As the mutated version of Covid-19 virus fuels the catastrophic crisis looming over India, the desperation for medical equipment combined with its steep shortage has provided a fertile ground for “new strain” of cybercrimes. While online frauds premised on exploiting public sentiment during the pandemic are not new, with creation of fake UPI accounts claiming to be the official channels for making donations to PM CARES COVID-19 RELIEF FUND, being one of the firsts, the cybercrimes in the second wave are more focused on defrauding both the desperate and the helpful into sending money online under the guise of medicine suppliers, charity workers and the like. Past has been testament of the fact that non-delivery of pre-paid goods is one of the easiest way to commit online frauds worldwide, with US Internet Crime Complaint Centre recording a total loss of $560million in 2009, from fraud on the internet with the most significant loss coming from non-delivery of goods. In India, such online fraudsters can be booked under Section 66D of the Information Technology Act, 2000 (“IT Act”), laying down punishment for cheating by personation, as well as Indian Penal Code, 1860 (“IPC”) for cheating and criminal breach of trust. However, there is no robust mechanism to deal with cybercrimes as a whole. In fact the term ‘cybercrime’ is not even defined under any legislation. The role of these laws seems to be limited due to want of traceability, human awareness and hence, enforceability. Lack of mechanism to trace the criminals renders the cybersecurity laws under-effective.
If black marketing and hoarding weren’t enough, scams involving supply of oxygen cylinders and medical essentials have also come to the limelight. Owing to the lack of enforcement mechanism in the cybersecurity legal regime, agencies have still resorted to old text book techniques to bring to book the offenders by setting up traps rather than adopting the next gen IT tools. Though the process of tracing the offender using his bank account or phone number is still a lot prompt now, however, due to limited manpower and large number of complaints, apprehending the culprit takes a reasonable time and is generally delayed enough for the alleged to escape. Moreover, though interlinking of data such as Aadhar with PAN and other centralized databases have made tracking easier, however, manipulating the gaps within the integration still doesn’t require too advanced a skill set in our country.
Research indicates 90% of cyber-attacks in India emanate from human errors due to probably lack of awareness especially in the banking sector. While India’s aim towards becoming ‘Digital India’ seems appealing, the fragile cybersecurity laws pose a great threat in its materialization, with most of its population being unschooled. Further, the effectiveness of programs devised for ameliorating the situation, such as PMG Disha which is aimed at providing digital literacy training to digitally unskilled rural households, is yet to be analyzed.
Even a strong law is nothing if it cannot be enforced. Therefore, campaigns focused on cyber risks such as Webwise campaign in United Kingdom focused on providing home users basic knowledge of cyber risks, might be helpful if employed in India. Further, piecemeal actions like setting up dispute redressal mechanism for BHIM-UPI users or cyber complaints portal without any strong legislative backing might not prove to be effective in the long run. There is a dire need to enact an exhaustive legislation focused on cyber-crimes entailing what acts cybercrime encompasses, investigation agencies and mechanism for tracing and identifying the cybercriminals along with an effective grievance mechanisms. Further, since cybercrimes involve domain expertise, there is a need to absorb experts in the law enforcement authorities, as the government officials are hardly aware of their adjudicating powers under the IT Act. With the short term solutions in place, we are hopeful that an extensive cybercrime law awaits us, as they say that recognizing a problem is the first step towards solving it.