Cyber Crimes, Cyber Investigation and Cyber Evidence Presentation by DR. JUSTICE G.C.BHARUKA Former...

59
Cyber Crimes, Cyber Cyber Crimes, Cyber Investigation and Cyber Investigation and Cyber Evidence Evidence Presentation by DR. JUSTICE G.C.BHARUKA Former Judge High Courts of Patna & Karnataka

Transcript of Cyber Crimes, Cyber Investigation and Cyber Evidence Presentation by DR. JUSTICE G.C.BHARUKA Former...

Cyber Crimes, Cyber Cyber Crimes, Cyber Investigation and Cyber Investigation and Cyber

EvidenceEvidence

Presentation

by

DR. JUSTICE G.C.BHARUKA

Former Judge

High Courts of Patna & Karnataka

© Dr. Justice G.C.Bharuka

What is a cyber crime?What is a cyber crime?

Includes a variety of civil (tort), quasi-criminal or criminal wrongs, concerning activities, or issues relating to or having connection to computers.

For example, virus attack, internet hours theft, online investment fraud, denial of service, cyber pornography, etc.

These unlawful activities are covered under the IT Act either as offenses liable to imprisonment/fine/ confiscation or as unlawful activities liable for penalty/compensation.

Penalties and OffencesPenalties and Offencesunder theunder the

Information Technology Act, 2000Information Technology Act, 2000

© Dr. Justice G.C.Bharuka

Chapter XI of the IT ActChapter XI of the IT Act OFFENCESOFFENCES

Sections 65 to 74 are the penal provisions.Provides for fine and/or imprisonment

ranging from 2 years to 10 and/or confiscation.

To be tried by the regular criminal courts under the Code of Criminal Procedure, 1973 [Sec. 4(2)]

© Dr. Justice G.C.Bharuka

Sec. 65Sec. 65Tampering with Computer Source CodeTampering with Computer Source Code

Offence: Knowingly or intentionally concealing, destroying, altering or causing another to do so any computer resource code when the same is required to be kept or maintained by law.

Punishment: Imprisonment up to 3 years or fine up to Rs. 2 lakhs or both

Explanation: ‘Computer source code’ means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.

© Dr. Justice G.C.Bharuka

Sec. 66Sec. 66Hacking with Computer SystemHacking with Computer System

Under the Act: Covers following in relation to information1:– Destruction– Deletion– Alteration– Diminishing the value– Diminishing the utility– Affecting injuriously

With an intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person

Punishment: Imprisonment upto 3 years, or fine upto Rs. 2 lakh or both

1. Section 2(v). “Information” includes data, text, images, sound, voice, codes, computer programmes,

software and data bases or micro film or computer generated micro fiche.

© Dr. Justice G.C.Bharuka

Sec. 67Sec. 67Publishing of information which is Publishing of information which is

obscene in electronic formobscene in electronic form

Offence: Publishing, transmitting and causing to be published, porn in electronic form (for example, on websites).

Punishment: On first conviction, up to 5 years imprisonment and fine up to Rs 1 lakh and on subsequent convictions, imprisonment up to 10 years and fine up to Rs 2 lakh.

© Dr. Justice G.C.Bharuka

Sec. 68Sec. 68Power of Controller to give DirectionsPower of Controller to give Directions

Controller’s power: To direct Certifying Authority or its employee to – Take measures– Cease to carry on activities

so as to ensure compliance with the IT Act/Rules Offence: Failure to comply with the orders of the

Controller Punishment: Imprisonment up to 3 years and fine

up to Rs 2 lakh

© Dr. Justice G.C.Bharuka

Sec. 69Sec. 69Decryption of informationDecryption of information

Controller’s power: To direct any agency to intercept any information transmitted through any computer resource on the ground of:– Sovereignty or security or integrity of India– Friendly relations with foreign States– Public order– Prevent incitement to the commission of any cognizable

offence Offence: Failure to provide facilities and technical

assistance to decrypt the information. Punishment: Imprisonment up to 7 years.

