What's New

India’s Cyber Infrastructure

Context: According to the latest National Crime Records Bureau (NCRB) data, cybercrimes have increased from 12,317 cases in 2016 to 50,035 cases in 2020. Cybercrime is increasing with the increased use of information and communication technology (ICT). However, despite this alarming trend, the capacity of the enforcement agencies to investigate cybercrime remains limited.

Prevailing Issues

• No procedural code
  • No separate procedural code for the investigation of cyber or computer-related offences.
  • As electronic evidence is entirely different in nature when compared with evidence of traditional crime, laying down standard and uniform procedures to deal with electronic evidence is essential.

• Shortage of technical staff
  • There have been half-hearted efforts by the States to recruit technical staff for the investigation of cybercrime.
  • A regular police officer, with an academic background in the arts, commerce, literature, or management may be unable to understand the nuances of the working of a computer or the Internet.
  • It is only a technically qualified staff who can acquire and analyze digital evidence.

• Cyber labs
  • The Centre helps in upgrading the State laboratories by providing modernization funds, though the corpus has gradually shrunk over the years.
  • Many State government labs are yet to be notified as ‘Examiner of Electronic Evidence’ by the central government to enable them to provide expert opinion on electronic records.

Solutions

• Reforms in the Procedural Code
  • The broad ‘guidelines for the identification, collection, acquisition and preservation of digital evidence’ are given in the Indian Standard issued by the Bureau of Indian Standards (BIS). The guidelines, if followed meticulously, may ensure that electronic evidence is neither tampered with nor subject to spoliation during investigation.
  • A five-judge committee was constituted in July 2018 to frame the draft rules which could serve as a model for the reception of digital evidence by courts.
  • The committee, after extensive deliberations with experts, the police and investigation agencies, finalised its report in November 2018, but the suggested Draft Rules for the Reception, Retrieval, Authentication and Preservation of Electronic Records are yet to be given a statutory force.

• Staff Reforms
  • It is essential that State governments build up sufficient capacity to deal with cybercrime. It could be done either by setting up a separate cyberpolice station in each district or range, or having technically qualified staff in every police station.
  • The Information Technology (IT) Act, 2000 insists that offences registered under the Act should be investigated by a police officer not below the rank of an inspector, it will be pragmatic to consider a suitable amendment in Section 80 of the Act and make sub-inspectors eligible to take up investigation of cybercrimes.

• Upgrade Cyber labs
  • The cyber forensic laboratories of the States must be upgraded with the advent of new technologies on lines of National Cyber Forensic Lab and the Cyber Prevention, Awareness and Detection Centre (CyPAD) of the Delhi Police.

• Need for localization
  • Data localization’ must feature in the proposed Personal Data Protection law so that enforcement agencies are able to get timely access to the data of suspected Indian citizens.
  • The police still get CyberTipline reports on online Child Sexual Abuse Material (CSAM) from the U.S.’s non-profit agency, it would be a step forward if India develops its in-house capacity.

With ‘police’ and ‘public order’ being in the State List, the primary obligation to check crime and create the necessary cyberinfrastructure lies with States. At the same time, with the IT Act and major laws being central legislation, the central government is no less responsible to evolve uniform statutory procedures for the enforcement agencies. The Centre and States must not only work in tandem and frame statutory guidelines to facilitate investigation of cybercrime but also need to commit sufficient funds to develop much-awaited and required cyber infrastructure