social networking

Online Revenge Porn-Recourse for Victims under Cyber Laws

– Advocate Puneet Bhasin, Cyber Law Expert, Cyberjure Legal Consulting
http://www.cyberjure.com

revenge porn
Online Revenge Porn means that when there are relationship break ups, then either party puts up nude pictures of the other or videos of their intimate moments on social networking media, blogs and other websites. Online Revenge Porn is on the rise world over with the advent of an open arena of the internet. Most online porn in India is amateur porn or revenge porn. World over, every country has enacted specific legislation to deal with revenge porn.
UK is coming out with the Revenge Porn Law. Many US States already have their Revenge porn laws. Virginia also has a revenge porn law and on 20th October, 2014 the first person was charged and convicted under their law.
In India we do not have a separate Revenge Porn Law, but Sections 67, 67-A and 66-A of the Information Technology Act, 2000 make online publication of Revenge porn a punishable offence.
Section 67 reads as under:
Punishment for publishing or transmitting obscene material in electronic form. -Whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.
This section makes a person liable for transmitting or causing to transmit nude photos or content of the nature that it can deprave/corrupt the viewer of such content.
When people are in relationships, they tend to share nude or naughty photos of themselves with each other, and these photos are misused by the jilted partner in the event of a break up.
A victim can seek recourse under Section 67 in such a case.
Section 67 A of the Information Technology Act reads as under:
“Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form. – Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.”
This section also criminalizes the act of any party transmitting via email, MMS or video any act or conduct of explicit nature which the parties indulged in during the course of the relationship.
A victim can file a complaint with the Cyber Police Station along with filing an FIR in the Police Station.
In India we definitely need separate and comprehensive revenge porn laws along with an efficient judicial mechanism to deal with these offences in short duration of time. Many countries have a National Helpline along with a separate Cell to deal with Online Revenge Porn, as these matters require immediate redressal before the video goes viral. A National Helpline for revenge should be set up in India too, where victims can complain and there would be immediate pull down of the content from the internet. Most developed countries have enacted specific laws for the same already because of the huge increase in Revenge porn in the virtual world.
Disclaimer: This article is purely for educational purpose and is not in the nature of legal advice. It does not constitute any lawyer-client relationship between the author and the reader.

Advertisements

Fake Social Media Profiles- Cyber Laws has a legal recourse for Victims

fake3fake fbfake2fake4


– ADVOCATE PUNEET BHASIN, CYBER LAW EXPERT, CYBERJURE LEGAL CONSULTING

Fake profiles on social media are a problem most users face. Fake profiles of celebrities are rampant, as are also profiles with fake names and details. It’s definitely alarming that there has been a 168% rise in cyber crimes in the last one year.

As reported by CNN in 2012, in an  updated regulatory filing released Wednesday, the Facebook said that 8.7 percent of its 955 million monthly active users worldwide are actually duplicate or false accounts. That is around 83.03 million fake accounts which they are trying to regulate or disable. And this is the statistics of fake accounts on just one social networking website.

It is very interesting that now-a-days many real world thefts have their roots in social media. Burglars are creating networks of fake profiles to target potential victims, as such connections allow them to uncover a variety of personal information about users and their whereabouts, making their homes an easier target.

The survey found that 56% of social media users had discussed an event, evening or holiday plans ‘wall to wall’ on Facebook, potentially providing opportunities for them to be targeted by criminals.

By befriending a number of the target user’s other friends beforehand, the victim is even more likely to accept the fake friend, inadvertently giving the burglar access to all their personal information.

The cases of Cyber extortion have also increased owing to excessive personal data available in social networking profiles, and this data is accessible to fake profiles in your friend list.
When we come across a fake profile, the first step is to report the same to the service provider like facebook or twitter. Most of these Intermediaries/ Service Providers have facility for reporting and blocking fake profiles.

For example, in the case of facebook the following procedure has to be followed to report an abusive page:

  1. Go to the Page you want to report
  2. Click below the Page’s cover photo
  3. Select Report Page
  4. Choose the reason you’re reporting the Page and click Continue

Facebook will then review the reported material and remove anything that violates their Statement of Rights and Responsibilities. If warranted they also warn or disable the person responsible.

The following procedure has to be followed to report a fake account that’s pretending to be you or a public figure:

 

Fake Timelines created to imitate real people (impostor accounts) are not allowed on Facebook. If someone created an account pretending to be you:

  1. Go to the Timeline
  2. Click and then select Report
  3. Click Report this account
  4. Click This person is pretending to be me or someone I know and then complete the on-screen directions
  5. Click Submit to Facebook for Review

SECTION 66D of the Information Technology Act, 2000 deals with CHEATING BY PERSONATION USING COMPUTER OR COMPUTER DEVICE, which brings within its ambit fake social media profiles.

