IDENTITY THEFT- IS IT A MODERN CRIME?

by Sonika Bisht

ABSTRACT

In this article, identity theft, its prevention measures and provisions made by the government will be discussed.  Along with this, types of identity theft will also be evaluated.

INTRODUCTION

As fast as we are moving towards the digital world, the number of identity theft is also increasing at the same rate.  With the speed with which technology has progressed, human dependence on the Internet has also increased at the same rate.  Sitting at one place, through the Internet, the access of man has become easy to every corner of the world.  In today’s time, everything that a person can think about can be accessed through the Internet, such as social networking, online shopping, storing data, gaming, online study, online jobs, etc.  In today’s time internet is used in almost every field.  The concept of[i] identity theft has also evolved with the development of the Internet and its associated benefits.

Presently a large population of India uses social networking sites.  There is a lack of information among people regarding the use of social networking sites in India.  Along with this, the servers of most social networking sites are abroad, which makes it difficult to get to the root of identity theft in India. Identity theft occurs when someone uses another person’s personally identifiable information, such as their name, identification number, or credit card number, without that person’s permission, or to defraud or commit other types of crime. The term identity theft first appeared in the UK and US in 1964 when some criminals there were committing a criminal act by pretending to be another person.  Identity theft is mainly used for financial gain or getting loans and many other benefits. But the person, whose identity has been stolen due to this, has to suffer financial, mental, and in many cases other types of loss as well.  Personal identification information typically includes people’s names, dates of birth, PAN numbers, driver license numbers, bank account, and credit card numbers, fingerprints, passwords, and some other information that is linked to a person’s financial resources.

[ii]TYPES OF IDENTITY THEFT

• Professional or business identity theft – Business or business identity theft entails using a business name for obtaining credit or billing the business’s customers for products and services.  Often, but not always, a social security number (SSN) of a company official is required to perform business identity theft. Federal ID or Employee Identification Number is readily available on public records, dumpsters or internally, thus facilitating this crime.  Perpetrators of business identity theft are often insiders or current or ex-employees with direct access to operational documentation, who keep the books on the side of their plan. Victims of business identity theft often don’t find out until the damage is significantly reduced or someone looks at the discrepancies in the books internally.  Businesses lose huge amounts of money due to the hidden nature of transactions.  Business identity theft can go on for years undetermined.

• New account fraud – As in financial identity theft, new account fraud generally means using other personal identification information to obtain products and services using that person’s good credit.  There can be several types of financial identity theft.  The opening of a new utility, new cell phone or new credit card account is the most prevalent form of new account fraud.  Because the thief is likely using a different postal address, the victim never sees the bill for the new account.  When this type of fraud involves a credit card, once the new plastic is issued, the criminal very quickly turns it into cash. What is often, but not always, required for most lines of credit and for new account fraud is the victim’s SSN, which has become the key to the state.  Once in the wrong hands, an SSN can have disastrous effects.  Victims of new account fraud usually learn that they are victims when they receive calls or letters from bill collectors, who eventually find the SSN holder.  Victims may be denied loans as a result of applying for a loan.

• Account takeover fraud – As in financial identity theft, account acquisition fraud typically uses another person’s account information (for example, credit card numbers) to obtain products and services using that person’s existing accounts.  .  It can also mean withdrawing money from a person’s bank account.  Account numbers are often found in the trash, hacked online, stolen from the mail, or taken from a purse or purse.  Once thieves obtain this data, they can use the information to access personal accounts online at the point of sale or over the phone or through the postal service.  The entity processing the social engineering data is almost always required at some stage: Lying to convert the data into cash, presenting the perpetrator as the victim. Victims are often the first to detect account takeover when they discover charges on monthly statements that they did not eliminate from authorized accounts or existing accounts.  Sometimes the victim will come to know that their bank account was tampered with as a result of multiple allegations from a bounced check.

• Criminal identity theft – Criminal identity theft occurs when someone who has been arrested for committing a crime presents himself as another person, by using the details and information of that person. The result is a criminal record in the name of the victim, who may not learn of the crime until it’s too late.

• Medical identity theft – It occurs when the criminal uses the information of someone else to get prescription drugs, see the doctor or claim the insurance benefit.

HOW DOES IDENTITY THEFT HAPPEN

Identity theft occurs when your personal information is learned or stolen and then used to pretend to be you. Identity theft begins with personal information—such as your name, Social Security organization, credit card security, bank account, or other financial account information.  Identity thieves use various methods to obtain information about individuals; some of them are as follows:

• Dumpster diving – This is a scavenging of junk, which may contain personal information on any type of bill or other paper.
• [iii]Skimming – When you are using your credit card, debit card, then the number of credit card, debit card, is stolen.
• Phishing – They send you spam or pop-up messages to get your personal information.
• Change Your Address – Change its address in the Address form of your Billing Statement.
• Old Fashioned Stealing – They misuse your pocket purse by stealing records like credit cards, bank statements, pre-approved loans, etc.
• Pretexting – Obtaining your personal information from you through telephone companies or other sources under false or false pretexts.

