Centre for Internet & Society

India is a growing area in the field of active Internet usage with 71 million Internet users.

Introduction

India is a growing area in the field of active Internet usage with 71 million Internet users.[1] “Cyberspace is shorthand for the Web of consumer electronics; computers and communication networks that interconnect the World”. [2] The recent incidents of hacking into various popular websites of Yahoo, CNN, Sony, the CBI and the Indian Army raise the very pertinent issue of online data privacy. This blog will examine the growing instances of hacking websites and its impact on data privacy.

Cyber Crime

“Cybercrime is a criminal offence on the Web, a criminal offence regarding the Internet, a violation of law on the Internet, an illegality committed with regard to the Internet, breach of law on the Internet, computer crime, contravention through the Web, corruption regarding Internet, disrupting operations through malevolent programs on the Internet, electric crime, sale of contraband on the Internet, stalking victims on the Internet and theft of identity on the Internet.”[3]

The computer age gave rise to a new field of crime namely “cybercrime” or “computer crime”. During the 1960s and 1970s cybercrime involved physical damage to the consumer system. Gradually computers were attacked using more sophisticated modus operandi where individuals would hack into the operating system to gain access to consumer files. The 1970s - through to the present - saw cybercrimes taking different trajectories like impersonation, credit card frauds, identity theft, and virus attacks, etc.[4]

The IT Act 2000 was enacted by the government to punish such acts of cyber crime. The Act was amended in the year 2008[5]. 

Cybercrime — An Overview: India

The IT Act 2000 was enacted by the government in 2000 to punish acts of cyber crime. The Act was amended in the year 2008[5]. According to the National Crime Records Bureau, cyber crime is on the rise. The Bureau reported that 420 cases were reported under the IT Act in the year 2009 alone, which was a 45.8 per cent increase from the year 2008. [6] The NCRB data on cyber crime also provides a useful insight as to the growing awareness of the IT Act. The data clearly shows an increase in the number of cases reported from the years 2005 to 2009.[7]. Hacking and obscene [8] publication/transmission are the highest reported crimes with the highest rate of conviction under the IT Act 2008.

Cyber Attack: No One is Safe!!

In February 2000 the many ‘busy’ Internet websites were jammed shut by hackers causing a national upheaval in the USA with the then President Clinton calling in a high level meeting with experts from around the world. Websites like Yahoo.com were forced to shut down for three hours after they were ‘smurfed’ by hackers [9]. Many other websites like Amazon.com and CNN.com were also attacked by the same hackers. Hacking such popular websites within a span of few hours was unprecedented which left many, including the FBI, clueless. By far these are the most serious cyber attacks in the history of Internet. The attacks not only shut down important sites, but also highlighted a very disturbing growing trend. If such popular websites were shut down by unknown perpetrators then how in the world will these and similar sites be able to protect scores of personal data and credit card information of the customers they pledge to serve?  

More recently cyber vandals attacked the US Senate website on the 14 June 2011, causing a huge security scare [10]. This instance again brings us to the pertinent question of the safety of our personal data held by these websites. If the personal data of the US Senators can be breached by somebody, then certainly we as consumers should be very wary of the cyberspace and its ability to protect our data.

Closer Home

On June 8, a group claiming to be “anonymous” hacked into the government’s National Information Centre to protest against the anti-graft agitation [11]. The same group was accused of hacking into the Indian Army’s website although no report of data theft was claimed by the government.  Last year in December a Pakistani hacker group named Predators PK hacked into various websites including the website of the CBI.[12]

Cyber Crime: Its Implications to Privacy

Internet security has become an important issue. Recent cyber attacks on various important websites has placed many consumers at risk and vulnerable to cyber criminals. The hacking attack on the Sony website on April 16 and 17 led to the theft of 26.4 million SOE (Sony Online Enterprise) Accounts. The criminals even hacked into a 2007 database which held credit and debit card information of 23,400 customers.[13]

Attacks such as these demonstrate the vulnerability of websites, and the possibility of serious harm to a countries economy and security. Furthermore, consumers’ personal data can be used by hackers to extort and blackmail individuals. 

