EVIDENTIARY VALUE OF SMS, MMS AND E-MAIL

The era of Information technology has brought new methods and modes of commission of crime. Each time a crime is committed whether in physical form or in cyber space, the success of prosecution largely depends on the quality of evidence presented at the trial . With the sophistication in Information technology the weapons of commission of crime are changing thereby posing a serious challenge before the investigation agencies to collect and preserve the evidence. A conviction or acquittal largely depends on the quality of evidence produced by the prosecution.

The advent information technology has brought into existence a new kind of document called the electronic record. This intangible document is of new species has certain uniqueness as compared to conventional form of documents. This document can preserved in same quality and state for a long period of time through encryption processes reducing the chance of tampering of evidence. This document can be in various forms like a simple e-mail or short message or multimedia message or other electronic forms.

The Indian Evidence Act, 1872 and Information Technology Act, 2000 grants legal recognition to electronic records and evidence submitted in form of electronic records. According to section 2(t) of the Information Technology Act, 2000 “electronic record” means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche. The Act recognizes electronic record in a wide sense thereby including electronic data in any form such as videos or voice messages. The Information technology has made it easy to communicate and transmit data in various forms from a simple personal computer or a mobile phone or other kinds of devices. The Information Technology Amendment Act, 2008 has recognized various forms of communication devices and defines a “communicationdevice” under section 2 (ha)of the Act “communication device” means cell phones, personal digital assistance or combination of both or any other device used to communicate, send or transmit any text, video, audio or image. The Indian IT Act 2000 lays down a blanket permission for records not to be denied legal effect if they are in electronic form as long as they are accessible for future reference.

The Act amends the definition of ‘Evidence’in s 3, the interpretation clause of the Indian Evidence Act 1872, to state:

‘Evidence’ means and includes
1)
……
2)
All documents including electronic records produced for the inspection of the Court

Further, in s 4, the IT Act 2000 provides:

Section                                                                                                                                      4
Legal Recognition of electronic records.—Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is-

a) rendered made available in an electronic form; and

b) accessible so as to be usable for a subsequent reference.

The evidentiary value of an electronic record totally depends upon its quality. The Indian Evidence Act, 1872 has widely dealt with the evidentiary value of the electronic records. According to section 3 of the Act, “evidence” means and includes all documents including electronic records produced for the inspection of the court and such documents are called documentary evidence. Thus the section clarifies that documentary evidence can be in the form of electronic record and stands at par with conventional form of documents.

The evidentiary value of electronic records is widely discussed under section 65A and 65B of the Evidence Act, 1872. The sections provide that if the four conditions listed are satisfied any information contained in an electronic record which is printed on paper, stored, recorded or copied in an optical or magnetic media, produced by a computer is deemed to be a document and becomes admissible in proceedings without further proof or production of the original, as evidence of any contacts of the original or any facts stated therein, which direct evidence would be admissible.

The four conditions referred to above are:

(1) The computer output containing such information should have been produced by the computer during the period when the computer was used regularly to store or process information for the purpose of any activities regularly carried on during that period by the person having lawful control over the use of the computer.

(2) During such period, information of the kind contained in the electronic record was regularly fed into the computer in the ordinary course of such activities.

(3) Throughout the material part of such period, the computer must have been operating properly. In case the computer was not properly operating during such period, it must be shown that this did not affect the electronic record or the accuracy of the contents.
.

(4) The information contained in the electronic record should be such as reproduces or is derived from such information fed into the computer in the ordinary course of such activities

It is further provided that where in any proceedings, evidence of an electronic record is to be given , a certificate containing the particulars prescribed by 65B of the Act, and signed by a person occupying a responsible official position in relation to the operation of the relevant device or the management of the relevant activities would be sufficient evidence of the matters stated in the certificate.