HOW TO PREVENT IDENTITY THEFT

[iv]It is important that we keep a few tips in mind when using any device or platform on the network.  The purpose is none other than to always preserve data and not to risk security and privacy while browsing.

• Encrypt devices and accounts – Something basic and fundamental is to properly encrypt our devices and accounts.  This means that we are going to create passwords that are strong and complex to protect our computers and the accounts we have.  That password must consist of letters (upper and lower case), numbers and other special symbols.  It must be unique and completely random. As an additional option it is interesting to enable two-step authentication whenever possible.  This way we will create an additional layer of security to prevent the entry of intruders who can steal our identity.
• Keep teams up to date – Of course the equipment must be correctly updated.  On many occasions vulnerabilities arise which are used by hackers to carry out their attacks.  It is important that we install the latest patches and updates and fix those security flaws.
• Use only official and trusted software – Another very important issue to consider is to use only official and trusted software.  It’s true that sometimes we may find programs that can offer additional features, but we’ll put our security and privacy at risk.  Ideal is only official software.
• Have safety equipment – Security programs can help us prevent malware from stealing our data.  Having a good antivirus is highly recommended.  Fortunately, we have wide possibilities in this regard.  It should be applied to the type of operating system we are using.

LEGAL PROVISION IN INDIA

Any kind of theft, even if it was not done for a noble cause, for example – if a friend told me that he stole a coat because he is homeless and poor and if he does not wear a coat, then he would have died in this severe cold at midnight, even in this condition he would be punished for theft.  Thus,[v] Chapter XVII (378-382) of the Indian Penal Code, 1860 deals with offenses against property. Identity theft involves both theft and fraud, therefore the provisions with regard to forgery as provided under the Indian Penal Code, 1860 (IPC) are often invoked along with the Information Technology Act, 2000. Some of the Sections of IPC such as forgery (Section 464), making false documents (Section 465), forgery for purpose of cheating (Section 468), reputation (Section 469), using as genuine a forged document (Section 471) and possession of a document known to be forged and intending to use it as genuine (Section 474) can be coupled with those in the IT Act.

The Information Technology Act, 2000 (IT Act) is the main act which deals with the legislation in India governing cybercrimes

CONCLUSION

As the number of frauds and cyber-related crimes is increasing, the government is coping up with defining rules and regulations to protect the interest of the people and helping them against any mishappening on the internet. Certain laws are made to protect ‘sensitive personal data through ‘data protection and privacy policy.

---

[i] IDENTITY THEFT, THE UNITED STATES OF DEPARTMENT OF JUSTICE, November 16, 2020, https://www.justice.gov/criminal-fraud/identity-theft/identity-theft-and-identity-fraud.

[ii] Dilpreet Singh, Identity Theft: A Modern Era Crime, SoOLEGAL, 17 March 2020, https://www.soolegal.com/roar/identity-theft-a-modern-era-crime-1.

[iii] Te Tari Taiwhenua | Department of Internal Affairs, https://www.dia.govt.nz/Identity—How-does-identity-theft-happen.

[iv] Help Prevent Identity Theft, KEN PAXTON, ATTORNEY GENERAL OF TEXAS, https://www.texasattorneygeneral.gov/consumer-protection/identity-theft/help-prevent-identity-theft.

[v] CHAPTER XVII (378-382) OF IPC –OFFENCES AGAINST PROPERTY, IN: INDIAN PENAL CODE, 1860, https://www.writinglaw.com/theft-378-382-indian-penal-code/#:~:text=Whoever%20commits%20theft%2C%20having%20made,the%20retaining%20of%20property%20taken.

[vi] Picture: managedsolution

Advertisement

DIGITAL SECURITY DURING COVID 19 AND THE STEPS TAKEN BY GOVERNMENTS TO COMBAT THE SAME

By Amrit Behera

Abstract

This article will mostly focus on how the importance of cybersecurity has increased after the COVID 19 pandemic. The paper will also discuss the major steps that can be taken to ensure a more secure online platform and it will also spread some light on the steps that are taken by the Indian government concerning cybersecurity. And at the end it the paper will also focus on how this pandemic has forced to take steps for the future.

Introduction

The pandemic has posed a huge dilemma for all businesses across the world the main problem faced by them is regarding how to keep operating even after the closures of facilities and some significant offices. Their long-reliant information technology – data centres, cloud systems, departmental servers, and the digital gadgets their now-remote employees utilised to keep connected to one another and to the company’s data – becomes even more critical. The demands placed on the internet infrastructure have increased dramatically in the last few months.

Cybercriminals see such technology as a far bigger and more valuable target. To avoid a second disaster, cybersecurity operations must be improved, focusing on the digital gadgets and networks that have become vastly more important to the businesses present in recent weeks. To put it another way, “business continuity” has become a must.