Whoever, by means for any communication device or computer resource cheats by personating, shall be punished with Imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.

This brings into its ambit:

  1. Making a social networking profile in a fake name.
  2. Making a social networking profile in some other person’s name.
  3. Performing social networking activity in such other name.
  4. Sending emails or messages from some other person’s email id or messaging account.

However, in most cases the purpose of making a fake social media profile has a hidden criminal intention of the perpetrator. It is either means to commit the cyber crimes of cyber stalking, cyber defamation.

Both these cyber crimes are punishable under Section 66 A of the Information Technology Act, 2000 which makes “using a computer or communication device to send data which is injurious or offensive” an offence. It states that:

Any person who sends, by means of a computer resource or a communication device,-

(a) any information that is grossly offensive or has menacing character; or

(b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently makes by making use of such computer resource or a communication device,

(c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages

shall be punishable with imprisonment for a term which may extend to three years and with fine.

Explanation: For the purposes of this section, terms “Electronic mail” and “Electronic Mail Message” means a message or information created or transmitted or received on a computer, computer system, computer resource or communication device including attachments in text, image, audio, video and any other electronic record, which may be transmitted with the message.

CYBER STALKING

The offence of cyber stalking involves using a computer or communication device to send information which is grossly offensive, menacing , annoying, and intimidating for a victim.

There are many cases where victims are threatened that if they do not pay money to the perpetrator, their photos would be morphed or any other form of humiliation will have to be faced by them.

CYBER DEFAMATION

Cyber defamation involves using a computer or communication device to make false statements about a person and cause insult and humiliation to such person. Apart from legal recourse under cyber laws, the victim has legal redress under the law of torts too.

IDENTIFYING THE REAL FACE BEHIND THE FAKE ACCOUNT

Advanced Cyber Forensic Tools and analysis of log files has made it possible to trace the real people behind fake profiles. Their names and addresses can be easily traced in order to take legal action against them.

LEGAL RECOURSE

A victim must file a complaint with the cyber crime cell or Adjudicating Officer in the format mentioned in the Infromation Technology Act, 2000 with the fees payable.

Also, the victim must contact the intermediary to take temporary action against the offender.

It is always advisable to interact with people you personally know on social media, however, if you do interact with people you don’t know well it is best to check out mutual friends.

If you do spot any fake profiles on social media, you must report the same, as you not only will save yourself from cyber crimes, but also many others who could fall prey to such scammers.

legal.pb@gmail.com

http://www.cyberjure.com

 

– Advocate Puneet Bhasin, Cyber Lawyer, Cyberjure Legal Consulting, http://www.cyberjure.com

social 3 social 2

Hacking or unauthorized access to accounts can be of two types. The first is the one that would involve password cracking tools, but most organizations have cyber security features in place to prevent these attacks, however, it’s the second type of attack that can cripple any organization or person’s accounts and databases; this is a social engineering attack.

Social engineers are criminals who take advantage of human behavior to pull off an online scam or hacking attack. Successful social engineers are confident and in control of the situation completely.

There can be two techniques used by social engineers. One is of simple observation and another is of proactive effort.

In the first case, the social engineer simply observes a person’s social networking profiles, linkedin profiles and all data available about him. Most people have passwords that they can easily remember, and for that they have to be words closely related to them. People share their lives on social networking, where their date of birth, favourite colour, pet’s name and everything possibly related to them is freely available. It’s pretty easy to guess passwords in such a scenario. It’s always advisable to be discrete with respect to the data shared on social media. Such data is also collected by the online questionnaires and market research forms that people request to fill in public places.

In the second case, the attack is pre-planned and complete checklist is made of the person or companies likes, dislikes, passions, hobbies and professional credentials. Then the second stage of physical access comes into the picture. For example, three income tax officials turn up at your office for an inspection along with relevant badges and check all your office computers and all your documents, and in the process lodge key loggers into your computers, whereby they will receive an email of every key stroke made on the computers, thereby giving out your passwords and confidential data.

An example of this kind of attack would be where a social engineer researches about a person let’s say Mr. A, and knows that this person is fond of foreign holidays. The social engineer then calls up this person as the authorized representative from a reputed travel agency and offers a mind-blowing holiday package. He asks the Mr. A the version of PDF reader he is using on his laptop. The conversation is very friendly and inspires trust in the mind of Mr. A. The social engineer sends the holiday proposal in a PDF format which is not compatible with the PDF reader installed by Mr. A, and along with the proposal sends a compatible PDF reader for Mr. A to download and read the proposal. The PDF reader has malware attached that gives the social engineer access into Mr. A’s computer.

