fine amount increases upto Rs. 5 lakhs. Again, if the act of hacking is judged as per S.43, then the provision would be read with S. 45 of the Information technology Act, which indicates that, a maximum of Rs. 25, 000/ may be paid as compensation to the victim for such offences (this is especially so because S.43 does not mention any specific amount of compensation and this lacuna is filled by S.45 which prescribes residuary penalty).  However, the recent trend may show that most of hacking related cases had been booked under Ss. 66, 65 and 43 so that the perpetrators may undergo jail term as well as are bound to pay fine.
Interestingly, the Information Technology Act does not restrict the criminal liability to a specific age as is seen in the Indian penal code. Hence, even if it is a computer genius as young as 10 or 12 years of age, he/she may not escape the clutches of law in case he/she has done the offence/s which may constitute hacking. Considering their age and maturity level, Juvenile Justice  (care and protection) Act , 2015 may also be applicable.  Again, this would NOT mean that parents would be considered completely innocent. Very recently the courts in Gujarat had made the parents liable for underage kids driving two and four wheelers.  If the children are arrested, the parents may have to pay for negligence in monitoring the wrong doing of their children.
I end this piece with a positive note: if we adults are aware, then our children will also be aware and we can prevent the digital as well as real life privacy infringement in a swift way.

Please Note: Do not violate copyright of this blog. If you would like to use informations provided in this blog for your own assignment/writeup/project/blog/article, please cite it as “Halder D. (2018), " 5 key factors  about hacking and the laws”  3rd September, published in http://debaraticyberspace.blogspot.com



[1] See Rachel Chitra(2018), Hackers deposit Re 1 in Trai chief's account. Published in https://timesofindia.indiatimes.com/india/hackers-deposit-re-1-in-trai-chiefs-account/articleshow/65190556.cms on 30/07/2018

Friday, July 20, 2018

Recording sexual assaults and rape in mobile phones: How laws fail to control growing sexual assault on women and children