The apex court in State v Navjot Sandhu while examining the provisions of newly added s 65B, held that in a given case, it may be that the certificate containing the details in sub- s 4 of s 65B is not filed, but that does not mean that secondary evidence cannot be given. It was held by the court that the law permits such evidence to be given in the circumstances mentioned in the relevant provisions, namely, ss 63 and 65 of the Indian Evidence Act 1872. Paragraph 150 of the judgment which is apposite, reads as under:

150. According to Section 63, secondary evidence means and includes, among other things, “copies made from the original by mechanical processes which in themselves insure the accuracy of the copy, and copies compared with such copies.

Section 65 enables secondary evidence of the contents of a document to be adduced if the original is of such a nature as not to be easily movable. Hence, printouts taken from the computers/servers by mechanical process and certified by a responsible official of the service-providing company can be led in evidence through a witness who can identify the signatures of the certifying officer or otherwise speak of the facts based on his personal knowledge. Irrespective of the compliance with the requirements of s 65-B, which is a provision dealing with admissibility of electronic records, there is no bar to adducing secondary evidence under the other provisions of the Indian Evidence Act 1872, namely, ss 63 and 65.

It is pertinent to note herein a recent development, that as per the IT Amendment Bill 2008 (passed by both houses of Indian Parliament and yet to be enforced), s 79A empowers the Central Government to appoint any department, body or agency as examiner of electronic evidence for providing expert opinion on electronic form evidence before any court or authority. ‘Electronic form of evidence’ herein means any information of probative value that is either stored or transmitted in electronic form and includes computer evidence, digital, audio, digital video, cellphones, digital fax machines.

Further as per Section 85 B of the Indian Evidence Act, there is a presumption as to authenticity of electronic records in case of secure electronic records ( i.e records digitally signed as per Section 14 of the IT Act,2000. Other electronic records can be proved by adducing evidence and presumption will not operate in case of documents which do not fall under the definition of secure electronic records. It is pertinent to point out herein that with the passage of the Information Technology Amendment Act 2008, India would become technologically neutral due to adoption of electronic signatures as a legally valid mode of executing signatures. This includes digital signatures as one of the modes of signatures and is far broader in ambit covering biometrics and other new forms of creating electronic signatures.

The position of electronic documents in the form of SMS, MMS and E-mail in India is well demonstrated under the law and the interpretation provided in various cases. In State of Delhi v. Mohd. Afzal & Others, it was held that electronic records are admissible as evidence. If someone challenges the accuracy of a computer evidence or electronic record on the grounds of misuse of system or operating failure or interpolation, then the person challenging it must prove the same beyond reasonable doubt. The court observed that mere theoretical and general apprehensions cannot make clear evidence defective and in admissible. This case has well demonstrated the admissibility of electronic evidence in various forms in Indian courts.

The basic principles of equivalence and legal validity of both electronic signatures and hand written signatures and of equivalence between paper document and electronic document has gained universal acceptance. Despite technical measures, there is still probability of electronic records being tampered with and complex scientific methods are being devised to determine the probability of such tampering. For admissibility of electronic records, specific criteria have been made in the Indian Evidence Act to satisfy the prime condition of authenticity or reliability which may be strengthened by means of new techniques of security being introduced by advancing technologies.

(2005) 11 SCC 600.

2003 (3) JCC 1669.

 

DIGITAL SIGNATURE – Signing the digital way

DIGITAL SIGNATURE

Signing the digital way

Introduction

The Central Board of Direct taxes announced on 1^st July 2011, that all Individuals, HUFs and Partnership Firms who are liable to get their accounts audited under the Income Act 1961 will have to file their Income-Tax return online compulsorily using Digital signature for the financial year 2010-11.

Many people confuse a Digital Signature with an e-signature. An e-signature is a scanned image of your phys­ical signature while Digital Signature is not a facsimile of a person’s physical signature. A document with a Digital Signature will not contain any traditional signature but it will simply state that it has been digitally signed by (name of the person signing it). To know about Digital Signatures we will first have to understand what Digital Signature Certificates are.

What is a Digital Signature Certificate?

A Digital Signature Certificate, like hand written signature, establishes the identity of the sender filing the documents through internet which sender can not revoke or deny. Digital Signature Certificates (DSC) are the digital equivalent (that is electronic format) of physical or paper certificates. Examples of physical certificates are drivers’ licenses, passports or membership cards. A digital certificate can be presented electronically to prove your identity, to access information or services on the Internet or to sign certain documents digitally. In simple words, a document can be Digitally Signed using a Digital Signature Certificate.