© Dr. Justice G.C.Bharuka

Sec. 69: Decryption of information (cont.)Sec. 69: Decryption of information (cont.)

Usage of Sec. 69 in cyber inquiry:– The Controller can direct any agency of the

Government (for example, the NIC) to intercept the information.

– Such information, if in encrypted form, can be decrypted by making use of services of any person or subscriber.

– Section 69 likely to be used for following: Encrypted messages Steganographic images and video files Password protected files

© Dr. Justice G.C.Bharuka

Sec. 70Sec. 70Protected SystemProtected System

‘Protected System’– Govt. has to declare, by notification, that a computer

system is ‘protected system’.– Govt. can, by order, authorize persons who will have

access to the ‘protected system’.– For example, declaring a computer system containing

defense secrets as a ‘protected system’. Offence: Securing unauthorized access or

attempting to secure unauthorized access to a protected system.

Punishment: Imprisonment up to 10 years and fine.

© Dr. Justice G.C.Bharuka

Sec. 71Sec. 71MisrepresentationMisrepresentation

Offence: Misrepresenting or suppressing material fact from the:– Controller for obtaining any license – Certifying Authority for obtaining any Digital

Signature Certificate

Punishment: Imprisonment up to 2 years or fine up to Rs. 1 lakh or both

© Dr. Justice G.C.Bharuka

Sec. 72Sec. 72Breach of Confidentiality and PrivacyBreach of Confidentiality and Privacy

Offence: Disclosure of information obtained pursuant to the powers conferred under this Act, rules or regulations without the consent of the person concerned.

Punishment: Imprisonment up to 2 years or fine up to Rs. 1 lakh or both.

© Dr. Justice G.C.Bharuka

Sec. 73Sec. 73Publishing of Digital Signature Publishing of Digital Signature

Certificate False in Certain ParticularsCertificate False in Certain Particulars

Offence: Pulishing a Digital Signature Certificate with knowledge that:– Certifying Authority listed in the Certificate has not

issued it; or– Subscriber listed in the Certificate has not accepted it;

or– Certificate has been revoked or suspended unless such

publication is for the purpose of verifying a digital signature created prior to such suspension or revocation

Punishment: Imprisonment up to 2 years or fine up to Rs. 1 lakh or both

© Dr. Justice G.C.Bharuka

Sec. 74Sec. 74Publication for fraudulent PurposePublication for fraudulent Purpose

Offence: Creating, publishing or making available Digital Signature Certificate for fraudulent or unlawful purpose

Punishment: Imprisonment up to 2 years or fine up to Rs. 1 lakh or both

© Dr. Justice G.C.Bharuka

Compensation & PenaltiesCompensation & Penalties

Ss. 43 & 45 provides for compensation and penalties for various unlawful acts

Ss. 46 & 47 deal with adjudicating officer and his powers

Ss. 48 to 61 deal with Cyber Regulations Appellate Tribunal (composition, powers, procedure, etc.)

S. 62 provides for appeal to the High Court S. 63 permits compounding of contraventions S. 64 provides for recovery of penalty

© Dr. Justice G.C.Bharuka

Sec. 43Sec. 43Penalty for damage to computerPenalty for damage to computer

Without permission of the owner or any other person who is in charge of the computer, doing the following:– Unauthorised access (hacking)– Downloading, copying or extracting data, computer data base or

information (cyber theft)– Introduction of computer virus [Explanation (iii)]– Damaging computer system, network, data, computer data base or any

other programme– Disrupting computer– Denying access to person authorised to access any computer– Assisting any person to facilitate access to a computer in contravention

of the provisions of the Act– Charging the services availed of by a person to the account of another

by tampering with or manipulating any computer

Penalty: Damages up to 1 crore

© Dr. Justice G.C.Bharuka

Section 44Section 44Failure to furnish information, return, etc.Failure to furnish information, return, etc.