Impact of COVID-19 on cybersecurity:

As businesses adapt to a new operating paradigm in which working from home has become the “new normal,” the coronavirus pandemic has presented new obstacles. Businesses are speeding up their digital transformations, and cybersecurity has become a big worry. If cybersecurity concerns are ignored, the consequences for reputation, operations, legality, and compliance could be severe. This article looks at how COVID-19 affects cyber risk and what firms may do to mitigate it.[i]

Cyberattacks on video conferencing services:

The series of cyberattacks on video conferencing services is an example of criminals exploiting cybersecurity holes in remote working. Between February and May 2020, almost half a million people were affected by data breaches in which video conferencing service users’ personal information (such as names, passwords, and email addresses) was stolen and sold on the dark web. Some hackers used a tool called ‘OpenBullet’ to carry out this attack.

Credential stuffing tactics are also used by hackers to get access to employees’ credentials, and the stolen information is then sold to other cybersecurity criminals. One of the effects is that firms that rely significantly on videoconferencing platforms will be severely disrupted. Credential stuffing is a type of cyberattack in which hackers utilise stolen login and password combinations to gain access to other accounts. Because it is fairly usual for people to use the same username and password for many accounts, this is conceivable.[ii]

Unwanted and uninvited members have been observed gaining access to virtual meetings and obtaining personal or sensitive information, which is subsequently sold to a third party or made public to harm the company’s reputation.

Ways to reduce the chances of cyberattack:

Cyberattacks have escalated by an order of magnitude as a result of the growth in communications and the widespread shift to conduct business online. They’ve also created a slew of additional dangers. The perimeter security of organisations is at risk of being penetrated. For breaches at both physical and digital access points, they need continuous surveillance and real-time risk assessments.

Leaders in security and risk management must now protect their businesses on a vast scale, and rapidly. They must make sure that their companies’ online services and digital platforms are secure from cyberattacks.

The IT department is also under a lot of strain. IT workers in some companies must expand remote working capabilities to employees who have never worked from home before. This may include their service providers in some circumstances. Many IT departments are in the process of implementing new collaboration tools. While this is useful for keeping staff in sync (especially in agile teams), it also increases the danger of critical material being hacked because it is now stored in less secure remote locations.

However, it is impossible for IT departments to refuse this request. To conduct operations remotely, company leaders, managers, and their staffs require access to internal services and applications. Security leaders are hesitant to give access without stringent access methods since many firms have not previously made these applications and data available through the Internet or virtual private networks (VPN).[iii]

Few companies, understandably, were prepared for their employees to work remotely in large numbers. They’ve realised that secure remote-access capacity and protected access to company systems has become a significant bottleneck.

It’s tough to enforce enterprise security policies and controls on a remote workforce. The majority of controls have limited scalability and take a long time to set up. We know of several companies that have resorted to let employees to access enterprise applications using their own digital devices because there was no way to enforce security measures. Business continuity plans (BCP) and incident response plans (IRP) are insufficient or non-existent for most organisations when it comes to dealing with pandemics. Security officials have never imagined or practised a large-scale BCP operation.

Steps taken by the Government:

In the year 2020 the government of India introduced a National Cyber Security Strategy which was formulated by the National Cyber Security Coordinator’s office at the National Security Council Secretariat.

The main aim of the National Cyber Security Strategy 2020[iv] was to improve the cyber awareness and cybersecurity with the help of more strict audits. Empaneled cyber auditors will examine a company’s security features more thoroughly than is now required by law.

Table-top cyber crisis management exercises will be held on a regular basis to emphasise the idea that cyber-attacks can happen at any time. It does, however, ask for a cyber-readiness index and accompanying performance monitoring. It is advised that a distinct budget be set aside for cybersecurity, as well as coordinating the roles and duties of multiple agencies with the necessary domain knowledge.[v]

A New Era for Cybersecurity:

The changes we’ve outlined will have an impact on more than just the IT department. Talent managers will need to reassess their policies to allow for a better work-life balance if remote employees demonstrate that they can work more successfully from home. Meanwhile, personnel with important skills and remote-working requirements must be rapidly and effectively on boarded.

Large enterprises will also face new budgetary restraints. There will be new ways to use finances and invest in the correct offerings. Firms will be more conservative in their resource allocation.

Furthermore, businesses will have the ability to restructure their work processes. Prioritize new at-home work arrangements that were developed during the lockdown and have shown to be successful. Finally, as people, assets, and facilities begin to recover, governments all over the world will establish new policies and regulations based on what they learned during the epidemic.

Conclusion:

A new era of cyber security has begun as a result of the epidemic. IT security experts who step up their game and defend their organisations’ people, technology, and data against new or increased threats from more skilled cybercriminals will be critical actors in the economic recovery. And indeed it is a much needed step for the future.

---

[i] Daniel Lohrmann & Dan Lohrmann, 2020: The Year the COVID-19 Crisis Brought a Cyber Pandemic, Government Technology   (2020), https://www.govtech.com/blogs/lohrmann-on-cybersecurity/2020-the-year-the-covid-19-crisis-brought-a-cyber-pandemic.html (last visited Jul 16, 2021).

[ii] Impact of COVID-19 on Cybersecurity, https://www2.deloitte.com/ch/en/pages/risk/articles/impact-covid-cybersecurity.html (last visited Jul 16, 2021).