Why is Digital Signature Certificate (DSC) required?

 Like physical documents are signed manually, electronic documents, for example e-forms are required to be signed digitally using a Digital Signature Certificate. The Information Technology Act, 2000 provides for use of Digital Signatures on the documents submitted in electronic form in order to ensure the security and authenticity of the documents filed electronically. This is the only secure and authentic way that a document can be submitted electronically. Moreover a Digital Signature is the on­ly way one can authenticate electronic or online transac­tions “legally”. The potential for Digital Signatures is huge in services like e-procurement, filing of returns, filing of export-import licenses, financial transactions, digitization of land records, while using e-commerce web-sites and other transactional portals and other online trans­actions like internet banking. You can even encrypt information in your e-mail using a private key of a Digital Signature.

Types of Digital Signature Certificates :

There are basically 3 types (or classes) of Digital Signature Certificates  Class-1, Class-2 & Class-3, each having different level of security. Class 1 Signatures are used for identification of username/email ID. However it cannot be used to sign any Statutory / Business Documents whereas Class 2 & Class-3 -DSCs are issued to the Individuals and can be used for either Personal or Business Purposes.

Class 2 signatures can be availed from Dealers / Resellers of Certifying Authority, by submitting the prescribed documents. Here, the identity of a person is verified against a trusted, pre-verified database. Class 3 signature is the highest level where the person needs to present himself or herself in front of a Registration Authority (RA) and prove his/ her identity by submitting the documents.

 How does it work!!

 TECHNICAL ASPECTS:

Digital signatures are an application of asymmetric key cryptography. Cryptography is primarily used as a tool to protect national secrets and strategies. It is extensively used by the military, the diplomatic services and the banking sector.

CRYPTOGRAPHY:

Cryptography is the science of using mathematics to encrypt and decrypt data. It enables a person to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient

Data that can be read and understood without any special measures is called plaintext or clear text. Data which requires some special function to be performed on it before it can be read and understood, is called cipher text. The same plaintext, encrypted by using different keys, will result in different cipher text. The security of encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the secrecy of the key.

Encryption is used to ensure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data. The process of reverting cipher text to its original plaintext is called decryption.

 A cryptographic algorithm, or cipher, is a mathematical function (known as hash function) used in the encryption and decryption process. This hash function works in combination with a key (private key) to encrypt the plaintext (the original message).

The hash function software produces a fixed length of alphabets, numbers and symbols for any document. This is known as the hash result. However, the contents of this fixed length are never the same for two different documents. If even one letter in the document is altered, an entirely different hash result will be generated. The hash function software will always produce the same hash result for a particular message & it is practically impossible to reconstruct the original message from the hash result.

Customers are given two codes for verification —private and public keys. The public key and private key are nothing but extremely large numbers. Although the keys are mathematically related, it is almost impossible to obtain the private key by using the public key.  If a particular private key was used to “sign” a message, then only the corresponding public key will be able to verify the “signature”. A Digital Signature usually contains owners name, company name and address, public key, certificate serial number, expiry date of the public key, certifying company ID, and Certifying Company’s Digital Signature.

Illustration

1) CHETAN wants to digitally sign emails and electronic contracts. So he would use computer software (asymmetric crypto system) to generate two keys, a public key and private key. CHETAN will give his public key to the whole world but will keep his private key to himself. Once he has done that, he can use his private key to sign contracts etc. Anyone can use CHETAN’s public key to verify his signature. That’s where the problem begins. How can anyone be sure which is CHETAN’s public key? What if Mr. CHETAN denies that a particular public key is actually his? To solve this problem digital signature certificates are used. CHETAN would apply to a licensed CA (Certifying Authority) for a digital signature certificate.

As part of the application process he would submit identification documents as discussed earlier. He would also send his public key to the CA. The CA would then “certify” the public key as belonging to Mr. CHETAN and issue a digital signature certificate that contains Mr. CHETAN’s public key along with information identifying him.