Failure to furnish document, return or report to Controller or Certifying Authority (penalty up to Rs. 1.5 lakh)

Failure to file return or furnish information within the specified time (penalty up to Rs. 5000 per day during which such failure continues)

Failure to maintain books of accounts or records (penalty of Rs. 10,000 per day during which the failure continues)

© Dr. Justice G.C.Bharuka

Section 45Section 45Residuary PenaltyResiduary Penalty

Contravention of any rules or regulations made under the IT Act for which no penalty has been separately provided

Penalty: Compensation upto Rs. 25,000 to the person affected by such contravention or penalty upto Rs. 25,000.

© Dr. Justice G.C.Bharuka

Provisions relating to Adjudication for Civil Provisions relating to Adjudication for Civil and Quasi-Criminal wrongs set out under and Quasi-Criminal wrongs set out under

Chapter IXChapter IX

Sec. 46: Adjudication to be done Adjudicating Officer.

Sec. 57: Appeal against the Adjudicating Officer’s order lies to Cyber Regulation Appellate Tribunal.

Sec. 62: Second Appeal against the order of the Tribunal lies to the High Court.

Sec. 61: Civil court’s jurisdiction has been completely excluded.

© Dr. Justice G.C.Bharuka

Provisions relating to Investigation and Provisions relating to Investigation and Trial of Offences under Chapter XITrial of Offences under Chapter XI

Offences under the IT Act are to be investigated and tried in accordance with the provisions contained in Code of Criminal Procedure, 1973 [see Sec. 4(2), Cr.P.C. & Sec. 80(3) of IT Act] only with the exceptions that:– Investigation cannot be done by a police officer below the

rank of Deputy Superintendent of Police (Sec. 78, IT Act).– Any police officer, not below the rank of Deputy

Superintendent of Police, or any other officer authorised by Central or State Government, may enter a public place or search or arrest any person without warrant (Sec. 80).

© Dr. Justice G.C.Bharuka

Double JeopardyDouble Jeopardy

Sec. 77. Penalty or confiscation not to interfere with other punishments – No penalty imposed or confiscation made under this Act shall prevent the imposition of any other punishment to which the person affected thereby is liable under any other law for the time being in force.

The provision does not offend Art. 20(2) of the Constitution of India. [see Director of Enforcement v. M.C.T.M. Corporation Pvt. Ltd., (1996) 2 SCC 471]

Offences under the Offences under the Indian Penal CodeIndian Penal Code

© Dr. Justice G.C.Bharuka

Offences under the Offences under the Indian Penal Code Indian Penal Code

Electronic records (Sec. 29A) – shall have the same meaning as in Sec. 2(1)(t) of IT Act.– ‘Electronic record’ means data, record, or data

generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche. [Sec. 2(1)(t)]

Offences relating to documents, public servants, false evidence, and contempt have been suitably modified to include ‘electronic records’ along with ‘paper documents’.

© Dr. Justice G.C.Bharuka

Sec. 167, IPCSec. 167, IPC

Offence: Public servant framing incorrect electronic record with intent to cause injury.

Ingredients:– Public servant in charge of preparation or translation of

electronic records.– Knowingly changing electronic record with intent to

cause injury.

Punishment: Imprisonment up to 3 years or fine or both

© Dr. Justice G.C.Bharuka

Sec. 172, IPCSec. 172, IPC

Offence: Absconding to prevent summons for producing electronic records.

Ingredients:– Summons, notice or order from legally competent

authority or Court.– For production of electronic records in Court or

before such legal authority.

Punishment: Simple Imprisonment for 6 months or up to Rs. 1,000 or both.

© Dr. Justice G.C.Bharuka

Sec. 173, IPCSec. 173, IPC

Offence: Preventing in any manner service of summons to produce electronic record.

Ingredients:– Summons, notice or order from a Court.– For production of electronic record in such record.– Intentionally prevents the serving or lawful affixing

or removal of such summons, notice or order. Punishment: Imprisonment up to 6 months or up

to Rs. 1,000 or both .

© Dr. Justice G.C.Bharuka

Sec. 175, IPCSec. 175, IPC

Offence: Intentional omission to produce electronic records by person legally bound.

