HOW TO REPORT “IDENTITY THEFT” IN INDIA (With Case Laws)

-Vidhanshi Bhardwaj

What are CYBER-CRIMES?

Cybercrime, especially through the Internet, has grown in importance as the computer has become central to commerce, entertainment, and government.

Cybercrime, also called computer crime, is the use of a computer as an instrument in furtherance to reach illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. 

Most cybercrime is an attack on information about individuals, corporations, or governments. Although the attacks do not take place on a physical body, they do take place on the personal or corporate virtual body, which is the set of informational attributes that define people and institutions on the Internet. 

In other words, in the digital age, our virtual identities are essential elements of everyday life: we are a bundle of numbers and identifiers in multiple computer databases owned by governments and corporations. Cybercrime highlights the centrality of networked computers in our lives, as well as the fragility of such seemingly solid facts as individual identity.

What is IDENTITY?

An Individual’s essence is the Identity that distinguishes him from another. In the cyber world, what defines an identity is a particular distinct character of numbers and digits. Any two entities in technology will hold the same identity. It’s like a signature with each one making their own. 

However, Legally, identification is an individual’s formal recognition of government papers and records such as Voter ID, Aadhar Card, Ration Card, etc.  

The Information Technology (Amendment) Act, 2008, comprises of the definition of “electronic signatures” and the identification gamut authentication. Such details are very important and vital and hence safeguarding is each individual’s prime objective. In an “identity theft” case, the perpetrator sometimes commits the offense to obtain money under someone else’s name or with other details.

What is ID THEFT or IDENTITY THEFT?

“ID Theft” or ‘identity theft’ mainly refers to the crimes that take place wherein a person wrongfully obtains and uses another person’s data which may include the theft of name, date of birth, unique identification number, bank account number, credit/debit card number, phone number, and so forth, in some way that involves any fraudulent activity or deception on behalf of the original user.

This can be done, technically, for economic gain to obtain any kind of goods and services. Criminals may also use such data to fraudulently obtain fake identification cards, bank accounts, birth certificates, and important documents, even fingerprints can be used as a weapon of identity theft. 

A lot of personal data via any fake biometric device can cause a breach of personal data. If a person’s fingerprints fall into the wrong hands, it might allow the criminals to make profits in the former’s name which has been used. Incidentally, most victims hardly realize that such a breach of personal data has even been done, and by the time the realization arrives, it might even be too late to recover from such an incident.

There are various techniques through which data theft could be committed and personal information could be procured through electronic devices like hacking, phishing, lottery winning scams, clickbait (clicking on an advertisement) identity frauds when criminals identity themselves as bank or customer services clerks, or credit card agents or fake ids being popular for email and numerous social media sites. 

It has become such a standard procedure there is no requirement for physical authentication to establish an email id or address. Therefore, it expands the reach of cybercrimes. The prominent way is perpetuated by the procurement of individual confidential knowledge. As mentioned above the collection of individual details can be achieved in a variety of ways this is normally done in a dishonest and deceitful manner. The creation of false online records is illegal and punishable under the Indian Penal Code, 1860.

The IT Act, of 2000 is India’s premier cybercrime statute. Therefore, while its aim was to identify e-commerce predominantly in India, it did not specify cybercrime.

Under Section 43 of the Act prior to the amendment in 2008, any person who has accessed or abetted someone else’s computer without permission can be found responsible of a civilian kind, therefore, a cumulative reward of one crore will be given for unlawfully accessing a computer server. As per section 66 of the Act, cybercrime can only fall into action where the device production has been changed, removed, or reduced however, the principle of identity theft had no solution and there was no effect if any person used the computer for any criminal reasons without owner’s knowledge. 

The definition and phrase “identity theft” was introduced around the amendment of the act time in 2008. Now, according to Section 66, a criminal liability has indeed been imposed in respect of the act when people have accessed the computer of someone else without authorization or the same.

