Establishing jurisdiction in the virtual world is the first challenge for law-enforcement agencies. Training is the second
As each country has its own law pertaining to privacy and internet services, jurisdiction is perhaps the biggest challenge law enforcement agencies face in dealing with cyber crimes. “If the services provided by a company based in the US are managed by another company based in Europe for beneficiaries sitting in India, then it becomes a challenge for law enforcement agencies to gather information from three different domains,” explains Rakshit Tandon, a cyber security expert and director of A&R Info Security Solutions, who is often consulted by police from Uttar Pradesh and Haryana.
Neeraj Aarora, a supreme court advocate specialising in cyber law, stresses the need for training. “The expertise has to be built in-house by the police department rather than calling an expert from outside.” However, Tandon says police personnel are quite well equipped with the necessary skills and that there lies a larger problem that counters the training received in solving cyber crime cases. “It often happens that a police personnel is trained in cyber crime handling skills but is later transferred to another unit where there is no requirement of the skills he has learnt, resulting in waste of human resource. A new officer who is brought into the cyber cell has to start afresh in learning the skills.”
Also Read: Why catching this Twitter terror ideologue was so difficult
Yet, trained police personnel many a time find themselves in a bind as they try to work in collaboration with foreign-based companies on a criminal case. In order to retrieve information about activities of an accused on a website owned by a foreign-based company, police send the company a letter of request asking relevant questions. The response time, however, is not always swift, sometimes also calling for the issuance of a letter rogatory in case of collection of evidence from a witness based abroad. “The response time often becomes a problem due to which either the investigating officer gets tired of working on the case or the information becomes redundant or outdated till the time it reaches the desk of the police. Data has a limited age,” says Tandon.
But can private companies monitor content poured on their websites 24x7 from millions of users? For Tandon, one cannot expect social media websites to monitor their activities all the time owing to huge traffic. “At the most, they can report any unwanted activities.” Aarora, however, is of the view that catching a criminal is still not that difficult as it may sound. “In cyberspace, every act leaves its trace. If one has the skills, it is easy to track the miscreant.”
Then there are exceptional cases, given that the new technologies are always emerging. Messaging over BlackBerry posed a one-of-its-kind challenge. In 2012, after repeated requests from the Indian government, BlackBerry maker Research-In-Motion (RIM) agreed to hand over the encryption key of its messenger and email services for security agencies in India as they suspected transfer of information from the mobile device by the accused in the 2008 Mumbai terror attacks. The agreement came after a near four year long stand-off.
Cyber crime cases now call for even greater cautious handling with the recent observation made by the supreme court. The apex court has said that electronic evidence submitted in court needs to be authenticated and should be in compliance with section 65B of the amended evidence Act.
This section requires the person in charge of duplication of electronic record to produce a certificate in court establishing the authenticity of the electronic evidence. Earlier, police used to produce a duplicate copy of the electronic evidence. The supreme court directions have now made it mandatory for law enforcement agencies to obtain a certificate of authenticity from foreign based companies, if required.