IDENTITY THEFT & INDIAN LAWS

Aug 27, 2020
CYBER LAW INTELLECTUAL PROPERTY LAW IPR INSIDER INCYBER LAW INTELLECTUAL PROPERTY LAW IPR INSIDER IN

By Shambhavi Mishra

Introduction:

Human interactions have grown dramatically with the exponential development and evolution of technologies. A multitude of offences or unethical activities still occur, including all the good ones and are considered cybercrimes. “Identity Theft” is one such cybercrime. It typically happens while a person illicitly obtains personal and confidential information from other persons and uses it to achieve a pecuniary benefit. This is also referred as Data theft in which confidential data like number on credit card, bank details are either hacked to obtain money or commit heinous crimes. Data are held indefinitely held on multiple internet platforms. Since there are many people that are using internet, the statutes regarding cybercrime and identity theft are still questionable, leading to very few convictions.

Identity?

An Individual’s essence is its Identity. It is also the peculiar features which distinguish one from another. In the computing world, what defines an identity is a particular distinct character of number and digits. Any two entities in technology will hold the same identity. It’s like a signature with each one making their own. Legally, identification is an individual’s formal recognition of government papers and records such as Voter ID Aadhar Card, Ration Card etc.  

The Information Technology (Amendment) Act, 2008[1] comprised of the definition of “electronic signatures” and the identification gamut authentication. Such details are very important and vital and so safeguarding is the each individual’s prime objective. In an “identity theft” case, the perpetrator sometimes commits the offense to obtain money under someone else’s name or with other    details.


Identity Theft:

It is a category of cybercrime that involves stealing the identification and details of an person in order to perform a crime or access services on behalf of the victim. Typically, however the person obtains the details electronically through dishonest means.

Before this modern era where one lives in today, identity theft was prevalent occurrence by everyday criminals. Such techniques are very old school but are still frequently practiced. Nevertheless, with the development of internet, the inherent dependency of the person upon the same.

Examples like hacking, phishing, lottery winning scams, clickbait (clicking on an advertisements) identity frauds when criminals identity themselves as bank or customer services clerks or credit card agents or fake ids being popular for email and numerous social media sites. It’s become such a standard procedure there is no requirement for physical authentication to establish an email id or address. Therefore, it expands the reach of cybercrimes. Creation of false online record is illegal and punishable under Indian Penal Code, 1860[2].

Prominent way is perpetuated by the procurement of individual’s confidential knowledge. As mentioned above the collection of individual’s details can be achieved in a variety of ways this is normally done in a dishonest and deceitful manner.

Provisions regarding Identity Theft:

Identity theft is not viewed in India as a stand-alone offence, and there is no single law dealing with it in depth. In addition The Information Technology (Amendment) Act, 2008 and The Indian Penal Code, 1860 deal with it.

Identity Theft & The Information Technology (Amendment) Act, 2008:

The IT Act, 2000 is India’s premier cybercrime statue. Therefore, while its aim was to identify e-commerce predominantly in India, it did not specify cybercrime.

Under Section 43 of the Act prior to the amendment in 2008, any person who has accessed or abetted someone else’s computer without permission can be found responsible of a civilian kind. Therefore, a cumulative reward of one crore will be given for unlawfully accessing a computer server.

As per section 66 of the Act, cybercrime can only fall into action where the device production has been changed, removed or reduced. The principle of identity theft had no solution and there was no effect if any person used the computer for any criminal reasons without owner’s knowledge. The definition and phrase “identity theft” was introduced around the amendment of the act time in 2008. Now, according to Section 66, a criminal liability has indeed been imposed in respect of the act when people have accessed the computer of someone else without authorization or the same.

After the amendment of the act it also defines the punishment under Section 66 B, C and D for “identity theft”, “computer trespassing” and punishment for cheating on computer using impersonation. In fact for the protection of ‘sensitive personal data’ strict regulation have been established and are retained by financial intermediaries and service providers. Due to the acceptance of privacy as a human right, data security often comes under its scope. In view of this, the Central Government has brought forward in the parliament “Data Protection Bill, 2020”.

Furthermore, under Section 69, data can be used by the Central Government or the state government for surveillance and oversight purposes. Therefore, the above mentioned rules can be applied as to how this offense is committed.

Gaps in the IT Act, 2008:

Though the Act aids to ensure the security of personal and private data from abuse, it is also not as robust as one would expect. The statue also includes some pitfalls and certain requirements that need to cover that ambit of identity fraud and may need urgent reforms. Under the newly added provision Section 66C which protects an individual’s “unique identity feature” in digital space has not been specified in the act.

The Act does not provide the sense to what should be an identifiable attribute which is the main core to “identity theft”. While the “Information Technology Rules, 2011” included a description of “sensitive personal information,” It should be covered by intermediaries. Each of these words that sound the same, but they are somewhat distinct from each other and the same meaning cannot be given. It is then up to the courts to decide what exactly, it is, through the laws of Interpretation.

Another negative aspect of the Act is the loss of authority from outside the country. In comparison to the IPC, which allowed for an “Extra Territorial Jurisdiction”[3]. But IT Act exist only in territory of India and the act may only be applicable if an identity theft has been committed by a computer device In India.

It makes it very difficult for the authorities to arrest by sitting in some country the criminals who are unlawfully using records. However, the compensation[4] paid for under the act is considered as inadequate.  The Upper can on an individual’s compensation is Rupees 1 crore and Rupees 5 crore for a company or a public body. Even this is not enough.

Identity Theft is a bailable and a compoundable offence under IT Act. It means that a person can secure a bail from police and parties can still find a settlement. It is not a harsh sentence at all. Also under Section 66C, there is a simple three year jail term, which is also made compoundable under Section 77A. This reflects the mindset of the law framers that such an ineffective deterrent would have little punitive impact on the criminals and will be a scot-free in addition. In India the conviction rate is very poor. That further accelerates cybercrime growth at such a fast pace.

Identity Theft & the Indian Penal Code, 1860:

While it is so fragile, it was not included in the robbery rules under Section 378 of the Act. With the above mentioned amendments in The IT Act, where it has been included in the IPC which requires electronics records to be used as documents. Therefore Tampering with online documents is often illegal in the form of forgery and theft offences. Furthermore, the code also makes any person liable to trap and trick victims who have forged a website to disclose their sensitive information.

Conclusion:

With the spike in the amounts of frauds and cyber-related violence, the governments us coming up with fine-tuned laws to protect people’s rights and defend against any internet mishappenning. Furthermore, stricter regulations have been developed in the hands of intermediaries and service providers (body Corporations) for the protection of “private Personal Data” while guaranting data security and privacy.


[1]  S.66C of The Information Technology (Amendment) Act, 2008.

[2] S.464 and 465 of The Indian Penal Code, 1860.

[3] S. 04 The Indian Penal Code, 1860.

[4] Compensation scheme u/s 43 of The Information Technology (Amendment) Act, 2008.

Related Post