Section 66C defines the “Punishment for identity theft” as:

“Whoever, fraudulently or dishonestly makes use of the electronic signature, password or any other unique identification feature of any other person shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.”

The amendment of the act also defines the punishment under Sections 66 B, C, and D for “identity theft”, “computer trespassing” and punishment for cheating on a computer using impersonation. In fact, for the protection of ‘sensitive personal data’ strict regulations have been established and are retained by financial intermediaries and service providers. Due to the acceptance of privacy as a human right, data security often comes under its scope. In view of this, the Central Government has brought forward in the parliament “Data Protection Bill, 2020”.

Case Laws:

1. Binod Sitaram Agarwal vs The State of Maharashtra (on 21 December 2018)

It was stated that Seepz, Sez was a Central Project that had its office at Central Road, M.I.D.C, Andheri. The undertaking used to provide financial assistance to Special Economic Zones in Maharashtra, Dadra Nagar Haveli, Daman and Diu, and Goa. 

The Deputy Development Commissioner was provided email-id viz. “ddcseepz-mah@nic.in” which was used for discharging day-to-day affairs of the undertaking. The said email-id was used by Deputy Commissioner himself or any other person authorized by him. 

It was alleged that; the Deputy Development Commissioner Shri Mahesh Yadav had informed Development Commissioner that the aforesaid email-id was being misused by some              

“3 906.3027.18 ba.doc” unknown person and hence directions were issued by the Development Commissioner to make appropriate inquiry in that regard. It was brought to the notice of NIC stating that the aforesaid email id is being misused by unknown persons and the activity was found to be suspicious. The report was submitted to Seepz with a view to submitting the complaint to the concerned police station and hence, the complaint was forwarded to M.I.D.C. Police Station. It was further alleged that the applicant had hacked and unauthorizedly assessed the e-mail address of the Deputy Development Commissioner. No one was allowed unauthorizedly to open the email- id. 

However, the bail application of the applicant was allowed as follows-

1. Criminal Bail Application No. 3027 of 2018 is allowed. 
2. The applicant is directed to be released on bail in crime no. 93 of 2018 registered with M.I.D.C. Police Station on furnishing P. R. bond in the sum of Rs. 50,000/- with one or more sureties in the like amount.
3. The applicant shall report to M.I.D.C. Police Station, Andheri once a month on the first Saturday between 11.00 am to 01.00 p.m. till further orders.
4. The applicant shall not tamper with the evidence and shall attend the Trial Court on the date of hearing of the case regularly unless exempted by the Court. 
5. The applicant is permitted to furnish cash security in the sum of Rs. 50,000/- for a period of 6 weeks.
6. The observations made in this order are prima facie and the trial Court shall deal with the case in accordance with the law.

2. K. Sudhakar vs N. Balaji (on 21 November, 2017)

The petitioner viz., K. Sudhakar was the Father-in-law of the respondent Viz., N. Balaji where the respondent filed a private complaint stating that he had a savings account in HDFC Bank, Thillai Nagar Branch, Tiruchirapalli. His father-in-law had obtained his accounts statement from the said bank without his consent and hence, the petitioner had committed offenses punishable under Section 66-B and 66-C of Information Technology Act, 2000 r/w Sections 406 and 416 of IPC. 

Based on the said complaint, the learned Judicial Magistrate II, Tiruvallur the case on file in C.C.No.108 of 2018 under Sections 66-B and 66-C of the Information Technology Act, 2000 r/w under Sections 406 and 417 of IPC and issued summons to the petitioner. After receipt of the summons, the petitioner filed the present petition to quash the proceedings against him in C.C.No.108 of 2018 on the file of Judicial Magistrate No.2, Tiruvallur.

The respondent then submitted that the petitioner herein with a criminal intention misrepresented before the bank authorities and obtained the respondent’s personal bank account statement and the illegal act of the petitioner is punishable under Sections 66-B and 66-C of the Information Technology Act, 2000 r/w 406 and 416 of IPC and accordingly, the respondent filed a private complaint.

