digital evidence

Online Revenge Porn-Recourse for Victims under Cyber Laws

– Advocate Puneet Bhasin, Cyber Law Expert, Cyberjure Legal Consulting
http://www.cyberjure.com

revenge porn
Online Revenge Porn means that when there are relationship break ups, then either party puts up nude pictures of the other or videos of their intimate moments on social networking media, blogs and other websites. Online Revenge Porn is on the rise world over with the advent of an open arena of the internet. Most online porn in India is amateur porn or revenge porn. World over, every country has enacted specific legislation to deal with revenge porn.
UK is coming out with the Revenge Porn Law. Many US States already have their Revenge porn laws. Virginia also has a revenge porn law and on 20th October, 2014 the first person was charged and convicted under their law.
In India we do not have a separate Revenge Porn Law, but Sections 67, 67-A and 66-A of the Information Technology Act, 2000 make online publication of Revenge porn a punishable offence.
Section 67 reads as under:
Punishment for publishing or transmitting obscene material in electronic form. -Whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.
This section makes a person liable for transmitting or causing to transmit nude photos or content of the nature that it can deprave/corrupt the viewer of such content.
When people are in relationships, they tend to share nude or naughty photos of themselves with each other, and these photos are misused by the jilted partner in the event of a break up.
A victim can seek recourse under Section 67 in such a case.
Section 67 A of the Information Technology Act reads as under:
“Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form. – Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.”
This section also criminalizes the act of any party transmitting via email, MMS or video any act or conduct of explicit nature which the parties indulged in during the course of the relationship.
A victim can file a complaint with the Cyber Police Station along with filing an FIR in the Police Station.
In India we definitely need separate and comprehensive revenge porn laws along with an efficient judicial mechanism to deal with these offences in short duration of time. Many countries have a National Helpline along with a separate Cell to deal with Online Revenge Porn, as these matters require immediate redressal before the video goes viral. A National Helpline for revenge should be set up in India too, where victims can complain and there would be immediate pull down of the content from the internet. Most developed countries have enacted specific laws for the same already because of the huge increase in Revenge porn in the virtual world.
Disclaimer: This article is purely for educational purpose and is not in the nature of legal advice. It does not constitute any lawyer-client relationship between the author and the reader.

Advertisements

Work From Home- Cyber Crime Scams….Are you a Victim?

– Advocate Puneet Bhasin, Cyber Lawyer, Cyberjure Legal Consulting

wfhwfh2

The Work From Home concept is very attractive for most people, as the advertisements offer huge sums of money for a few hours of simple work. But would you really be paid well for doing nothing much! If it is too good to be true, then it probably is not true!

The modus operandi is usually attractive advertisements on websites, public places and social media. The application procedure involves filling up a form with all your details and you have to purchase a welcome kit. If you refer more people then you get paid a percentage for each reference that materializes, so basically you make other people also fall prey to the scam.

The scope of work is mostly like:

  • Envelope stuffing (mailing programs)
  • Assembly work
  • Gifting programs
  • Email processing
  • Rebate processing
  • Repackaging
  • Payment processing
  • Jobs that ask for money to hire you
  • Businesses that don’t have an evident product or service.

If you are a victim of a work from home scam, then cyber laws has recourse for you.If the scammers use your personal data to make fake profiles and commit any crimes, then they are liable under Section 66-D for Cyber Personation, which is punishable with imprisonment upto 3 years and a fine.

The scammers are liable for Identity Theft under Section 66-C if they use your password or any other unique identification feature.

The scammers are liable under Section 43 of the Information Technology Act makes unauthorized access an offence, and Section 43 A makes a Company liable for breach of privacy and confidentiality by payment of compensation to the victim for failure to protect data.

The data that you provide to the scammers is priceless. Along with your personal information they have your credit card data too and misuse the same. When you purchase the welcome kit you may not be directed to a safe payment portal. This renders you vulnerable credit card frauds. And your personal data is sold to marketing companies without your consent.