Ingredients:– Person must be legally bound to produce electronic

record.– Intentional omission to produce electronic records.

Punishment: Imprisonment up to 6 months or Rs. 1,000 or both.

© Dr. Justice G.C.Bharuka

Sec. 192, IPCSec. 192, IPC

Offence: Fabricating false evidence.Ingredients:

– Making false entry or false statement in electronic record.

– Intention must be to produce such electronic record as evidence.

– Such an electronic record may cause forming of erroneous opinion by a judicial authority.

Punishment: Imprisonment up to 7 years and fine (under Sec. 193, IPC).

© Dr. Justice G.C.Bharuka

Sec. 204, IPCSec. 204, IPC

Destroying electronic record to prevent its production as evidence (S/204)

Ingredients:– Secreting or destroying electronic record.– There must be legal compulsion.– Act must be intentional to prevent production

of electronic record as evidence.Punishment: Imprisonment up to 2 years or

fine or both

© Dr. Justice G.C.Bharuka

Sec. 463, IPCSec. 463, IPC

Offence: Forgery Ingredients:

– Existence of a false electronic record.– The intention behind such act must be to:

Cause damage or injury Support any claim or title Cause person to part with property Enter into contract Commit fraud

Punishment: Imprisonment up to 2 years or fine or both (Sec. 465, IPC).

© Dr. Justice G.C.Bharuka

Sec. 464, IPCSec. 464, IPC

Offence: Making false electronic record. Ingredients: Dishonestly or fraudulently,

– Making, signing, sealing or executing e-record;– Making or transmitting any e-record;– Affixing digital signature on any e-record;– Making any mark denoting the authenticity of the digital signature;

With intention of causing it to be believed that such act is done by a person by whom the offender knows has not been done.

– Altering electronic record without authorization, or,– Causing a person to sign, seal, execute or alter an electronic record

who is unaware of contents of electronic records.

© Dr. Justice G.C.Bharuka

Sec. 464, IPC (cont.)Sec. 464, IPC (cont.)

Explanation 3 inserted– Expression ‘affixing digital signature’ shall

have the same meaning as in Sec. 2(1)(d) of IT Act.

‘Affixing digital signature’, with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of digital signature. [Sec. 2(1)(d)]

© Dr. Justice G.C.Bharuka

Sec. 466, IPCSec. 466, IPC

Offence: Forgery of certain electronic records.

Ingredients:– Forgery essential– Forgery must be of certain kinds of records

Records of Courts, registers of birth, baptism, marriage or burial, register kept by a public servant, certificate or document purporting to be made by a public servant in his official capacity, an authority to institute or defend a suit, power of attorney)

Punishment: Imprisonment up to 7 years and fine.

© Dr. Justice G.C.Bharuka

Sec. 466, IPC (cont.)Sec. 466, IPC (cont.)

Explanation inserted– ‘Register’ includes any list, data or record of

any entries maintained in the electronic form as defined in Sec. 2(1)(r) of the IT Act.

‘Electronic form’, with reference to information, means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device. [Sec. 2(1)(r)]

© Dr. Justice G.C.Bharuka

Sec. 468, IPCSec. 468, IPC

Offence: Forgery for cheating.Ingredients:

– Forging the electronic record.– Forgery must be for cheating.

Punishment: Imprisonment up to 7 years and fine.

© Dr. Justice G.C.Bharuka

Sec. 469, IPCSec. 469, IPC

Offence: Forgery of electronic record for for the purpose of harming reputation.

Ingredients:– Forgery– It must harm someone’s reputation.

Punishment: Imprisonment up to 3 years and fine.

© Dr. Justice G.C.Bharuka

Sec. 471, IPCSec. 471, IPC

Offence: Using forged electronic record.Ingredients:

– Using forged electronic record as genuine.– Knowingly uses such forged electronic record.

Sec. 470. A false electronic record made wholly or in part by forgery is designated a ‘forged electronic record’.

Punishment: Imprisonment up to 2 years or fine or both (Sec. 465, IPC).