[iii] Deo Prashant, Raj Geetali & Santha Subramoni, How Covid-19 is Dramatically Changing Cybersecurity, Tata Consult. Serv. Ltd., https://www.tcs.com/perspectives/articles/how-covid-19-is-dramatically-changing-cybersecurity.

[iv] National Cyber Security Strategy 2020, , Drishti (2021), https://www.drishtiias.com/daily-updates/daily-news-analysis/national-cyber-security-strategy-2020 (last visited Jul 16, 2021).

[v] 3 ways governments can address cybersecurity right now | World Economic Forum, , World Economic Forum (2020), https://www.weforum.org/agenda/2020/06/3-ways-governments-can-address-cyber-threats-cyberattacks-cybersecurity-crime-post-pandemic-covid-19-world/ (last visited Jul 16, 2021).

[vi] Picture: IEEE inovation at work

ONLINE COURT: A MERE RECOURSE OR IDEALISTIC VISIONS

by Amrit Behera

Abstract

This article will mainly focus on the importance of online court and will list down the limitations that come with the online court. And at the end it will also suggest ways through which this problems can be solved. And it will conclude by focusing upon the future impact of the electronic courts in the society.

Introduction

Due to the COVID-19 pandemic, the Indian judiciary system got no other option other than to continue the court on an online platform. The Supreme Court of India had passed directions for all the courts across India to use the medium of video-conferencing for judicial proceedings. Under Article 142, the Supreme Court used its plenary power to order all high courts over the country to create a systematic procedure which will further help them to use the available technology during the pandemic. The practice of online court has been taking place from 25^th March 2020 with the sole motive of maintaining social distance.

The Concept of Virtual Courts

The main objective of virtual courts is to eliminate the presence of litigants or lawyers in the court of law as this will help to maintain social distancing and will also help in adjudicating the cases through an online platform. The virtual courts can also be known as e-courts or electronic court. The concept of electronic courts can be explained as a place where legal issues are decided in the presence of qualified judges and with the help of a well-developed technological infrastructure. The electronic courts are totally different from the computerized courts that have been replaced way before from 1990s. In order for proper functioning of electronic courts online environment and an Information and Communication Technology (ICT) enabled infrastructure is required.[i]

1.  The goal of electronic courts is to make judicial processes more user-friendly.
2. This would be advantageous in terms of enhancing court processes as well as providing citizen-centric services.
3. Litigants can use e-Filing to file their complaint and pay their court fees and fines online.
4. Litigants can check the status of their case online using different variety of service delivery mechanisms.

Advantages of using electronic courts

The growth in the electronic courts will result in easy accessibility for all the sections of the society to justice at the assigned courts. The electronic court system will provide a much more private and personalised experience in comparison to the actual courts as the electronic court do not involve any public- speech based system. If the necessary logistics are provided, the spread of electronic courts will speed up the process of litigation. With the use of electronic courts, India’s judicial system can overcome the hurdles and make the service delivery mechanism transparent and cost-effective. The judicial system will also be benefited from electronic courts, which will allow for more flexible retrieval of recorded information. Judges will be able to see past case hearings or retrieve other crucial papers with the press of a button.[ii]

Issues

In today’s world the existence of virtual courts might seem necessary but the technology that we have today is not sufficient enough to tackle the shortcomings that take place during the execution.[iii] The following will list down some of the issues that are been faced while using the electronic courts:

1. The general public faces a lot of complications while going through the process of e-filling.
2. The development of the electronic courts is an expensive procedure as setting up of this will require a much developed and new age technology.
3. In most of the rural areas of India, challenges can arise due to the lack of infrastructure and lack of electricity and internet connectivity. It must also be made sure that both electricity with that of a proper internet with computers must reach out to ever section of the society in order to ensure justice.
4. The staff will face a lot of difficulty in maintaining records of electronic courts. The assigned staff lacks the necessary equipment and training to adequately handle document or record evidence and make it accessible to the litigant, the council, and the court.
5. The biggest problem that the courts might face is of hacking and cyber security. The government has taken attempts to address the problem and developed the Cyber Security Strategy, but it is mostly focused on following prescribed rules. It remains to be seen how this will be implemented in real life.
6. Other problems might arise such as the litigant becoming under confident in following the processes approved by the Supreme Court due to the lack of juxtaposition.

Suggestions

The first and foremost step to be taken by the government is to plan up a proper procedure that would encourage in setting up of the electronic courts. The second important step to be taken is to upgrade the present state of infrastructure and technology. The government must identify and create the necessary infrastructure to enable the electronic court project. The government must create a secure online ecosystem where there must be no chances of data breach. This will prove a secure platform where the electronic courts can take place. There is a need to develop a user friendly ecosystem is this this attract more people to use the electronic courts unlike the present ecosystem. To manage all of the e-data, the government must devote significant resources to human training. These include keeping accurate records of e-file minute entries, notification, service, summons, warrants, bail orders, order copies, and e-filing, among other things, for future reference.[iv] Conducting training workshops for judges to familiarise them with the electronic courts structure and procedure can help electronic courts run more smoothly. Increasing awareness of electronic courts through speeches and seminars can help to bring the benefits and convenience that e-courts can provide to light.