A leading case of this type of scam was when the Cyber Crime Cell of Crime Branch, C.I.D., Mumbai Police arrested a person by name Sripathi Guruprasanna Raj, aged 52 years old, who is the Chairman and Managing Director of Sohonet India Private Ltd., a company based in Chennai. Many complainants based in Mumbai had complained to the Cyber Crime Investigation Cell, that the said company has duped them each for Rs. 4,000/- and Rs. 6,000/- by promising them with monthly income of Rs. 15,000/-.

Cyber Crime Cell of Crime Branch, C.I.D., Mumbai Police have arrested a person by name Sripathi Guruprasanna Raj, aged 52 yrs who is the Chairman and Managing Director of Sohonet India Private Ltd., a company based in Chennai. Many complainants based in Mumbai had complained to the Cyber Crime Investigation Cell, that the said company has duped them each for Rs. 4,000/- and Rs. 6,000/- by promising them with monthly income of Rs. 15,000/-. The company had through its website having URL http://www.sohonetindia.com and through various attractive advertisements in the news papers as well as by holding seminars in five star hotels, in various metropolitan cities like Mumbai, Delhi, Kolkata, Bangalore etc. had lured the various computer literate people with attractive schemes named Instant Treasure Pack (ITP) and Green Channel The company then asked the interested people to register with their company for which they charged the registration fees of Rs. 4,000/- which was later increased to Rs. 6,000/-. The company CMD, Mr. Raj promised the people so registered that they would be provided with the data conversion job which would enable them to earn Rs. 15,000/- per month. The company then collected huge amount from the gullible computer users. Some of the users were provided with the job work whereas others were not even provided the job work (data conversion job) assured to them. The users who worked hard and completed the assignments did not receive any payment for the same, and when they tried getting in touch with the company, they received no response.

Work from Home scams are aplenty in India and scammers take advantage of the high rate of unemployment in India along with the house wife system which is popular in India.

A victim must make a complaint in the prescribed format to the Adjudicating Officer, DIT, Information Technology Act, 2000.

Contact Details- legal.pb@gmail.com

http://www.cyberjure.com

Fake Social Media Profiles- Cyber Laws has a legal recourse for Victims

fake3fake fbfake2fake4


– ADVOCATE PUNEET BHASIN, CYBER LAW EXPERT, CYBERJURE LEGAL CONSULTING

Fake profiles on social media are a problem most users face. Fake profiles of celebrities are rampant, as are also profiles with fake names and details. It’s definitely alarming that there has been a 168% rise in cyber crimes in the last one year.

As reported by CNN in 2012, in an  updated regulatory filing released Wednesday, the Facebook said that 8.7 percent of its 955 million monthly active users worldwide are actually duplicate or false accounts. That is around 83.03 million fake accounts which they are trying to regulate or disable. And this is the statistics of fake accounts on just one social networking website.

It is very interesting that now-a-days many real world thefts have their roots in social media. Burglars are creating networks of fake profiles to target potential victims, as such connections allow them to uncover a variety of personal information about users and their whereabouts, making their homes an easier target.

The survey found that 56% of social media users had discussed an event, evening or holiday plans ‘wall to wall’ on Facebook, potentially providing opportunities for them to be targeted by criminals.

By befriending a number of the target user’s other friends beforehand, the victim is even more likely to accept the fake friend, inadvertently giving the burglar access to all their personal information.

The cases of Cyber extortion have also increased owing to excessive personal data available in social networking profiles, and this data is accessible to fake profiles in your friend list.
When we come across a fake profile, the first step is to report the same to the service provider like facebook or twitter. Most of these Intermediaries/ Service Providers have facility for reporting and blocking fake profiles.

For example, in the case of facebook the following procedure has to be followed to report an abusive page:

  1. Go to the Page you want to report
  2. Click below the Page’s cover photo
  3. Select Report Page
  4. Choose the reason you’re reporting the Page and click Continue

Facebook will then review the reported material and remove anything that violates their Statement of Rights and Responsibilities. If warranted they also warn or disable the person responsible.