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER


Picture curtsy: Google


17 men including a 66 year old lift operator allegedly continued to rape an 11 year old girl for months in Chennai, Tamil Nadu. The gruesome episode of “aggravated penetrative sexual assault” (as S.5(g) of the Protection of children from Sexual offences Act, 2012 explains, whoever commits gang penetrative sexual assault on child, is said to commit aggravated penetrative sexual assault) came in light in mid July, 2018 when the victim confronted about it first to her sister and then to her parents.[1] This is not the first time that aggravated child sexual assault has been reported from  metro cities which may boast of rigorous campaigns against any sort of sexual violence against women and children by government as well as non government stake holders. This will neither be the last time. Sexual assault against women and children is a social epidemic which happens in every society, in eastern, western, northern and southern hemisphere. Sexual assault on women and children whether aggravated or non aggravated, may be caused due to various psycho-social reasons: while on one hand researchers relate this to pervert mind set of human beings, on the other hand, several examples related this to misogynist mindset, caste oppression, class oppression etc. However, what is more concerning is the growing tendency in the assaulters to record the sexual assaults in their digital devices. In the Chennai case, the assaulters allegedly raped and recorded each another’s act of raping of the child victim. These videos were used to blackmail the child to prevent her from reporting and surrender to more sexual assaults. Often it is asked as why do these rapists, sexual assaulters, physical assaulters and bystanders record the incidents?
        We do have one answer: these videos are made to blackmail and threaten the victim so that she would be surrendering to the assaulter’s demand for more sex.  These videos actually create something which many of us know as non-consensual porn (and not revenge porn necessarily). Noticeably, one of the main aims of the POCSO Act was to curb pornography, especially child porn materials. Ss. 13 and 14 of the POCSO Act therefore spoke about creation of child porn materials using children in any form whether or not such contents may be used for self gratification or for circulation for unethical profit and punishment for the same. On the other hand, if the victim is an adult, one may have to club up Ss.375 (rape), 376D(gang rape), 354 C (voyeurism) of IPC, Ss.66E (violation of Privacy), 67 (punishment for publishing or transmitting obscene materials in the electronic form) , and 67A (punishment for publishing or transmitting sexually explicit materials in the electronic form) to address the issue of creation of gang rape videos. However, as may be seen in several reported cases of sexual assaults, rapes and gang rapes, such existing laws could hardly do anything to control the (pervert) human minds from creating sexual assault videos. While in majority of the cases, such videos are made to blackmail the victim/s, possibilities of other reasons for creation of such videos cannot be ruled out; these reasons could be as follows:
Ø Using the same for self sexual gratification post the physical act of raping, sexually assaulting women and children.
Ø Using the same as erotica for sex-service providers including sex workers from whom these assaulters may ‘buy’ sex.
Ø Showing the same as sexual valour to ‘friends’.
Ø While the above may be used for non-profitable reasons, such videos may also earn good money for the creators/producers if the same is circulated for consummation by consumers of ‘porn videos’ of deep dark net.
Ø In certain cases these videos may also be used to threaten members of socially and economically (extremely) backward communities so that such members do not get indulged in any activities that may have been prohibited by  so called ‘social norms’ which may not have any legal support.
In my recently published monograph titled Child sexual abuse and protection laws in India (published by Sage, (https://uk.sagepub.com/en-gb/eur/child-sexual-abuse-and-protection-laws-in-india/book263196) I have shown how sexual contents available in the cyber media including digital messaging services, social media websites and adult websites may impact on the adolescent minds who may have been brought up in a restricted, orthodox society where sex education itself may be considered as a taboo.
The existing laws here miserably fail to prevent creation of sexual assault videos because the perpetrators may remain anonymous creators/publishers. Interestingly, the Telecom Regulatory authority of India (TRAI) allows an individual to have multiple numbers of SIM cards. Even though the mobile network services are now being activated only on verification of Adhar data, there still remains a policy gap which allows customers to get “free Sims” which may have been pre-owned, swap Sim cards with other holders who may not be using such Sims for legal purposes etc. Along with this, the possibility of spreading the said video/s virally on the net also creates a huge problem to identify the real publisher/creator of the video. The courts may prescribe punishment in such cases by identifying the accused in the videos and on the testimony of the victim and the perpetrator himself that the video was created during the rape /sexual assault. Indeed the role of cyber forensic examination may not be denied here. But that may involve a lengthy process especially when the investigating officer may not be aware about the whole mechanism. But unfortunately no law can practically prevent any assaulter from recording the crime when it is happening. Resultant, more videos/still images may be created and may remain unnoticed as long as the investigating team may explore all possible devices and networks through which the same was/were created, stored and circulated, which is practically impossible.
Facebook has come with face-recognition mechanism to prevent online circulation of sexual assault/rape /revenge porn materials. Other social media websites may also follow the same method. But what we need to know is such videos may not always be circulated through such websites. As I mentioned above, they may be stored in multiple devices or may be made viral by networking services including  digital messaging services. As such, the government stake holder like the TRAI, manufacturers of smart phones, hi-tech digital devices, digital messaging service providers, telecom service providers and other international mobile network service providers must join hands in creating a solid policy to identify mechanisms to prevent misuse of the digital device equipped with camera, the Sim cards and of course the mobile and digital network and communication services.
Please Note: Do not violate copyright of this blog. If you would like to use informations provided in this blog for your own assignment/writeup/project/blog/article, please cite it as “Halder D. (2018), " Recording sexual assaults and rape in mobile phones:  How laws fail to control growing sexual assault on women and children”  20th July, published in http://debaraticyberspace.blogspot.com


[1] For more, see https://www.ndtv.com/chennai-news/chennai-17-arrested-for-allegedly-sexually-assaulting-11-year-old-girl-in-chennai-for-several-months-1884531

Saturday, June 2, 2018

Judges, cops and civil servants: Can they have Social media friends in reality?

