While the Supreme Court of India takes its time to decide if privacy should be a fundamental right conferred upon Indian citizens, it may be useful to understand the different cyber crimes that lurk in the digital world, a space that isn’t always defined by clear boundaries. In the first part of our three part interview with Dr. Debarati Halder, she discusses about personal data leaks on social media, what goes into resolving these issues and more. In the second part of this interview, Halder speaks about the most reported cyber crimes, cyber crimes that aren’t recognised by Indian laws, legal recourse for crimes like revenge pornography or cyber stalking, policy changes, among others.
Most reported cyber crimes:
Which is the most reported type of cyber crime at the moment?
There are 3 types of online offences that are reported. One is crime against individual. This can be economic or interpersonal crime. When we talk about economic crimes, it could be phishing, bank fraud, notary scam, and others. Interpersonal crime could be stalking, creation of fake profile, online pornography or obscenity or hacking of personal digital data. Then there’s crime against the government, which is cyber terrorism as recognised by law. As per the Information Technology Act, such terrorist activities done through information technology or computer technology are punishable. Offences against government could be hacking websites or breaching the privacy of government data. Then there can also be offences against corporate bodies.
Which are the offenses that are not recognised by law?
Cyber bullying, cyber trolling and revenge pornography don’t have any focused law. What is the focused law that you are going to use for morphing or creation of fake profile? We recognize cyber obscenity but there is nothing about what can be revenge pornography or cyber bullying. We had 66A. We scrapped it because it was vague. It could have been amended. Then the Act would have also been an answer for some of the crimes like bullying or trolling. Without any laws for these crimes, women will have to go through different kinds of secondary victimization.
Challenges faced by women seeking legal recourse
What are the challenges faced by women seeking any recourse for any online crime or offenses against them?
Firstly, it is a social taboo. When a woman faces any kind of online harassment or crime, before going to the police station, she is usually told that the media could target her or her family if she went to the police. It becomes a social taboo to go to the police station to complain about any cyber crime. This is number one. Number two is victim blaming. Even if a woman has enough courage to go to the police station and report the crime, then there could be some officers (or head constables in the absence of the inspector or sub-inspector) who will not understand the nature of the crime. For example, if it is stalking, Indian Penal Code recognizes stalking or cyber stalking as an offence now. Traditionally trained police officers may not be able to understand it especially those who may be senior in age or experience. In that case, they blame the victim saying ‘Why did you do that. Because of you, this has happened.’ There can also be threats from intimate partners. For example, the woman gets afraid to go to the police if she is targeted by her ex-boyfriend, ex-husband or colleague with some fake profile or revenge pornography. If she goes to the police, the harasser then comes up with another kind of crime. It is this escalation of victimization that makes her avoid going to the police station again. When it is from an intimate partner, it becomes blackmailing. In case of offences that are not recognized by the law, nothing happens after the police take the FIR. And finally there’s also the liability of the website. They may not cooperate with the police. The police may not know how to deal with the website to get the data. These are the things that generally come up as challenges.
What is the legal recourse available to victims from social media platforms on which such personal data is leaked?
There is Section 43A of the Information Technology Act which penalizes such kind of data breach and the responsible person or the body corporate. This means the specific functionary, institute or company who is responsible for maintaining the data. In that case, the victim can definitely ask for recourse. It is definitely compensatory jurisprudence. They can ask for compensation and there is also minimum punishment.
Can the same be applied if any data leak happens due to Aadhar as well?
Absolutely. It depends on the corroborative evidences that the victim shows from a particular website from where the information has been leaked. For instance, if a certain person’s privacy has been breached, he or she has to inform the police. Then the investigation will show if there was a lack of confidentiality with this particular company or its website. Accordingly, they can definitely be prosecuted.
The Aadhaar Act has no provision for people themselves to file a complaint. Will Section 43A be applicable then with Aadhaar?
If you define the term body corporate in a very broad sense, it can be covered. But because the Aadhaar Act is saying this, the government does not want to take the liability on their part for any offence that has been caused. But I also understand that there has been a statement made by a minister concerned that the whole issue is so confidential that nobody can breach it. See there is a middle-man from whose website the information can be leaked. This can definitely happen but then again it depends upon the evidences and who was at the root of it, who was the person at fault, who has been negligent etc.
How long do cyber cells cases take to be resolved?
If it is an inter-personal crime and the victim is bringing all the evidences and he or she knows the person who has caused the crime, then that can be solved very quickly. Then there is something called police mediation where the person need not to go to the court but the case will be mediated within the police station and the harasser can be warned and can also be taken into custody. But in other cases, although the law says that there is a stipulated time within which the case should be resolved, it may take some time from the jurisdiction.
What are the policy level changes that have happened overtime with respect to cyber crime against women?
With respect to policy level changes, I would say that the Ministry has become more sensitive. Even the Ministry of Women and Child Development has its own Facebook page where they are accepting details regarding any such offences. They have assured that NGOs and the stakeholders can partner with them for some help. I have been a resource person for National Commission for Women. We have had several meetings regarding what should be done. If we are not able to help the victim as such, there is a network where we refer cases to the ministry so that the ministry tries to do something about it. These are some of the policy level changes happening but I’m still doubtful about the positive results.
What about the legal level changes that have happened over time with respect to managing cyber crime?
One very noticeable change happened in 2013 after the Nirbhaya rape case. Cyber stalking and voyeurism especially against women were recognised by the India Penal Code. Now we have a provision for punishing cyber stalkers including physical stalkers and also for voyeurism, especially privacy violation like clicking private pictures and distributing it without the consent of the particular person. I think these are wonderful things that have happened over time.