The following procedure has to be followed to report a fake account that’s pretending to be you or a public figure:

 

Fake Timelines created to imitate real people (impostor accounts) are not allowed on Facebook. If someone created an account pretending to be you:

  1. Go to the Timeline
  2. Click and then select Report
  3. Click Report this account
  4. Click This person is pretending to be me or someone I know and then complete the on-screen directions
  5. Click Submit to Facebook for Review

SECTION 66D of the Information Technology Act, 2000 deals with CHEATING BY PERSONATION USING COMPUTER OR COMPUTER DEVICE, which brings within its ambit fake social media profiles.

Whoever, by means for any communication device or computer resource cheats by personating, shall be punished with Imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.

This brings into its ambit:

  1. Making a social networking profile in a fake name.
  2. Making a social networking profile in some other person’s name.
  3. Performing social networking activity in such other name.
  4. Sending emails or messages from some other person’s email id or messaging account.

However, in most cases the purpose of making a fake social media profile has a hidden criminal intention of the perpetrator. It is either means to commit the cyber crimes of cyber stalking, cyber defamation.

Both these cyber crimes are punishable under Section 66 A of the Information Technology Act, 2000 which makes “using a computer or communication device to send data which is injurious or offensive” an offence. It states that:

Any person who sends, by means of a computer resource or a communication device,-

(a) any information that is grossly offensive or has menacing character; or

(b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently makes by making use of such computer resource or a communication device,

(c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages

shall be punishable with imprisonment for a term which may extend to three years and with fine.

Explanation: For the purposes of this section, terms “Electronic mail” and “Electronic Mail Message” means a message or information created or transmitted or received on a computer, computer system, computer resource or communication device including attachments in text, image, audio, video and any other electronic record, which may be transmitted with the message.

CYBER STALKING

The offence of cyber stalking involves using a computer or communication device to send information which is grossly offensive, menacing , annoying, and intimidating for a victim.

There are many cases where victims are threatened that if they do not pay money to the perpetrator, their photos would be morphed or any other form of humiliation will have to be faced by them.

CYBER DEFAMATION

Cyber defamation involves using a computer or communication device to make false statements about a person and cause insult and humiliation to such person. Apart from legal recourse under cyber laws, the victim has legal redress under the law of torts too.

IDENTIFYING THE REAL FACE BEHIND THE FAKE ACCOUNT

Advanced Cyber Forensic Tools and analysis of log files has made it possible to trace the real people behind fake profiles. Their names and addresses can be easily traced in order to take legal action against them.

LEGAL RECOURSE

A victim must file a complaint with the cyber crime cell or Adjudicating Officer in the format mentioned in the Infromation Technology Act, 2000 with the fees payable.

Also, the victim must contact the intermediary to take temporary action against the offender.

It is always advisable to interact with people you personally know on social media, however, if you do interact with people you don’t know well it is best to check out mutual friends.

If you do spot any fake profiles on social media, you must report the same, as you not only will save yourself from cyber crimes, but also many others who could fall prey to such scammers.

legal.pb@gmail.com

http://www.cyberjure.com

 

Image– Advocate Puneet Bhasin, Cyber Law Expert, Cyberjure Legal Consulting

The ambit of Article 21 of the Constitution has embraced the Right to Privacy within its ambit. The Supreme Court in the case of State of Maharashtra and anr. v/s. Madhukar Mardikar further laid down that a person of easy virtue is entitled to the right to privacy.

In the digital age, a lot of chapters of our lives are recorded in cell phones, laptops, email accounts and other digital media. As a matter of fact now-a-days emails, sms and chat records constitute important evidence in matrimonial disputes and cases filed under Section 498A of the Indian Penal Code. There are many instances where parties resort to hacking or unauthorized access to obtain such evidence. A simple online search will provide a long list of softwares capable of providing call records, chat history and other personal data from cell phones, which is a complete violation of the fundamental right to privacy.