Another example of this type of attack would be where a very pretty woman, who is a journalist, goes to meet the System Administrator of a big company, to get his opinion on cyber security. She flirts a lot with him and after taking his opinion leaves, but “accidently” leaves her pen drive with him. A beautiful woman who flirted with this guy definitely would make him curious about her and he accesses her pen drive to know more about her. Only that the pen drive is infected with key logger and Trojan malware, thereby making the company’s networks very vulnerable.

The 4 basic principles which most social engineers follow are:

  • They project confidence. They do not sneak around and they proactively approach people and draw attention towards themselves.
  • They give you something. Probably just a small favor which creates trust and a perception of indebtedness.
  • They use humor as that is one tool which is endearing and disarming.
  • They make a request and offer a reason and research shows people are likely to respond to any reasoned request.

Attacks by social engineering are offences in India under Section 43 of the Information Technology Act, 2000. This section reads as under:

Penalty and compensation for damage to computer, computer system, etc. -If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network,-

(a) accesses or secures access to such computer, computer system or computer networkor computer resource;

(b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;

(c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;

(d) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;

(e) disrupts or causes disruption of any computer, computer system or computer network;

(f) denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means;

(g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder;

(h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network,

(i) destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means;

-he shall be liable to pay damages by way of compensation to the person so affected.

 

A victim is required to make a Complaint in the prescribed format along with the applicable fees to The Adjudicating Officer, Information Technology Act, 2000. The fees are calculated in accordance with the damages claimed. Under the provisions of the Rules for conduct of Adjudicating Proceedings under the Information Technology Act, 2000, the Adjudicating officer shall decide every application in 4 months and the whole matter in 6 months.

 – legal.pb@gmail.com

social 1

1

Advocate Puneet Bhasin, Cyber Law expert, Cyberjure Legal Consulting

The concept of property has undergone plethora of changes, with the emergence of social networking platforms. The photos we share, the posts we make are our digital property. Every person now-a-days has a part of himself online, and the family and friends would want to preserve this legacy too after a person is no more. We have a lot of memories stored online which our loved ones would want to preserve. Digital assets also include music, films, email accounts and computer game characters.

In a very recent case of Toronto based Alison Atkins, the sixteen years old lost a long battle with colon disease. Her sister had a technician crack her password protected Mac Book Pro, as her family wanted to access her digital remains like her facebook, twitter, yahoo and hotmail accounts, which were her life line during her illness. Alison had pictures poems and messages written on these inline forums which her family wanted to preserve.

However, accessing Alison’s accounts without her authorization was an act of unauthorized access and punishable by law.

Under the Information Technology Act, 2000, it is a violation of Section 43(a) and Section 43(b) of the Act.

These provisions read as under:

Section 43: If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network,-

(a)  accesses or secures access to such computer, computer system or computer network

(b)  downloads, copies or extracts any data, computer data base information from such computer, computer system or computer network including information or data held or stored in any removable storage medium.

-shall be liable to pay damages by way of compensation to the person so affected.

The unauthorized use of Alison’s passwords violated the website terms of use and provisions of cyber laws too. None of the service providers allowed the Atkins family to recover her passwords and access her accounts as that would amount to a violation of her privacy. The attempts of the Atkins family to recover the digital remains of their daughter fell apart as facebook and all the other service providers started to block them out.

The digital era adds a new complexity to the human test of dealing with death. Loved ones once may have memorialized the departed with private rituals and a notice in the newspaper. Today, as family and friends gather publicly to write and share photos online, the obituary may never be complete.

But families like the Atkinses can lose control of a process they feel is their right and obligation when the memories are stored online—encrypted, locked behind passwords, just beyond reach. One major cause is privacy law. Current laws, intended to protect the living, fail to address a separate question: Who should see or supervise our online legacy?

In 2009, Facebook began to allow family members to either delete or “memorialize” the accounts of the deceased. In a memorialized account, the people on a person’s existing friend list can still leave their comments and photos with the account of a dead person. But nobody has permission to log in or edit the account. However, this could also lead to cases of cyber defamation where there could be defamatory posts made, and the family is not authorized to delete or edit them.

The only solution to this is that digital legacy must be included in wills, and people should leave clear instructions about what should happen to their social media, online accounts and other digital assets after their death. If we make our wishes clear now as to whether we want our digital legacy to be closed down or preserved, it becomes much easier for loved ones to comply with our wishes.

legal.pb@gmail.com

http://www.cyberjure.com