As the technology is developing every day, so achieving the above mentioned is a piece of cake. It might take time but the day is not far that we will be having an efficient and effective electronic court system.

Conclusion

Even after the Courts resume normal operations and the lockdown is lifted, it is advisable to keep the option of e-filing and electronic courts accessible as it will strengthen the system. This will assist the assigned staff, the Bar, and the Bench in becoming accustomed to the method, as well as assisting us in identifying and correcting its weaknesses.

While video conferencing has its own advantages, it also necessitates a significant amount of training, discipline, and basic infrastructure, all of which can only be achieved if all parties work together to reach this milestone in the country’s judicial administration system.

---

[i] The Big Picture – Virtual Courts and Way forward, (2020), https://www.drishtiias.com/loksabha-rajyasabha-discussions/the-big-picture-virtual-courts-and-way-forward (last visited Jul 6, 2021).

[ii] E-Courts: Supreme Court’s digitalisation vision will ease access to justice – The Financial Express, (2021), https://www.financialexpress.com/opinion/e-courts-supreme-courts-digitalisation-vision-will-ease-access-to-justice/2258945/ (last visited Jul 6, 2021).

[iii] The Supreme Court is online: Pros, cons and the way forward for hearings by video conferencing, (2020), https://www.barandbench.com/columns/the-supreme-court-is-online (last visited Jul 6, 2021).

[iv] The Big Picture – Virtual Courts and Way forward, supra note 1.

[v] Picture Credit: BloombergQuint

ANALYSIS OF THE INFORMATION TECHNOLOGY (INTERMEDIARY GUIDELINES & DIGITAL MEDIA ETHICS CODE) RULES, 2021

by Garima Mehta,

Abstract

The following article deals with the Analysis of the Information Technology (Intermediary Guidelines & Digital Media Ethics Code) Rules, 2021. After years of discussions and debates, the Ministry of Electronics and Information Technology, Government of India has notified new rules under the Information Technology Act, 2000 (“IT Act”) for monitoring social media digital media platforms. The new rules, viz. Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“Intermediary Guidelines”) inter alia aims to serve a dual-purpose: (1) increasing the accountability of the social media platforms (such as Facebook, Instagram, Twitter etc.) to prevent their misuse and abuse; and (2) empowering the users of social media by establishing a three-tier redressal mechanism for efficient grievance resolution. The Intermediary Guidelines have been framed in exercise of powers under section 87(2) of the IT Act and supersede the previous Information Technology (Intermediary Guidelines) Rules, 2011.

Digital Media[i]

Digital media refers to technology or content that’s consumed or encrypted through a machine-readable platform. While the term “digital” encompasses anything with numeral digits, the term “media” refers to a method of transmitting information. Therefore, digital media can be defined as information shared through a digital device or screen. Essentially, it’s any form of media that relies on an electronic device for its creation, distribution, view, and storage.

Who Uses Digital Media?

• Video game designers: Video game designers use digital media to create games through computer software. They develop stories and plots, characters, and design scene layouts.

• Animators: Animators use digital media to bring their drawings and illustrations to life. They can work on movies, video games, television shows, and commercials. Though they use their hands to draw, animators transfer their drawings to a computer program to give it the ability to move. An animator’s job involves the development of storyboards, animation editing, and creating visual effects to enhance their animations.

• Filmmakers: Filmmakers create, edit, and use digital video for entertainment and educational purposes. Their work is delivered through various formats and can be found in movie theaters or online viewing platforms.

• Video editors: Similar to filmmakers, video editors capture and piece together video footage for TV shows, films, sporting events, music videos, and other videos. They use video editing software to enhance the quality of the video before it is disseminated to an audience.

• Videographers: Videographers use digital media to capture video for various clients. While some film weddings or documentaries, others create promotional video content for a larger corporation.

• Broadcasters: Broadcasters refer to digital journalists that use cameras to relay news and information to the public. They may also use their knowledge of coding, programming, graphics, and multimedia design to assist in their daily digital media responsibilities.

• Social media managers: Social media managers use social media to advertise, promote, and market content to a target audience. They monitor a company’s social media channels, reply to comments from social media users, develop various social media strategies, and implement these strategies to increase brand awareness and gain greater online viewership.

• Web developers: Web developers use digital media to create web pages and websites for their clients. These online platforms disseminate various media including blog posts, videos, and images.

• Graphic designers: Graphic designers use digital media to create logos, images, or other visual concepts for various clients. They collaborate with their clients and use their feedback to create a design that fits their brand. As with animators, though a graphic designer’s sketch is often done by hand, they transfer it to a design software to refine their creation.

• Sound editors: Sound editors use digital media to select and gather sound recordings. They do this in preparation for sound mixing or mastering.

Information Technology (Intermediary Guidelines & Digital Media Ethics Code) Rules, 2021[ii]

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 were notified on February 25, 2021.  The Rules have been notified under the Information Technology Act, 2000.  The Act provides for the regulation of electronic transactions and cybercrime.  The 2021 Rules replace the Information Technology (Intermediaries Guidelines) Rules, 2011.

