Eleven convictions in last nine years – across the country. This figure for cybercrime conviction in India cries for the need for a legal mechanism to fight cybercrime.

“Committing a cybercrime is very easy, it is more difficult to investigate and much more difficult to prove it,” said Loknath Behera, IGP Bureau of Police Research and Development, at the International Conference on Cyberlaw and Cybercrime, 2014, organized in Delhi last week. Hosted at India International Centre, this event saw experts from the industry and the government coming together to discuss the impending danger of cybercrime attacks.

Despite India’s poor performance, Behera pointed out, it was not lagging that behind compared to countries like the US, where the conviction rate of physical federal crimes were 82 percent but fell down as low as two percent when the crimes committed were cyber.

In India, cybercrime is grappling with a number of issues: a weak legal system, the fight over jurisdiction, no uniform law followed by all, and others.  
Taking the centre stage, J Satyanarayana, secretary, department of electronics and information technology (DeitY), Government of India, pointed out that the decade-long leap has also meant a leap in the sophistication of the cybercrimes. “We are dealing with an altogether different medium with a different degree of agility. When we bought out the IT Act, we thought we had done the best. But the concepts that we are talking about today, were not even heard then. It is a different medium and it is evolving as we talk. We cannot apply the physical world norms to the cyber world. What is needed is a combination of approaches and not a typical legislation.”

The lack of national boundaries in the cyber world has created a problem for those investigating the crime. Navneet R Wasan, additional director general, National Investigation Agency, explained that the scenario has lead to a tricky situation in the diplomatic realms. “The use of multiple proxies, multiple servers has lead to a layer of complexity in the international legal framework.  Unless there is no one convention in place to get real time information, we will not be able to prevent cyber attacks. India has been involved with the United States of America and United Kingdom in the mutual exchange of information in real time, but it is still an issue.” Wasan went on to add that in most countries, domestic laws concerning cybercrime were coming into place, but that too was happening at a slow pace.

India’s refusal to be a part of the Budapest Convention for Cybercrime – the first international treaty that deals with internet and cybercrime by bringing together national laws and increasing cooperation between countries – is an added obstruction in its fight over jurisdiction.

Defending India’s stand, Dr Gulshan Rai, director general, CERT-In, said that the convention will mean that any European country can come and penetrate Indian data, which the authorities are trying to avoid, Referring to the jurisdiction battle over social media, Dr Rai said, “For social media, your (international) laws do not apply to us.  We have to go through the legal framework which is very slow.”

It was pointed out that out of the 13 servers for internet, nine are based from the US, making the extraction of information that much more difficult. Further, as of now, India has an extradition policy with only 30 odd countries, making the conviction difficult for the investigators.

Cybercrime can no longer be treated like a typical crime. It has gone global and what India needs is a law that penetrates those areas.