However, the court was of the view that even assuming that the petitioner had obtained the respondent’s accounts statement from the bank, the said act did not attract any of the provisions of Sections 66-B and 66-C of Information Technology Act, 2002 r/w Sections 406 and 417 of IPC. Hence, the proceedings against the petitioner on the file of the Judicial Magistrate No.2 Tiruvallur were quashed.

Protection from Identity Theft:

To protect oneself from the increasing rate of identity theft cases, the following measures must be taken:

1. Compulsory use of a strong password or secret security PIN;
2. Mandatory change of password regularly;
3. Keeping a distance from shady or suspicious websites and links;
4. Never providing someone else with any personal information;
5. Protection of documents and important data;
6. Having an authorized security firewall to protect from being hacked into electronic devices;
7. Limiting the exposure of credit cards and other personal information cards.

If someone has been a victim of identity theft, it is important to contact the local police station immediately, followed by a complaint at the residing area’s Cyber Cell Police Station and the concerned institution, for example, if X’s bank details have been compromised and there is an unwanted transaction taken place without consent, X should contact the Bank authorities where he is an authorized account holder.

Conclusion:

Identity theft has been a huge invasion of privacy for a person, affecting the victim, both mentally and socially. However, the impact of identity theft is not limited to the individual; it equally poses a threat to organizations and companies as well.

From the legal point of view, Indian laws have considerable lacunas when it comes to the protection of identity theft, or, an individual or organization’s data, leaving huge scope for improvement of laws as well as policies and regulations concerning identity theft. 

The lack of specific laws acts as a host of manipulative offenses which have rapidly grown in the recent past, as compared to the last two decades to ensure adequate implementation of the existing laws, and to equally monitor the situation, a proper system with an efficient hierarchy of jurisdiction is necessary.

Following are the recommendations that can be implemented in India to make the laws regarding identity theft more effective:

1. Making amendments to the present laws for imposing stricter punishment for aggravated forms of identity theft. 

The laws can be made victim friendly such that he/she is able to recover from the loss caused and provide as much restitution as possible. India can look into the laws in the U.S. which have incorporated the above ideas in the form of two legislations. Therefore, the victim must be given support, both for the immediate loss caused by Identity theft and for the aftermath of such a crime.

2. In India, various police departments have their own cyber-crime units where police officers are not well trained and find it difficult to deal with cybercrimes.

Due to their lack of expertise in this area, either the cyber crimes remain unreported or are prone to the improper investigation. This issue has been brought to the hon’ble Supreme Court’s notice in several PILs. Special agencies independent of the police (like the National Hi-Tech Crime Unit in the U.K.), or a different training academy must be established in India which can help the local police department to investigate the cybercrime.

3. Cybercrime which happens on a large scale is generally transnational in nature. 

Various countries should co-operate using multilateral treaties in order to have basic uniformity in terms of sharing cybercrime information. One such example is the Indo-American alert, watch and warn network which deals with cases falling in Indo-American jurisdiction.

4. In order to prevent or minimize the threat of identity theft, the biological aspect of identity verification (biometric) like a fingerprint, voiceprint, iris scan, hand geometry, etc. should be used. 

Where ever there is an online financial transaction or email account login. Such unique information can be collected and stored at the time of registration or signing up with the websites.

5. Lastly, the government needs to create awareness amongst consumers with respect to ways of protecting personal information and safe internet practices. 

Further, they need to be educated about their rights and the redressal mechanism available to them in case of identity theft. To minimize the harm and early detection of identity theft, individuals should keep a track of their credit reports.

Legal Thirst has created a telegram group for exchanging legal knowledge, Events, and various opportunities.
You can click on this link and join:

Follow Legal Thirst on Instagram and Subscribe to our YouTube channel for more amazing legal content.