Due diligence by intermediaries

• Intermediaries are entities that store or transmit data on behalf of other persons.  Intermediaries include internet or telecom service providers, online marketplaces, and social media platforms.

•  The due diligence to be observed by intermediaries includes:
• informing users about rules and regulations, privacy policy, and terms and conditions for usage of its services,
• blocking access to unlawful information within 36 hours upon an order from the Court, or the government.
• retaining information collected for the registration of a user for 180 days after cancellation or withdrawal of registration.  Intermediaries are required to report cybersecurity incidents and share related information with the Indian Computer Emergency Response Team.

Significant social media intermediaries

A social media intermediary with registered users in India above a threshold (to be notified) will be classified as Significant Social Media Intermediaries. 

Additional due diligence to be observed by these intermediaries include:

• appointing a chief compliance officer to ensure compliance with the IT Act and the Rules.
• appointing a grievance officer residing in India, and (iii) publishing a monthly compliance report.

Intermediaries which provide messaging as a primary service must enable the identification of the first originator of the information on its platform.  This originator must be disclosed if required by an order from the Court or the government.  Such order will be passed for specified purposes including investigation of offences related to sovereignty and security of the state, public order, or sexual violence.  No such order will be passed if less intrusive means are effective in identifying the originator of the information.  The intermediary will not be required to disclose the contents of any communication.  If the first originator is located outside India, the first originator of that information within India will be deemed to be the first originator.

Key Features of the Intermediary Guidelines[iii]

Any intermediary including a social media intermediary needs to observe the prescribed due diligence measures in the course of discharging its duties. These due diligence measures inter alia include:

• prominently publishing on the website, mobile based application or both, the rules and regulations, privacy policy and user agreement for access or usage of its computer resource by any person.

• the rules and regulations, privacy policy and the user agreement should inform the user of its computer resource not to host, display, upload, modify, publish, transmit, store, update or share any information that inter alia.

• belongs to another person and to which the user does not have a right.

• is defamatory, obscene, pornographic, pedophilic, invasive of another’s privacy, including bodily privacy, insulting or harassing on the basis of gender, libelous, racially or ethnically objectionable, relating or encouraging money laundering or gambling or otherwise inconsistent with or contrary to the laws in forceis harmful to the child; infringes any patent, trademark, copyright or other proprietary rights.

• deceives or misleads the addressee about the origin of the message or knowingly and intentionally communicates any information which is patently false or misleading in nature but may reasonably be perceived as a fact.

• threatens the unity, integrity, defense, security or sovereignty of India, friendly relations with foreign States, or public order, or causes incitement to the commission of any cognizable offence or prevents investigation of any offence or in insulting another nation.

• an intermediary, upon receiving actual knowledge in the form of a court order or upon being notified by the appropriate government or agency under the IT Act, shall not host, store or publish any unlawful information which is prohibited under any law for the time being in force in relation to the interest of the sovereignty and integrity of India, security of the state, friendly relations with foreign states, public order, decency or morality, in relation to contempt of court, defamation, incitement to an offence relating to the above or any information which is prohibited under any law for the time being in force.

• where an intermediary collects information from a user for registration on the computer resource, it shall retain the information for a period of 180 days after any cancellation or withdrawal of the registration, as the case may be.

• the intermediary shall, immediately but not later than 72 hours of the receipt of an order, provide information under its control or possession, or assistance to the Government agency which is lawfully authorized for investigative or protective or cyber security activities, for the purposes of verification of identity, or for the prevention, detection, investigation or prosecution, of offences under any law for the time being in force, or for cyber security incidents.

• the intermediary shall report cyber security incidents and share related information with the Indian Computer Emergency Response Team in accordance with the policies and procedures as prescribed under the Information Technology (The Indian Computer

• Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013.

A social media intermediary (i.e., an intermediary that primarily or solely enables online interaction between two or more users) is required to comply with certain additional due diligence measure, which inter alia include:

• appointing a chief compliance officer who will be responsible for ensuring compliance with the provisions of the IT Act and rules framed thereunder and will also be liable in any proceedings relating to any relevant third-party information, data or communication link made available or hosted by the intermediary where the officer fails to ensure that such intermediary observes due diligence while discharging its duties under the IT Act and rules framed thereunder.

• appointment of a nodal contact person for 24×7 coordination with law enforcement agencies and officers to ensure compliance with their orders or requisitions.

• publishing a compliance report every month mentioning the details of complaints received and action taken thereon, and the number of specific communication links or parts of information that the intermediary has removed or disabled access to in pursuance of any proactive monitoring conducted by using automated tools or any other relevant information, as may be specified.

A significant social media intermediary (i.e., an intermediary having registered users in India above such threshold as notified by the Central Government) will inter alia endeavor to deploy technology-based measures, including automated tools or other mechanisms to proactively identify information that depicts any act or simulation in any form depicting rape, child sexual abuse or conduct, whether explicit or implicit, or any information which has been disabled on the computer resource of such intermediary.

A significant social media intermediary is required to have a physical contact address in India published on its website, mobile based application or both, for the purposes of receiving the communications addressed to it.