Now CHETAN wants to enter into a transaction with Pankaj. He composes an electronic document containing the words

I, CHETAN owe Pankaj the sum of Rs. 500 only.

Using his computer CHETAN runs this document through a hash function. The computer then performs the process on the document as discussed above.

CHETAN now uses his computer to “sign” the hash result of his document. His computer software uses his private key to perform some calculations upon the hash result. This produces a signature, which consists of some digits. This set of digits is attached to the hash result.

CHETAN now sends the original message and the signed message digest (hash result) to Pankaj. Pankaj has the same hash function software on his computer. He also has his (CHETAN’s) public key. When Pankaj receives CHETAN’s email, he runs the original document through the hash function software and generates a hash result. The computer compares this hash result with the one that was sent to him by CHETAN. If the two hash results are the same, it means that the message is unaltered.

Pankaj also verifies whether CHETAN’s private key was actually used to sign the hash result. For this Pankaj’s computer uses CHETAN’s public key. Only a message signed by CHETAN’s private key can be verified using CHETAN’s public key.

 

Cost and validity

A Digital Signature certificate has to be purchased from a gov­ernment- licensed Certification Agency known as “Certifying Authority (CA)”. Certifying Authority (CA) means a person who has been granted a license to issue a digital signature certificate under Section 24 of the Indian IT-Act 2000. At present, there are eight such agencies (CAs) namely, IDRBT, iCERT (Customs and Central Excise) and MTNL. Tata Consul­tancy Services (TCS), Safe­scrypt (from Sify), (n)Code So­lutions (from GNFC), and e­-Mudhra (from 3i Infotech).

The Digital Signature Certificates come with a validity peri­od of one-two years, implying there is a cost attached. We are not used to paying for our own sig­nature.

While Digital Signatures are estimated to cost CAs Rs 175-225, individuals typi­cally end up paying anyway be­tween Rs 1,500 and Rs 3,000 —and sometimes even up to Rs 7,000 for the high-level Class-3 security certificates. The prices include a one-time payment for a crypto (USB) e-token, which contains the software. Typically, if you want to use a digital signature for sensitive transac­tions like e-filing of returns or internet banking & broking then the costs are between Rs. 2,200 (without token) to 3,200 (with token). Much depends on the bundling schemes & packages offered by the distributors.

Offences & Penalties under the Information Technology Act, 2000

Cyber offences are the unlawful acts which are carried in a very sophisticated manner in which either the computer is the tool or target or both.

The offences included in the IT Act 2000 are as follows:
1. Tampering with the computer source documents.
2. Hacking with computer system.
3. Publishing of information which is obscene in electronic form.
4. Power of Controller to give directions
5. Directions of Controller to a subscriber to extend facilities to decrypt information
6. Protected system
7. Penalty for misrepresentation
8. Penalty for breach of confidentiality and privacy
9. Penalty for publishing Digital Signature Certificate false in certain particulars
10. Publication for fraudulent purpose
11. Act to apply for offence or contravention committed outside India
12. Confiscation
13. Penalties or confiscation not to interfere with other punishments.
14. Power to investigate offences.

 Obscenity is an attack on moral values & it is a criminal libel. Obscenity is usually limited to sex or what people might regard as foul language.

The major difference between defamation and obscene is that accused of obscenity cannot use such defences as truth, fair comment or privilege.

 Sec 67 does not speak about defamation instead it speaks only about obscenity.

If we have provisions regarding defamation under IPC we need not look into some other laws if there is no specific provision. under ipc its punishable to defame any person using any form of medium, so it includes electronic form also.

