The home ministry has directed the states to set up state cyber crime coordination cells and district cyber crime cells, cyber forensics and mobile forensics labs, as a part of an eight-point set of guidelines created to address cyber crimes, reports The Indian Express. The letter, which we couldn’t find a copy of, identifies “defacement of government websites, online stalking/harassment and data theft” as crimes, as per the report, and includes recommendations like “deep monitoring of web” and setting up of “social media monitoring with due emphasis on vernacular content”, “maintaining data of suspects” that could be shared with other law enforcement agencies through a “secured internal network”. States have also been asked to access data and facilitate online filing of complaints through Crime and Criminal Tracking Network and Systems (CCTNS).
The state cyber crime coordination cells and district cyber crime cells will report to the district SP but have access to the State Cyber Crime Controller for guidance, as per the report.
Note that several states have one or more cyber crime investigation cells operating under respective Criminal Investigation Departments (CID). Several organizations have compiled lists for public information (CSR, Naavi, Secure India, etc). The CBI too has a Cyber Crimes Investigation Cell.
The National Critical Information Infrastructure Protection Centre (NCIIPC), created under Sec 70A of the Information Technology Act (2000) is responsible for protecting “those computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety”. NCIIPC recognizes the following critical sectors: Power & Energy, Banking, Financial Services & Insurance, Telecom, Transport, Government and Strategic & Public Enterprises.
The basis of these recommendations
The suggestions are said to be based on the recommendations made by the expert committee headed by former Lok Sabha Secretary General T K Viswanathan in September last year. That report recommended the following Amendments to the Code of Criminal Procedure 1973:
It has been noted that law enforcement agencies face several challenges during investigation and prosecution of harmful online conduct due to the dearth of technically trained police personnel, lack of access to expert advice, procedural hurdles in conducting cross jurisdictional investigations, absence of comprehensive data on the crimes reported and the lack of a quick and streamlined procedure for takedown of malicious online content.
In an attempt to address some of these issues, the Committee proposes the insertion of two new provisions namely, sections 25B and 25C in the Code of Criminal Procedure 1973 thereby creating the post of a State Cyber Crime Coordinator and establishing a District Cyber Crime Cell, respectively. The details pertaining to the State Cyber Crime Coordinator vis-à-vis his qualifications, appointment and functions along with the role, composition and conditions of service of the members of the District Cyber Crime Cell respectively, have been mentioned in these sections. The goal of these provisions is to create a cadre of trained cyber experts, both from within the police force and experts in the fields of information technology, digital forensics, cyber law, etc. to ensure the effective investigation and management of cyber offences.
State Cyber Crime Coordinators
“25B (1) The State Government shall appoint an officer not below, or equivalent to, the rank of an Inspector General of Police, who shall be the Cyber Crime Coordinator of the State.
(2) The functions of the State Cyber Criine Coordinator shall be to:
- oversee the functioning of the District Cyber Crime Cells in the State;
- recommend to the State Government the procedures and best practices to be adopted by the police officers under Section 78 of the Information Technology Act, 2000 and the District Cyber Crime Cells while investigating any offence under the Information Technology Act 2000 or involving computer and electronic media under the Indian Penal Code, 1860 or any other law;
- oversee the training of police officers and experts in the District Cyber Crime Cells in the State;
- coordinate with the State Cyber Crime Coordinators of other States in case of offences under this Act that fall under the jurisdiction of two or more States; and
- carry out such other functions as may be specified by the State Government.”
District Cyber Crime Cells
“25C (1) The State Government shall establish a District Cyber Crime Cell in every district to assist in the investigation of offences –
- under the Information Technology Act, 2000; and
- involving computer and electronic media under the Indian Penal Code, 1860 or any other law.
(2) The District Cyber Crime Cell shall consist of
an officer not below, or equivalent to, the rank of Deputy Superintendent of Police, who shall be
- the head of the District Cyber Crime Cell;
- such number of Sub-Inspectors as the State Government may deem fit; and
- at least three experts in information technology, mobile telephony, digital forensics, cyber law or such other experts with such qualifications to be appointed by the State Government in accordance with the rules made under subsection (4).
(3) The head of the District Cyber Crime Cell shall report to the State Cyber Crime Coordinator of the State through his supervisory officers.
- (4) The State Government shall prescribe by rules –
- the manner of appointment and the terms and conditions of service or empanelment of the members of the District Cyber Crime Cells under sub section (2);
- qualifications of experts under clause (c) of sub section (2).”
Other areas of the report also recommend amendments to the Indian Penal Code based on the recommendations of the Law Commission of India 267th Report on Hate Speech, notably with the addition of sections153 C “Prohibiting Incitement to Hatred” and 505 A “Causing Fear, Alarm or Provocation of Violence in Certain Cases”.
Key government surveillance projects
The government has projects like NATGRID, which is expected to connect some 21 databases together, for information gathering, and in phase 2, is expected to cover over 900 databases. Aadhaar is meant to provide deduplication for these databases. There’s the centralised monitoring system (CMS) which is used for surveillance of mobile connections, tracking calls, messages, Internet usage and location data. NETRA was planned as a tool for broad surveillance of the internet for identifying words related to crimes in the reams of information available publicly as social media updates as well as private voice communications like Skype.