The Internet has become a huge stakeholder in facilitating trade and e-commerce, subsequently cyberspace has become a large network of communication and commerce. We carry out a number of tasks on the Internet — from e-shopping and e-ticketing to e-banking. Though the recent attacks on the CBI website, and the Indian Army website did catch some attention from the media, and the government did make some noise about it, the issue slowly faded away. The government cannot seem to protect its own websites which houses sensitive details of national security, but seems confident about putting personal data and biometrics of a billion plus population under the AADHAR scheme [14] onto a web server which can be hacked anytime by almost anybody with a personal computer in China or Pakistan.[15]

Privacy: No More?

Data generated in cyberspace are a fingerprint of an individual which is detailed, processed, and made permanent.[16] The cyberspace generates a blue print of our whole personality as we navigate through a health site, pay our bills, or shop for books at Amazon.com. The data collected by surfing through all these domains creates a fitting profile of who we are. [17] When hackers and cyber vandals steal this very information, it becomes a gross violation of our privacy. 

Conclusion

Privacy does not exist in cyber space. The various websites that offer varied services to its consumers fail to protect their personal data time and again. The Sony website including its play station and music website was hacked at least three times this year. Scores of personal data was stolen and the consumers were kept in dark regarding the breach for almost a week. Speaking as a consumer, if a large corporate company like Sony cannot protect its website from being hacked into, it is hard to imagine other websites protecting itself from attacks. 

The rise of the Internet has brought with it a new dimension of crime. The IT Act 2000 has brought some reprieve to the aggrieved according to the NCRB. Despite this, the IT Act clearly will not completely deter criminals from hacking into websites, as was demonstrated in the NCRB report. The cyber criminals of the February 2000 cyber attacks have yet to be apprehended and the attacks on various websites have been increasing every year. 

Despite progress being made on enacting cyber laws and implementing them, cyber crime is still not nipped in the bud. Governments can do precious little to stop it and only hope that a cyber criminal can be traced back and be punished. Hence, Internet users need to more careful of the sites they visit; know the privacy policy of these websites to protect their personal data as much as possible.

Notes

[1] According to an annual survey conducted by IMRB and Internet and Mobile Association of India for the year 2009 – 2010. 

[2] http://www.jstor.org/stable/pdfplus/1229286.pdf?acceptTC=true

[3] http://legal-dictionary.thefreedictionary.com/cybercrime

[4] http://www.mekabay.com/overviews/history.pdf

[5]http://www.cyberlaws.net/itamendments/index1.htm

[6] http://ncrb.nic.in/CII%202009/cii-2009/Chapter%2018.pdf

[7] http://ncrb.nic.in/CII%202009/cii-2009/Chapter%2018.pdf

[8] http://ncrb.nic.in/CII%202009/cii-2009/Chapter%2018.pdf

[9] http://www.pbs.org/newshour/extra/features/jan-june00/hackers_2-17.html

[10] http://in.reuters.com/article/2011/06/14/idINIndia-57677720110614

[11] http://www.thinkdigit.com/General/Anonymous-hacks-Indian-govt-website-to-support_6933.html

[12] http://www.deccanherald.com/content/117901/pakistan-hackers-wage-cyber-war.html

[13] http://mashable.com/2011/05/03/sony-another-hacker-attack/

[14] http://uidai.gov.in/

[15] http://www.securitywatchindia.org.in/selected_Article_Cyber_warfare.aspx

[16] http://www.jstor.org/stable/pdfplus/1229286.pdf?acceptTC=true

[17] http://www.jstor.org/stable/pdfplus/1229286.pdf?acceptTC=true

The views and opinions expressed on this page are those of their individual authors. Unless the opposite is explicitly stated, or unless the opposite may be reasonably inferred, CIS does not subscribe to these views and opinions which belong to their individual authors. CIS does not accept any responsibility, legal or otherwise, for the views and opinions of these individual authors. For an official statement from CIS on a particular issue, please contact us directly.