 Cyber Laws under Information Technology Act in India

– Section 43 of IT Act states any act of destroying, altering or stealing computer system/network or deleting information with act of damaging data or information without authorization of owner of that computer is liable for payment to be made to owner as compensation for damages

– Section 43A of IT Act states any corporate body dealing with sensitive information and negligent with implementing reasonable security practices causing loss or wrongful gain to any other person will also be liable as convict for compensation to the affected party

– Section 66 states hacking of computer system by individual with dishonesty or fraudulently with 3 yrs imprisonment with fine of Rs. 5,00,000 or both

– Section 66A states any offensive information with demean character or information known as false but sent for purpose of causing annoyance, inconvenience, danger, enmity, hatred or criminal intimidation to mislead the recipient is liable for imprisonment upto 3 years with (or) without fine

– Section 66 B,C,D for fraudulently or dishonesty using or transmitting information or Identity theft is punishable with 3 yr imprisonment or 1,00,000 fine or both

– Section 66 E for Violation of privacy by transmitting image of private area is punishable with 3 yr imprisonment or 2,00,000 fine or both

– Section 66 F on Cyber Terrorism affecting unity, integrity security, sovereignity of India through digital medium is liable for life imprisonment

– Section 67 states publishing obscene information or pornography or transmitting obscene information in public is liable for imprisonment upto 5 years or penalty of Rs. 10,00,000 or both

  The world 1st computer specific law was enacted in the year 1970 by the German State of Hesse in the form of ‘Data Protection Act, 1970’ with the advancement of cyber technology. With the emergence of technology the misuse of technology has also expanded to its optimum level and then there arises a need of strict statutory laws to regulate the criminal activities in the cyber world and to protect technological advancement system. It is under these circumstances Indian parliament passed its “INFORMATION TECHNOLOGY ACT, 2000” on 17th oct to have its exhaustive law to deal with the technology in the field of e-commerce, e-governance, e-banking as well as penalties and punishments in the field of cyber crimes.

•  Cyber Crimes Actually Means: It could be hackers vandalizing your site, viewing confidential information, stealing trade secrets or intellectual property with the use of internet. It can also include ‘denial of services’ and viruses attacks preventing regular traffic from reaching your site. Cyber crimes are not limited to outsiders except in case of viruses and with respect to security related cyber crimes that usually done by the employees of particular company who can easily access the password and data storage of the company for their benefits. Cyber crimes also includes criminal activities done with the use of computers which further perpetuates crimes i.e. financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail, spoofing, forgery, cyber defamation, cyber stalking, unauthorized access to Computer system, theft of information contained in the electronic form, e-mail bombing, physically damaging the computer system etc.
• Classifications Of Cyber Crimes: Cyber Crimes which are growing day by day, it is very difficult to find out what is actually a cyber crime and what is the conventional crime so to come out of this confusion, cyber crimes can be classified under different categories which are as follows:

1. Cyber Crimes against Persons:

There are certain offences which affects the personality of individuals can be defined as:

• Harassment via E-Mails: It is very common type of harassment through sending letters, attachments of files & folders i.e. via e-mails. At present harassment is common as usage of social sites i.e. Facebook, Twitter etc. increasing day by day.
• Cyber-Stalking: It means expressed or implied a physical threat that creates fear through the use to computer technology such as internet, e-mail, phones, text messages, webcam, websites or videos.
• Dissemination of Obscene Material: It includes Indecent exposure/ Pornography (basically child pornography), hosting of web site containing these prohibited materials. These obscene matters may cause harm to the mind of the adolescent and tend to deprave or corrupt their mind.
• Defamation: It is an act of imputing any person with intent to lower down the dignity of the person by hacking his mail account and sending some mails with using vulgar language to unknown persons mail account.
• Hacking: It means unauthorized control/access over computer system and act of hacking completely destroys the whole data as well as computer programmes. Hackers usually hacks telecommunication and mobile network.
• Cracking: It is amongst the gravest cyber crimes known till date. It is a dreadful feeling to know that a stranger has broken into your computer systems without your knowledge and consent and has tampered with precious confidential data and information.
• E-Mail Spoofing: A spoofed e-mail may be said to be one, which misrepresents its origin. It shows it’s origin to be different from which actually it originates.
• SMS Spoofing: Spoofing is a blocking through spam which means the unwanted uninvited messages. Here a offender steals identity of another in the form of mobile phone number and sending SMS via internet and receiver gets the SMS from the mobile phone number of the victim. It is very serious cyber crime against any individual.
• Carding: It means false ATM cards i.e. Debit and Credit cards used by criminals for their monetary benefits through withdrawing money from the victim’s bank account mala-fidely. There is always unauthorized use of ATM cards in this type of cyber crimes.
• Cheating & Fraud: It means the person who is doing the act of cyber crime i.e. stealing password and data storage has done it with having guilty mind which leads to fraud and cheating.
• Child Pornography: It involves the use of computer networks to create, distribute, or access materials that sexually exploit underage children.
• Assault by Threat: refers to threatening a person with fear for their lives or lives of their families through the use of a computer network i.e. E-mail, videos or phones.