A social media intermediary is required to enable the user who register for the services from India, or use the services in India, to voluntarily verify their accounts by using any appropriate mechanism, including the active Indian mobile number of such users and where any user voluntarily verifies the account, such user shall be provided with a demonstrable and visible mark of verification, which shall be visible to all users of the service.

A publisher of new and current affairs contents is required to adhere with the provision of the Code of Ethics, annexed with the Intermediary Guidelines. For the purposes of ensuring observance and adherence with the prescribed Code of Ethics by publishers and for addressing the grievances against the publishers, a three-tier grievance redressal structure has been prescribed, as below:

• Level I is the self-regulating mechanism which inter alia appoints a grievance officer who shall be responsible for the redressal of grievances received by him.

• Level II is the self-regulating body, i.e., there shall be one or more independent self-regulating bodies of publishers, which bodies shall inter alia be responsible to oversee and ensure the alignment and adherence with the Code of Ethics, address grievances which have not been resolved by the publishers within the fifteen days’ specified period etc.

• Level III is the oversight mechanism, i.e., the Ministry of Electronics and Information Technology shall coordinate and facilitate the adherence with the prescribed Code of Ethics by publishers and self-regulating bodies, develop and oversight mechanism for performing the prescribed functions which inter alia include publishing a charter for self-regulating bodies including Code of Practices for such bodies, establishing an Inter-Departmental Committee for hearing grievances, issuing appropriate guidance and advisories to publishers etc.

Code of Ethics for Digital Media Publishers

The Rules prescribe the code of ethics to be observed by publishers of digital media including: (i) news and current affairs content providers, and (ii) online curated content providers (also known as OTT platforms). 

For news and current affairs, the following existing codes will apply:

• norms of journalistic conduct formulated by the Press Council of India.
• programme code under the Cable Television Networks Regulation Act, 1995.

For OTT platforms, the requirements include: (i) classifying content in age-appropriate categories as specified, (ii) implementing an age verification mechanism for access to adult content, and access control measures such as parental controls, and (iii) improving accessibility of content for disabled persons.

Grievance redressal

The Rules require the intermediaries and digital media publishers to provide for a grievance redressal mechanism.  The intermediaries are required to designate a grievance officer to address complaints against violation of the Rules.  Complaints must be acknowledged within 24 hours and disposed of within 15 days.

In case of digital media publishers (news and OTT), a three-tier grievance redressal mechanism will be in place for dealing with complaints regarding content:

• self-regulation by the publishers.
• self-regulation by the self-regulating bodies of the publishers.
• oversight mechanism by the central government. The publisher will appoint a grievance redressal officer based in India and address complaints within 15 days.  As part of the oversight mechanism, the Ministry of Information and Broadcasting (MIB) will establish an Inter-Departmental Committee to hear grievances not addressed by self-regulatory bodies and also oversee adherence to the code of ethics.

Blocking of content in case of emergency

In case of emergencies, the authorised officers may examine digital media content and the Secretary, MIB may pass an interim direction for blocking of such content.  The final order for blocking content will be passed only after the approval by the Inter-Departmental Committee. In case of non-approval from the Committee, the content must be unblocked

Conclusion

The Government of India has observed the models prevailing in different countries such as Singapore, Australia, European Union and the United Kingdom when contemplating the extent and nature of the proposed framework for regulating social media and digital media platforms in India.

The development of the Intermediary Guidelines is essentially an attempt to develop a quintessential soft-touch, self-regulatory architecture combined with a three-tier grievance redressal mechanism for digital media platforms operating in India.

However, compliance with the provisions of the Intermediary Guidelines is likely to be a difficult task for the social media and digital media platforms and is also being argued as an attempt to restrict the freedom of speech and expression. A tightrope balance would be needed to address the issues of protection and safeguarding of rights of victims of social media versus the individual freedom of expression.

ENDNOTES

---

[i]https://thecdm.ca/program/digital-media

[ii]https://www.medianama.com/wp-content/uploads/2021/02/Intermediary-Guidelines-2021.pdf

[iii]https://sflc.in/analysis-information-technology-intermediary-guidelines-and-digital-media-ethics-code-rules-2021

[iv] picture credit: stepsoftware

Implications of Introduction of Bitcoin in the Economy

by Malvika Shanker

Meta-description

The adoption of new technology in every segment of life has widened the scope of innovation and has opened the path for evolution and expansion in the legal and economic arena. The extensive work has led to pathbreaking revelations that have the potential to metamorphosize the socio-economic face of the world.

Internet was one such technology and now, we’re on the verge of embracing another application of the revolutionary technology that has sprouted from the same root, which is the commonly known as Internet 3.0. The Blockchain Technology’s most recent and popular application has been in the form of Cryptocurrencies, the most famous of them being the Bitcoins Cash (BTC).

This article will provide an insight on the working of the Cryptocurrency Bitcoin which is based on the Blockchain Technology and the foundational effect it will have on the present economic landscape with respect to the existing legal infrastructure.