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER

Image courtesy: Internet 

In the fag end of May, 2018, news channels flashed the story of Major Nitin Leetul Gogoi, the army man who is hero to some and villain to some because of his controversial act of tying a Kashmiri man to a jeep using him as a human shield against the stone –pelters who were targeting army actions in Kashmir last year. He became (in)famous to many because the clippings of his controversial act became viral on the web. He grabbed the headlines again this month because of his controversial Facebook friendship with a Kashmiri woman who, the media says was trying to check in   with the Major and another person in a local hotel in Kashmir. It was reported that the said woman had claimed that she knew the Major through Facebook and his account was not in his real name. We know that social media including Facebook is used for secret surveillance by the government agencies and it has positive and negative aspects as well. Fake accounts are used by the police to detect and trap criminals including paedophiles, fraudsters and even terrorists.
But here, I am not actually concerned about pattern of use of social media by the government officials. I am concerned about professional ethics of certain categories of government servants who may not be allowed to befriend common people like what social media offers. This category may include judges belonging to higher and lower judiciary, government officials belonging to certain all India services including group A and B of central services etc.
Let me explain it broadly here:
Since ancient times judges are considered to be of high moral and judiciary is considered to be “an institution of integrity”. Several judgements including K.P.Singh vs. High Court of H.P. &ors,[1] High Court of Judicature for Rajasthan vs. Ramesh Chand Paliwal,[2] Tarak Singh vs. Jyoti Basu,[3] etc had established the fact that judges are expected to be like hermit, they should be honest and should “adhere to a code of moral value”.[4] In short, they should be inapproachable personally but approachable as an institution to be impartial. What does this mean? Judges cannot be on par with general individuals who may approach the institution of justice, i.e., the courts for seeking justice. They should not make themselves individually or privately approachable so that the possible litigants, who may approach their  courts, may not influence him. It is the principle of fair justice which to a large extent governs the code of conduct of judges. But we need to remember that in this era of social media, any individual can hardly be out of the net . While it is still expected that judges should not make themselves privately approachable, I myself have loads of Facebook friends who are in the judiciary. They share opinions, their personal photos with their chosen friends just like any other individual. But yes, their circle of friends may not be as big as any other common social media user. Many of them are directly connected with the Facebook pages of District legal services authorities, which not only spread awareness about legal rights, but also showcase performances of the particular government offices.  However, I do not have Facebook friends from higher judiciary, but nonetheless, many of “Their Lordships” may be easily approachable because of  digital messaging services like WhatsApp, which may be used to create ‘groups’ as well.[5] World wide this has become a cause of concern now; it has been suggested by many that judges while in service, should try to avoid social media as this may pull them in unnecessary trouble and make floodgates open for questioning their integrity.[6] But again, we can neither ignore the strong (social media) presence of judges like Justice Markendey Katzu, former Supreme Court judge who had courted controversy because of his blog posts, social media posts for strong criticism of court decisions.[7] Doesn’t this show that he may still be considered as falling in the ‘restricted netizen’ category even as a retired judge? Probably yes because he may never be seen as a general individual who may criticise judges and their judicial understanding of cases by virtue of his being a judge himself who is expected to not to lower the respect the judiciary; probably no, because he may still use his right to speech and expression to express his displeasure for the judgements which according to him, are not fare. But still then, he could not be equal to general individuals: the court questioned his act towards publishing post in social media criticising court’s decision in crucial cases like the final verdict of the sensational case of Soumya, who was killed by her rapist.
       High level civil servants including bureaucrats, officers of Indian Police Services etc have a high presence in the social media too. Most of their accounts may be private accounts. But there are several pages of their offices which may be made by their respective offices. This actually shows that even though the government and the courts continue to question data policy of social media companies like Facebook or Twitter, these social media sites are very much involved in government outreach mechanisms: for example, see the websites of certain city police offices/headquarters; all may show their Facebook presence. http://ahmedabadcitypolice.org/, https://www.bcp.gov.in/ , http://www.tnpolice.gov.in/CCTNSNICSDC/Index?0 ; all may have their Facebook and twitter pages where individuals may access for information and even to reach out concerned police offices for immediate lodging of complaints. But private accounts of IAS or IPS officers are not connected with these pages. This means that they have a separate private presence in the social media. Their friends, their posts and their photographs are their private affairs just like any other general individual who may use social media sites for reaching out to friends. But still, they may not be out of surveillance for their conduct in their private social media accounts. Their children may also be held accountable for sharing parents’ pictures which may raise questions about their integrity: erstwhile J&K DIG Beig invited hoards of controversy when his son posted certain pictures of his dad which raised media storm because the posts suggested that Beig was abusing power.[8] Even though the son removed the posts, the pictures and hashtags were made viral and they are still available on internet.  It may actually mean that these officers may not have a private life even in social media. Gogoi in the same way, may also not have that privacy even if he may claim that he and the woman in question personally knew each other and this friendship was neither professional, nor was an abuse of power for harassing the girl offline or online.
In short, why such friendships between officers and civilians, their online presence and activities may raise questions at all? Misuse of power to harass and exploit civilians especially women could be one primary reason for such enthusiasm. But in case the friendships are genuine, posts by the officials reflect their personal and independent opinions and photographs shared in their social media sites are personal memoire , why they should be targeted and who makes these posts (in)famous for public and media? It is those ‘friends’ who may knowingly or unknowingly feed the enthusiastic ‘third persons’ by sharing /showing the private posts that may appear in their time line feeds. Remember Merin Joseph, the young IPS officer from Kerala who being a police officer herself, could not remain safe online? She had to encounter fake profiles with her picture, trolls and misogynist posts even though she was sharing some posts as a private person and not as an on duty officer. Trolls attacked her  posts and albums, some of which were not for public viewing. Privacy may be myth for these public servants  especially when they are active  in their private  social media accounts. Compared to 1990’s public servants have become more accountable now because of their web presence. After each UPSC result declarations, the social media accounts of successful candidates may immediately come into lime light. It works positively because their conduct becomes more transparent to public; it works negatively because they may slowly lose privacy being within the private social media account. The very much private persons suddenly come under lime light as not only the common people , but also the media starts data mining  to know them more than what is expected to be known. One name which comes in my mind right now is of Sandeep Nanduri, IAS, who is presently the District magistrate and collector of Tuticorin district. He had taken over as DM and collector Tutircorin at a very crucial time when the district was having agitation over Sterlite copper industries plant closure issue. Nanduri’s Facebook account may reveal his activities as a government official as well as a private individual. This may further mean that not only he himself, but his wife may also be targeted by trolls, stalkers and miscreants who may wish to approach him.
Untill now there is no clear-cut code of conduct framed for restricting judges and grade A and B officers of central government or even state government services from using social media (except  for certain issues like restriction from spreading hatred, criticising the government in certain key issues, leaking confidential data etc) and befriending  common people. They however may have to rely on the social media policies for data protection. But again, in such cases, they may be held responsible for choosing their virtual friends. We should not forget that there are instances  of honey trapping of government officials by ISI secret services; this may however show that privacy of the government officials may easily be breached if they themselves are not vigilant enough for their social media ‘friends’. There are clearly two arguments which may made in this regard: (i) such government servants may be completely barred from making themselves available to ‘public’ through their private social media  accounts , (ii) being part of  digital India movement they must be approachable to people through social media as well. However, considering the privacy and security aspects, I feel it is high time that government  makes a clear  policy as how they should be protected from predators and how they should conduct even when they are ‘privately public’.