 2. Crimes Against Persons Property:

As there is rapid growth in the international trade where businesses and consumers are increasingly using computers to create, transmit and to store information in the electronic form instead of traditional paper documents. There are certain offences which affects persons property which are as follows:

•  Intellectual Property Crimes: Intellectual property consists of a bundle of rights. Any unlawful act by which the owner is deprived completely or partially of his rights is an offence. The common form of IPR violation may be said to be software piracy, infringement of copyright, trademark, patents, designs and service mark violation, theft of computer source code, etc.
• Cyber Squatting: It means where two persons claim for the same Domain Name either by claiming that they had registered the name first on by right of using it before the other or using something similar to that previously. For example two similar names i.e. http://www.yahoo.com and www.yaahoo.com.
• Cyber Vandalism: Vandalism means deliberately destroying or damaging property of another. Thus cyber vandalism means destroying or damaging the data when a network service is stopped or disrupted. It may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral attached to the computer.
• Hacking Computer System: Hacktivism attacks those included Famous Twitter, blogging platform by unauthorized access/control over the computer. Due to the hacking activity there will be loss of data as well as computer. Also research especially indicates that those attacks were not mainly intended for financial gain too and to diminish the reputation of particular person or company.
• Transmitting Virus: Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worm attacks plays major role in affecting the computerize system of the individuals.
• Cyber Trespass: It means to access someone’s computer without the right authorization of the owner and does not disturb, alter, misuse, or damage data or system by using wireless internet connection.
• Internet Time Thefts: Basically, Internet time theft comes under hacking. It is the use by an unauthorised person, of the Internet hours paid for by another person. The person who gets access to someone else’s ISP user ID and password, either by hacking or by gaining access to it by illegal means, uses it to access the Internet without the other person’s knowledge. You can identify time theft if your Internet time has to be recharged often, despite infrequent usage.

3. Cybercrimes Against Government:

There are certain offences done by group of persons intending to threaten the international governments by using internet facilities. It includes:

•  Cyber Terrorism: Cyber terrorism is a major burning issue in the domestic as well as global concern. The common form of these terrorist attacks on the Internet is by distributed denial of service attacks, hate websites and hate e-mails, attacks on sensitive computer networks etc. Cyber terrorism activities endanger the sovereignty and integrity of the nation.
• Cyber Warfare: It refers to politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare although this analogy is controversial for both its accuracy and its political motivation.
• Distribution of pirated software: It means distributing pirated software from one computer to another intending to destroy the data and official records of the government.
• Possession of Unauthorized Information: It is very easy to access any information by the terrorists with the aid of internet and to possess that information for political, religious, social, ideological objectives.

4. Cybercrimes Against Society at large:

An unlawful act done with the intention of causing harm to the cyberspace will affect large number of persons. These offences includes:

•  Child Pornography: It involves the use of computer networks to create, distribute, or access materials that sexually exploit underage children. It also includes activities concerning indecent exposure and obscenity.
• Cyber Trafficking: It may be trafficking in drugs, human beings, arms weapons etc. which affects large number of persons. Trafficking in the cyberspace is also a gravest crime.
• Online Gambling: Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyber space. There are many cases that have come to light are those pertaining to credit card crimes, contractual crimes, offering jobs, etc.
• Financial Crimes: This type of offence is common as there is rapid growth in the users of networking sites and phone networking where culprit will try to attack by sending bogus mails or messages through internet. Ex: Using credit cards by obtaining password illegally.
• Forgery: It means to deceive large number of persons by sending threatening mails as online business transactions are becoming the habitual need of today’s life style.