© Dr. Justice G.C.Bharuka

Sec. 474, IPCSec. 474, IPC

Offence: Knowingly possessing forged document and intending to use it as genuine.

Ingredients:– Possessing forged electronic record.– Intention is to use it as genuine.

Punishment: Imprisonment up to 7 yrs and fine in case of official records mentioned in Sec. 466.

© Dr. Justice G.C.Bharuka

Sec. 476, IPCSec. 476, IPC

Offence: Counterfeiting device or mark. Ingredients:

– Forging a device or mark upon any electronic record to authenticate the electronic record.

– Possessing the device upon which counterfeited.– Intention to use the mark or device as being

genuine.

Punishment: Imprisonment up to 7 years and fine.

© Dr. Justice G.C.Bharuka

Sec. 477A, IPCSec. 477A, IPC

Offence: Falsifying accounts.Ingredients:

– Willfully destroying or altering electronic record with intent to defraud.

– Electronic record in his possession is that of his employer.

Punishment: Imprisonment up to 7 years or fine.

Amendments to the Amendments to the Indian Evidence ActIndian Evidence Act

© Dr. Justice G.C.Bharuka

Amendments to the Indian Amendments to the Indian Evidence ActEvidence Act

• Sec. 3: ‘Evidence’ – Definition has widened to include electronic records produced for the inspection before the Court.

• Expressions ‘Certifying Authority’, ‘Digital Signature’, ‘Digital Signature Certificate’, ‘electronic form’, ‘electronic records’, ‘information’, ‘secure electronic record’, ‘secure digital signature’, and ‘subscriber’ have been given the meanings assigned to them in the IT Act.

© Dr. Justice G.C.Bharuka

Amendments to the Indian Amendments to the Indian Evidence ActEvidence Act

Sec. 17: ‘Admission’ includes a statement contained in electronic form.

Sec. 22A: Oral admissions as to the contents of electronic records are not relevant, unless the genuineness of the electronic record produced produced is in question.

Sec. 34: Entries in the books of accounts, including those maintained in an electronic form, when relevant.

Sec. 35: Relevancy of entries in an electronic record made by a public servant.

© Dr. Justice G.C.Bharuka

Amendments to the Indian Amendments to the Indian Evidence ActEvidence Act

Sec. 39: What evidence to be given when the statement forms part of an electronic record.

Sec. 47A: Opinion of the Certifying Authority which has issued the Digital Signature Certificate is a relevant fact.

Sec. 59: All facts, except the contents of documents or electronic records, may be proved by oral evidence.

© Dr. Justice G.C.Bharuka

Amendments to the Indian Amendments to the Indian Evidence ActEvidence Act

Sec. 65A: Contents of electronic records may be proved in accordance with provisions of Sec. 65B.

Sec. 65B: Admissibility of electronic records– Electronic record deemed to be documents if conditions

in this section are satisfied.– Electronic record admissible as evidence as direct

evidence even though it may be a ‘computer output’ subject to certain conditions. [Sub-sec. (1)]

© Dr. Justice G.C.Bharuka

Sec. 65BSec. 65B Admissibility of electronic records Admissibility of electronic records

Sub-sec. 2 – Conditions:(a) Regular use of computer for substantial period of

time.(b) Nature of information processed must be similar to

that was produced.(c) Proper working of the computer.(d) Information in electronic record is reproduced or

derived in ordinary course.(e) Computer network deemed to be a single computer.

[Sub-sec. (3)]

© Dr. Justice G.C.Bharuka

Sec. 65BSec. 65B Admissibility of electronic records Admissibility of electronic records

Sub-sec. (4): Certificate by concerned person with respect to identification and origin of electronic record, device from which produced and any other details relating to conditions in sub-sec. (2).

© Dr. Justice G.C.Bharuka

Amendments to the Indian Amendments to the Indian Evidence ActEvidence Act

Sec. 67A: Digital signature of a person to be proved unless it is secure digital signature.

