Whether it‚Äôs the case of slogan-shouting JNU students accused of sedition, Mumbai terror attack or¬†Bengaluru New Year Eve fiasco, electronic evidence, popularly known as e-evidence, has gradually become a crucial part of the prosecution. Until recently, probe agencies used to question the authenticity of such proofs, making the cases more complicated, costly and time-taking. On digital front, cyber crimes continued to increase as there were no set guidelines to deal with them. The conviction rate in such cases was almost zero.
This encouraged every Tom, Dick and Harry to do whatever he or she wants to do online without any fear of being punished. In an interesting case, an applicant filled Prime Minister Narendra Modi‚Äôs details in an online form for a vacant position in CRPF. He even affixed Modi‚Äôs picture. Thousands of such incidents happen online on daily basis and the culprits go scot-free most of the time, unless a VVIP is the victim. The number of VVIP targets has increased manifold over past couple of years, forcing the government to consider a way out of such malicious activities.
India‚Äôs IT Ministry has recently started appointing ‚ÄúExaminer of Electronic Evidences,‚ÄĚ who will be authorized to tell courts if an e-evidence is authentic. According to the ministry‚Äôs Gazette notification for Examiner of Electronic Evidences, only the Central government or state agencies competent in the field of forensics can apply to be assessed and certified. The Centre will appoint these examiners after a three-stage assessment. The scheme is based on international standards. The evaluation process includes examination of the technically skilled professional manpower in digital forensics, availability of a proper quality management system and reasonable experience to demonstrate their overall competency in this area. The scope of approval will be one or more areas of activity in the applied forensic science labs such as computer forensic, cyber network, mobile devices, digital videos, forensics and many others resources used in cyber crimes.
‚ÄúInitially we will start with 5 forensic labs and authorise them for Examiner of Electronic Evidence. Until now, we have received application from Maharashtra and Bengaluru. Two labs, based in Delhi and Hyderabad, have shown their interest to become part of this scheme,‚ÄĚ said Dr Ajay Kumar, additional secretary, Ministry of electronics and Information Technology. ‚ÄúRecently we had workshop with almost 15 forensic labs experts across the country with an aim to create awareness about this scheme and we had also exchanged notes related to e evidence functioning. The purpose of this move will help investigators and prosecutors, and will cut down chances of rejection of an e-evidence in courts on authenticity basis, as these electronic proofs will be judged and examined by the government-authorised labs.
However, IT experts raise doubts about the whole procedure. They also question the timing of this decision, which has been taken 17 years after the Information Technology (IT) Act, 2000 came into existence and nine years after it was amended to mandate appointment of such examiners, in 2008. ‚ÄúAt present, overburdened forensic labs are taking 2 to 3 years to prove veracity of e evidence produced in different courts. Many times, even in strong online criminal cases, we are unable to get conviction in the absence of veracity of e evidence. Courts are very strict on evidence laws. Normally it takes years to convince courts on e evidence veracity. This is enough to point out the conviction rate in cyber crimes, which has shot up by thousand times. The conviction rate is such case is still in double digits . A few Examiner of Electronic Evidence labs would won‚Äôt be enough to handle it. To tackle the increasing number of cyber crimes, we should have at least 100 such labs to start with,‚ÄĚ said Pawan Duggal, senior Supreme Court advocate and a leading cyber law expert.
Beside overburdened forensic labs, there are other reasons which are not being addressed by the IT Ministry and slowing down conviction rate of cyber crimes, feel IT experts . An official of the Data Security Council of India (DSCI), on condition of anonymity, said the lack of standard procedures for seizure and analysis of digital evidence also contributes to fewer convictions in cyber crime cases. There are no standard documented procedures for searching, seizing of digital evidence and standard operating procedures for forensic examination of digital evidence.
Another reason hampering such investigations is the lack of a robust information-sharing model. Absence of well-defined collaboration among the investigating agencies is leading to lack of adequate preparedness to the emerging threats, the official said. ‚ÄúDetecting cyber crime cases have become challenging as most of the criminals use servers based outside India. This acts as a major hurdle in solving the cases due to long-drawn procedures, which are mostly off our limits,‚ÄĚsaid a senior officer at the cyber police station.