Affects To Whom: Cyber Crimes always affects the companies of any size because almost all the companies gain an online presence and take advantage of the rapid gains in the technology but greater attention to be given to its security risks. In the modern cyber world cyber crimes is the major issue which is affecting individual as well as society at large too.

Need of Cyber Law: information technology has spread throughout the world. The computer is used in each and every sector wherein cyberspace provides equal opportunities to all for economic growth and human development. As the user of cyberspace grows increasingly diverse and the range of online interaction expands, there is expansion in the cyber crimes i.e. breach of online contracts, perpetration of online torts and crimes etc. Due to these consequences there was need to adopt a strict law by the cyber space authority to regulate criminal activities relating to cyber and to provide better administration of justice to the victim of cyber crime. In the modern cyber technology world it is very much necessary to regulate cyber crimes and most importantly cyber law should be made stricter in the case of cyber terrorism and hackers.

Penalty For Damage To Computer System: According to the Section: 43 of ‘Information Technology Act, 2000’ whoever does any act of destroys, deletes, alters and disrupts or causes disruption of any computer with the intention of damaging of the whole data of the computer system without the permission of the owner of the computer, shall be liable to pay fine upto 1crore to the person so affected by way of remedy. According to the Section:43A which is inserted by ‘Information Technology(Amendment) Act, 2008’ where a body corporate is maintaining and protecting the data of the persons as provided by the central government, if there is any negligent act or failure in protecting the data/ information then a body corporate shall be liable to pay compensation to person so affected. And Section 66 deals with ‘hacking with computer system’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both.

Wrong/Failed ATM Transactions : Compensation

It’s now more than two years since the Reserve Bank has asked all banks to pay consumers who are victims of  failed ATM transactions, compensation at the rate of Rs. 100 per day, if the amount wrongly deducted from their accounts is not reimbursed within the stipulated time frame.

While earlier, banks had 12 days to resolve the issue, from July 1 this year, they have seven days. In other words, banks have to reverse the wrong debit within seven days or else pay compensation at the rate of Rs.100 per day for every day’s delay and pay this amount voluntarily, without waiting for the consumer to ask for it.

Yet, banks continue to violate this diktat of the regulator. Take as an example, this case quoted in the latest annual report on the Banking Ombudsman Scheme: A consumer tries to withdraw R500 from his account through an ATM, but the machine dispenses only R400. His bank, however, debits Rs. 500 from his account and then takes as long as five weeks to reverse the wrong debit!

The bank, here, blatantly violates the regulator’s mandate  on two counts: First and foremost, it does not correct the debit error within the time frame given by the regulator. Second, it fails to pay the stipulated penalty to the consumer.

Eventually, the consumer is forced to go to the Ombudsman to get what is due to him as penalty: Rs.16,200. An RBI official says that in many such cases,  banks have had to pay as much as Rs. 50,000 or even more as compensation to the consumer.

All this brings us to the imperative need for detailed information on the issue.

The regulator ought to respect the consumers’ Right to Information and give answers to the following questions (it can be put up  on the RBI website):

(a) the total number of complaints received by banks on failed ATM transactions and wrong debits;

(b) the time taken by them to reverse the wrong debit.

Consumers also need to know about

(c) the number of cases where the rectification was not done within the stipulated time and the quantum of compensation paid;

(d) the number of cases where this was paid voluntarily and on the intervention of the ombudsman;

(e) the penalty imposed by the regulator on those banks which failed to follow its directive and

(f) the  action taken by the RBI against banks that failed to send quarterly reports on the subject.

In addition, consumers should be told about the steps being taken to eliminate the problem of failed transactions and  ensure flawless disbursal of money by the machines.

The information would not only help consumers asses the quality of service provided by individual banks but also the way the regulator enforces compliance of this particular directive. It will also force banks to perform better.