Please Note: Do not violate copyright of this blog. If you would like to use informations provided in this blog for your own assignment/writeup/project/blog/article, please cite it as “Halder D. (2018),Judges, cops and civil servants: Can they have Social media friends in reality?”3rd June, 2018, published in http://debaraticyberspace.blogspot.com







[1] LPA No. 163 of 2009
[2]  (1998) 2 SCC 72
[3] (2005)1 SCC 201
[4] See for more in http://hpsja.nic.in/ethics.pdf. Accessed on 26.05.2018
[5]  For example, see Maniar Gopi (2017),Vadodara: Gujarat HC slams VMC commissioner for sending WhatsApp message to judge. Published in India today on Semptember 8, 2017 https://www.indiatoday.in/india/story/vadodara-gujarat-hc-vmc-commissioner-whatsapp-message-judge-1040341-2017-09-08
[6] For better understanding, see Singh Shaziah (2016), FRIEND REQUEST DENIED: JUDICIAL ETHICS AND SOCIAL MEDIA, Published in Journal of Law, Technology & the Internet · Vol. 7 · 2016. Accessed from https://scholarlycommons.law.case.edu/cgi/viewcontent.cgi?article=1099&context=jolti on 25.05.2018
[7] For more understanding, see Vaidyanathan.A (2017), Justice Markandey Katju Submits Apology In Supreme Court Over Post Criticising Soumya Verdict, published in https://www.ndtv.com/india-news/justice-markandey-katju-apologises-to-supreme-court-over-post-criticising-soumya-verdict-1645845 on 06-01-2017. Accssed on 25-05-2018
,.
[8] For example, see Bashaarat Masood (2014),J&K DIG’s son posts photos of ‘Dad & I’ enjoying perks of power, published in http://indianexpress.com/article/india/india-others/jk-digs-son-posts-photos-of-dad-i-enjoying-perks-of-power/ on Octiober 29,2014. Accessed on 25.05.2018