A major question that arises is that can such tainted evidence be admissible in a Court of law and can a victim resort to obtaining evidence by using these methods. Definitely a victim is entitled to receive justice, but does that justify unauthorized acts on the part of the victim to substantiate his/her claims.

This very issue came up before the Adjudicating Officer, Government of Maharashtra, in the case of Vinod Kaushik & Anr. (R) Noida v/s. Madhvika Joshi and Others (R) Pune.

The facts of this case were very interesting and a common case scenario in today’s times of unauthorized access to data in cyberspace.

Madhvika Joshi (the Respondent No. 1) was an employee of a software company in Pune, and was married to Neeraj Kaushik (the Petitioner No.2). As Madhvika had a troubled matrimonial relationship, she obtained unauthorized access to the email accounts of the petitioners , printed their chat sessions and produced those as evidence to pursue her case under Section 498A of the Indian Penal Code against the petitioners. In pursuance of the same, Madhvika’s husband was arrested by the Delhi Police. Thereafter, her husband filed an application for damages and compensation against the respondents before the Adjudicating Officer, Government of Maharashtra, in connection with the unauthorized access of their email accounts. The Adjudicating officer held Madhvika as “technically guilty” of breaching Section 43 of the Information Technology Act, 2000.

Section 43(a) of the Information Technology Act, 2000, which reads as under:

Penalty and compensation for damage to computer, computer system, etc.-

If any person without permission of the owner or any other person who is in charge of

a computer, computer system or computer network,-

(a)accesses or secures access to such computer, computer

system or computer network (or computer resource).

………..(he shall be liable to pay damages by way of compensation to the person so affected).

A reading of this legal provision makes it clear that the complainant would have to show that the act of unauthorized access has resulted in sufferance of damages. In the present case it was noted by the Adjudicating Officer that Madhvika had used the said information retrieved by her from email accounts of the petitioners only for the purpose of pursuing her case under Sectio 498A of the Indian Penal Code and for no other purpose, and there was no compensation awarded as there was no material damage. Neeraj Kaushik filed a writ petition before the Delhi High Court against the order of the Adjudicating Officer, but the plea of the petitioner was dismissed.

This clearly shows a major lacunae in the wording of Section 43 of the Information Technology Act, where proof of damage is necessary, the fact that the husband was arrested does not constitute occasion giving rise to compensation as the arrest was legitimate in accordance with the relevant provisions of the Indian Penal Code.

However, this case has highlighted the concept of right to privacy even in cyberspace. A spouse cannot check or see the other spouse’s phone chats or emails without their permission, let alone produce it in any legal proceeding as evidence. Even in matrimonial relations, a concept of privacy exists and either spouse cannot intrude into the private space and transgress that boundary.

legal.pb@gmail.com

http://www.cyberjure.com

  – Advocate Puneet Bhasin, Cyber Lawyer (Cyberjure Legal Consulting)

3PHISHING12

Online banking revolutionized banking transactions, whereby money could be transferred at a single click. It has been a  time saver and has been an extremely convenient method to undertake commercial transactions. However, it has lead to a slew of litigation against banks. With online banking came phishing emails.

Phishing emails in these cases are those emails which purport to have been sent by the bank and have the look and feel of a legitimate email from a bank. They require the user to enter their username and password to reconfirm their accounts, invariably threatening that if such confirmation is not made immediately the account would be frozen. In many cases these emails are spoofed also whereby a third party sends an email using the email id of the bank, and this can be easily identified by reading the complete header of the email.

Many users panic on receiving such an email and immediately give out their personal sensitive data like banking passwords to third parties purporting to be representing the bank.  They realize that they have been duped only when money is drawn out by such third parties from their bank accounts.