According to a leading cyber expert, the lack of knowledge among most investigating agencies on how to collect digital evidences remains a major stumbling block in more convictions. Many times in courts, the first line of argument from the defence is that the footage or voice is doctored. On the other hand, the concerned agencies are defending themselves by setting up certain policies and plans to address this problem. A top official in the IT Ministry said, ‚Äúwe have taken various steps in the form of awareness, training, legal framework, emergency response and implementation of best practices to prevent occurrence of such cyber crimes.‚ÄĚ
India‚Äôs IT Ministry has started appointing examiners, who will tell courts about¬†the authenticity of e-evidence
A programme has been initiated on the development of cyber forensics tools, setting up of infrastructure for investigation and training of the users, particularly police and judicial officers in use of this tool to collect and analyse the digital evidence and present them in courts. The Indian Computer Emergency Response Team (CERT-In) and Centre for Development of Advanced Computing (CDAC) are also involved in providing basic and advanced training to law enforcement agencies, the official said.
Cyber forensics training lab has been set up at the Training Academy of Central Bureau of Investigation (CBI) to impart basic and advanced training in Cyber Forensics and Investigation of Cyber Crimes to Police Officers associated with CBI. In addition, the government has set up cyber forensic training and investigation labs in many states.
‚ÄúTime to time, we motivated The Indian Computer Emergency Response Team (CERT-In) to issue alerts and advisories regarding latest cyber threats and countermeasures on regular basis. Recently, the government has decided to provide a centralised citizen portal through Crime and Criminal Tracking Network and Systems(CCTNS) for registering online cyber crime complaints. The government has also directed the intelligence agencies to identify potential recruits and keep them under surveillance,‚ÄĚ he added.
Dr Ajay Kumar from IT Ministry said the process of appointment of Examiners of Electronic Evidence is on and all the labs that fulfil the guidelines may apply. Recently, Union Women and Child Development Minister Maneka Gandhi came out strongly on cyber crimes and trolling against the women. A team has been set up within the ministry to look after these complaints. Till now, more than 100 complaints have been received by this team and passed to the concerned agencies for proper action.
The latest data released by the National Crimes Records Bureau suggest that much more needs to be done to tackle the increasing online and social media threats as the number of cases registered under the IT Act and IPC have been rapidly growing. The cases registered under the IT Act grew by more than 350% from 2011 to 2015. There was almost a 70% increase in the number of cyber crimes under the IT Act between 2013 and 2014. The cases registered under the IPC rose by more than 7 times during the period between 2011 and 2015. The list of states with the highest incidence of cyber crime for 2011 to 2015 throws no surprises. Maharashtra tops the list with over 5,900 cases in five years, followed by Uttar Pradesh with close to 5,000 such cases. Karnataka stands third with more than 3,500 cases. The top states in this list are the ones with a greater internet subscriber base.
In 2015, according to the NCRB reports, a total of 8,045 cybercrimes were reported. While 5,102 persons were arrested, only 250 were convicted. This is an increase over the statistics released last year, where 7,201 cybercrimes were reported and only 65 persons were convicted. Despite the increase, it is clear that not much has improved since last year. More than 8,000 Indian websites were hacked in the first three months of 2016 according to the details Communications and IT Minister Ravi Shankar Prasad furnished to the Parliament. During the same period 13,851 spam emails were reported, he added.
Advocate Pawan Duggal also pointed out that after demonetization, there has been 60-70 percent increase in cyber crimes. ‚ÄúWe have been receiving cases such as breaching of bank accounts, misusing digital wallet, mobile phishing, bank frauds, etc, but are we prepared for this? Also, there are massive increase in cyber crimes like tampering computer source, hacking, trolling, sending obscene messages in recent years, messages that have potential to create war-like situation. All these need to be dealt immediately,‚ÄĚ Duggal said.
In 2004, first case of conviction of cyber crime hit the headlines in India. The case of Tamil Nadu‚Äôs Suhas Katti V, where the accused handed down in connection with the posting of obscene messages on the Internet under Section 67 of the Information Technology Act 2000. A woman filed her complaint to the police in February 2004 about a man who was sending her obscene and defamatory messages. Later on police traced the accused, the Court found the accused guilty of cyber offence and he was sentenced rigrous punishment. It‚Äôs almost 13 years when the first case of cyber crime conviction came to light. Since then, such crimes have increased more than thousand times but the conviction rate has just touched double digit. This in itself should ring an alarm bell in the ears of the government and the concerned authorities.