Sec. 73A: Digital signature to be verified by the Court by directing:– that person or the Controller or the Certifying

Authority to produce the Digital Signature Certificate; or,

– any other person to apply the public key listed in the Digital Signature Certificate and verify.

© Dr. Justice G.C.Bharuka

Amendments to the Indian Amendments to the Indian Evidence ActEvidence Act

Sec. 81A: Presumption of genuineness of electronic Gazettes and electronic records directed by any law to kept by any person.

Sec. 85A: Court to presume electronic agreement containing digital signatures of the parties was so concluded by affixing the digital signature of the parties.

© Dr. Justice G.C.Bharuka

Amendments to the Indian Amendments to the Indian Evidence ActEvidence Act

Sec. 85B (1): Presumption as to electronic records and digital signatures:– Sub-sec.(1): Court to presume integrity of secure

electronic record unless contrary is proved.– Sub-sec. (2): Court to presume secure digital signature

was affixed by party with intention to sign or approve the electronic record unless contrary is proved.

No other presumption relating to authenticity and integrity of electronic record or digital signature created in this section.

© Dr. Justice G.C.Bharuka

Amendments to the Indian Amendments to the Indian Evidence ActEvidence Act

Sec. 85C: Presumption as to Digital Signature Certificate• Court to presume information listed in a Digital

Signature Certificate to be correct unless contrary is proved except unverified subscriber information.

© Dr. Justice G.C.Bharuka

Amendments to the Indian Amendments to the Indian Evidence ActEvidence Act

Sec. 88A – Presumption as to electronic messages:– Court not to presume sender of the electronic

message sent through an electronic mail server to the addressee even though the contents may be presumed.

Sec. 90A: Presumption of electronic records five years old:

– Electronic records five years old authenticated by digital signature of a person to be presumed by Court to have been so signed by person purported to have signed it.

© Dr. Justice G.C.Bharuka

Amendments to the Indian Amendments to the Indian Evidence ActEvidence Act

Sec. 131: Person not to be compelled to produce electronic record under his control in case the owner of such electronic record is entitled to refuse production unless the owner consents to its production.

© Dr. Justice G.C.Bharuka

Bankers’ Books Evidence Act, Bankers’ Books Evidence Act, 18911891

Sec. 2(a) – ‘Banker’s books’ to include printouts of data stored in a floppy, disc, tape or any other form of electro-magnetic data storage device.

Sec. 2(8) – ‘Certified copy’ consists of printouts of data stored in a floppy, disc, tape or any other electro-magnetic data storage device, a printout of entry or printout together with statements as per Section 2A.

© Dr. Justice G.C.Bharuka

Bankers’ Books Evidence Act, Bankers’ Books Evidence Act, 18911891

Sec. 2A – Conditions in the printout:– Certificate that printout is by principal accountant or branch manager.– Certificate by person-in-charge of computer system with description of

system: Safeguards adopted to ensure operation by authorized persons; Safeguards adopted to prevent & detect unauthorized change of data; Safeguards adopted to retrieve lost data; Data transfer procedure; Mode of data verification; Mode of identification of data storage devices; Arrangements for storage and custody of data storage devices; Safeguards to prevent & detect tampering with the system; Other factors to vouch integrity and accuracy of the system.

© Dr. Justice G.C.Bharuka

Bankers’ Books Evidence Act, Bankers’ Books Evidence Act, 18911891

Sec. 2A – Conditions in the printout (cont.):– Certificate from person-incharge of the computer

system regarding proper operation of the system at material time, all relevant data has been provided, printout represents or is from the correct data.

© Dr. Justice G.C.Bharuka

Reserve Bank of India Act, Reserve Bank of India Act, 19341934

Sec 58(2)(pp) – regulation of fund transfer through electronic means between banks and financial institutions including:– Conditions for such transfer;– Manner of such transfer;– Rights and obligations of the participants of

such transfer.

THANK YOUTHANK YOU

Presentation

by

DR. JUSTICE G.C.BHARUKA

Former Judge

High Courts of Patna & Karnataka