IMPLICATIONS OF INTRODUCTION OF BITCOIN IN THE ECONOMY

Context

 Almost a decade ago, when India was still in a phase of transition from Internet 1.0 to Internet 2.0, when people were still mesmerized and simultaneously decoding the ‘magic’ of Internet, the global techno-world stumbled upon a prospective technology that could essentially revolutionize the economy and the world.

Internet 1.0 (Static Internet) was on its verge of obsoletion and Internet 2.0’s (Participative Social Web) development was at its peak when in October 2008 Satoshi Nakamoto’s White-paper on bitcoin ‘A peer-to-peer electronic cash system’ revealed another staggering potential of Internet 3.0 which was also known as the Distributed Ledger Technology or the Blockchain Technology. Internet 3.0 has many features which have the potential to change the perspective in which humans perceive the world. Use and evolution of Artificial Intelligence (AI), Virtual Reality (VR), Internet of Things (IoT) and Blockchain Technology together will ensure an unsurpassable growth, such as will mold the future of the world in terms of Technology.

Bitcoin turned out to the most famous and draconian application of the Blockchain Technology which was already in use then. One of the greatest merits of Bitcoin is that solved the Byzantine General’s Problem that had clouded the Technological development for a long time. Its precursors ‘B-money’ and ‘HashCash’ had already laid down the foundation but had failed in setting up an effective system that was efficient enough to be actually implemented.

Introduction

Money is considered to be the oldest technology invented by our civilization and Bitcoin is considered to be the sixth greatest innovation in the same line after barter, things, value, paper and plastic. Money is not just a means for a functioning economy, it is the way of human communication of value, which stands at the threshold of being not just digitized but being transformed in such a manner that the working of economies can change forever.

Bitcoin is an algorithmic system of money that is not controlled by any entity or a centralized authority. It can be defined as the system which is the ‘Internet of Money’ which is programmable and hence has exponential scope of innovation where no personhood is required.

It oversteps the current banking systems that strike a balance between conservative fiduciary duty, control over the economy and innovation, ultimately declaring paper-money and even plastic money anachronistic. It is also the largest cryptographic disposition almost impenetrable public security key infrastructure.

The world is trying to formulate appropriate laws that will pave the way for adopting this technology on a larger scale.

Legal and Economic Implications

Some of the very foundational implications that will follow the extensive use of Bitcoin in the functioning of the contemporary society (especially in India):

1. Separation of State and Money: The existing structure of economy will crumble if the Bitcoin system of currency is made the main type of currency in use. Moreover, the separation of State from Money will reduce the scope of administrative powers in the hands of the government on account of restricted funds and such characteristics of the Bitcoins that this currency cannot be seized, frozen, censored, intercepted or stopped. To add on, the anonymity feature and irreversibility of the transactions limits the State further in the perusal of its functions. The additional hurdles arising by this would be:

            a) Collection and use of funds for Public purposes (Infrastructure, Investment)

            b) Implementation of Administrative policies

            c) Public services’ management

2. Decentralized system: Bitcoin work through a de-centralized network wherein the governance or control is not in the hands of any one authority. This renders the government and the system of law futile and ineffective by leaving no scope for the State to exercise any sort of control. Moreover, the anonymity feature will add further constraints in the regular discharge of functions as they are done in the current system. There will be no ay in which there will be a governance with regard to the transactions and the de-centralization feature gives as much power to every individual as to a bank in the current system which will pose the threat of illicit transactions and flow of money that is unaccounted for.

3. Deflatory nature: The algorithmic nature of this system is such that once a block is created it cannot be altered. Furthermore, new Bitcoins are created every 10 minutes. The block reward started at 50 bitcoins per block, and halves every 210,000 blocks. Over a span of a few years, the number of Bitcoins available would become stagnant and the value will depreciate and thereby it will not be conducive to depend on it for the sustainability of an economy entirely. The unstable valuation of this currency type will further make the economies vulnerable.

4. Insufficient legal infrastructure: The legal system is incapable at the moment to deal with the conflicts and impropriety that might arise out of the regular business dealings through Bitcoins. Also, the major concern in this regard is that the anonymity of the persons is secured in this system eventually making it almost impossible to use the system as a deterrent in any manner. The efficiency of the Bitcoin system is also a bane in itself as it might become a tool to carry out illegitimate transactions and to induce the unlawfully acquired money into the system.

5. Creation of new cryptocurrencies: In this system of technology, there’s a possibility of creating any number of cryptocurrencies. For instance, apart from Bitcoins, some of the other famous cryptocurrencies are Ethereum (ETH), Ethereum Classic (ETC), Monero (XMR), Litecoin (LTC) etc. This further complicates the functioning and establishment of rules for accepting cryptocurrencies as one of the main means of economic exchange.

6. The unknown: There is no way that a coin has only one side and the same goes for every developing technology. With the use of Internet came the Dark Web and the fear of the unknown lingers when we have an upcoming developing technology in question. We don’t yet know how far this technology can be exploited and what may be the possible improper uses of it in the future.

Conclusion

Given the current economic and social position of India, it is very difficult to adapt to the system of cryptocurrency. In a country where education, literacy and digitization is still at inadequate levels, it wouldn’t be a very fair idea to adapt this tech at a very large scale.