There has been a slew of litigation against banks whereby, the victims of phishing scams file complaints against the banks under the Information Technology Act, 2000.  The grounds on which such complaints are filed is Section 43, Section 43A and Section 72 A pf the Information Technology Act.

Section 43 of the Information Technology Act deals with Unauthorised Access, and the Complainant in most cases alleges violation of Section 43 (a) which is accessing or securing access to a computer, computer system or computer network without permission of owner or person in charge. However, banks have a very strong legal defence to this because the unauthorised access is by a third party who sent the phishing email and not the bank. The banks on receipt of any information from a online banking services user that his account has been wrongfully debited, must ask him if he responded to any email asking for his password and must ask him to submit documentary proof of that email to the bank. If the user admits that he has replied to such phishing email, the bank must require him to submit a letter to the bank to that effect in order to enable the bank to freeze his account, whereby further unauthorised money transfer should not happen from his account.  The bank should intimate the user by an official letter to file a complaint with the cyber crime cell, and the bank should also file  an FIR against the beneficiary account holders in whose accounts the money has been unauthorisedly credited. This is important to prove the proactive efforts of the bank in a litigation by a victim against the bank under the Information Technology Act.

Section 72 A of the Information Technology Act reads as under:

Punishment for Disclosure of information in breach of lawful contract.- Save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person shall be punished with imprisonment for a term which may extend to three years, or with a fine which may extend to five lakh rupees, or with both.”

The main contention of the complainant would be that the bank has access to his password and misused it. However, as per RBI norms all banks have 128 bit encryption of passwords and the bank does not have any access to the same.

The Complainants in most cases attempt to bring the bank within the definition of an “Intermediary” under the Information Technology Act,; however, the exceptions to intermediary liability under Section 79 of the Information Technology Act, 2000, apply to a bank in this case because of the following reasons:

1. the function of the bank  is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored.

2. the bank does not-

(i) initiate the transmission,

(ii) select the receiver of the transmission, and

(iii) select or modify the information contained in the transmission
(c) the bank observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf.

The banks are required to maintain ISO 27001 standards because they handle confidential and sensitive personal data of users of their services.

In brief, the banks need to undertake the following steps in order to be able to succeed in any litigation against them:

1. They should provide a handbook to the online banking services users at the time they apply for such services. The handbook should mention directions for safe use of online banking and should also contain complete information about phishing emails and scams, including information on how users can protect themselves from such phishing attacks.

2. The Online Banking Services Application should have an Indemnity clause, whereby the user indemnifies the bank.

3. The Terms and Conditions of Online Banking should contain Indemnity clauses with respect to password of the user, online transactions and use of bank’s services.

4. There should be a security tips page which warns users of phishing emails each time they log in for online banking.

5. There should be cyber security and cyber law compliance panel. This panel should comprise of cyber security experts who should ensure that proper cyber security measures are always in place and the cyber lawyer in the panel should ensure that the online banking user agreement clauses  are up-to-date to restrict the bank’s liability in an environment where new cyber crimes get added each day.

6. The online user should be made to agree to indemnify the bank with respect to his usage of his password and online banking transactions with each log in.

7. There should be a well drafted Privacy Policy whereby the bank’s liability is reduced to a negligible level.

8. The cyber security and cyber law compliance panel should send emails on a routine basis to all users of online banking about the latest cyber crimes and safe guard measures. This helps show the banks active role in prevention of cyber crimes and shows the bank in positive light in cyber crime litigation against the bank.

9. The Online Banking Services Agreement should have a well drafted Alternative Dispute Resolution Clause. This clause is very important as it helps preserve the image and reputation of a bank, which can get damaged when the bank is accused in such matters involving litigation.

10. The bank should actively follow-up the case investigation after filing the FIR.

In the current scenario most cases where the victim in phishing scams files a complaint against the bank manages to succeed in getting compensated for his losses.

These are a few guidelines which can help a Bank succeed in litigation faced by them due to phishing scams.

 

legal.pb@gmail.com

http://www.cyberjure.com