Cyber Security – CERTs, Policy, etc

[op-ed snap] Data deprivation makes cybercrime difficult to tackle


From UPSC perspective, the following things are important :

Prelims level : Not Much

Mains level : Curbing cyber crimes with data localization


Cyber hygiene: Need of hour

  • In recent times, there have been many instances of the hard-earned money of Indians being taken out of bank accounts and charges loaded onto credit cards through online frauds.
  • As a nation making a huge transition to a cashless economy, public faith in the digital system needs to be consistently reinforced.
  • All the players involved, including banks, telecom companies, financial service providers etc. and the government, need to play a responsible role in ensuring innocent citizens do not undergo the trauma of suffering losses.
  • The customer also has a responsibility to maintain basic cyber hygiene, which includes following practices and taking precautions to keep one’s sensitive information organized, safe and secure.

The new startups

  • Another emerging casualty of such cybercrimes is the emerging “startup” ecosystem.
  • We are beginning to see multiple cases where customers of genuine startups, unicorns and Indian businesses have been subjected to online fraud.
  • These customers initially presume that it is the customer care departments of the companies that have conned them, as we see in many of the cases that get filed.
  • This is a dangerous trend. Not only does it shake people’s faith in digital systems, the scepticism vis-a-vis online transactions also hurts the potential of emerging companies.

Modus operandi of cyber crimes

  • Let us look at the modus operandi of some of the recent internet-based financial frauds affecting companies in the digital and e-commerce space.
  • Fraudsters usually start by creating various websites or accounts on social-media platforms that host some content to make them look deceptively similar to the authentic companies’ websites or social media interfaces.
  • Such websites and social media accounts list fake customer care numbers for the relevant brands.
  • When a customer tries to search for a company name by using a search engine, the customer care numbers or email IDs that pop up as results are often these fraudulent ones.

Most cases go unreported

  • Also, some victims of fraud are too ashamed to admit that they have been conned, and often do not even tell their families.
  • Yet, if the losses are large, the results can be devastating for fraud victims.
  • While many cases aren’t even reported, in cases that are, the investigations make little or no progress due to lack of access to data.

What can be done?

Enforcement agencies needs to gear up

  • Even the income tax department has not been spared, with people getting messages from a fraudulent source that masks itself as an income tax authority and sends a message asking them to claim tax refunds by sharing a link.
  • It is difficult to estimate the scale of the problem, as law enforcement agencies in different states are not fully equipped to understand and act upon complaints of such frauds.

Data localization

  • Since most search engines and social media platforms have no “permanent establishment” in India, law enforcement agencies have hit a wall on data access for the purpose of solving cybercrimes.
  • This has often raised calls for complete data localization, which could have been avoided had a collaborative mechanism for data access, based on agreed criteria, been put in place.
  • The Srikrishna Commission recommended that data be stored in the country either directly or through mirror servers to serve law enforcement needs.
  • The US Electronic Communications Privacy Act bars US-based service providers from disclosing electronic communications to law enforcement agencies of any country unless US legal requirements are met.
  • The bilateral mechanism of the India-US Mutual Legal Assistance Treaty is a bit outdated and does not seem to work.

Way forward

  • While privacy and data protection are necessary, and data localization may pose its own business challenges, India needs to work out a way to crack cyber frauds and crimes.
  • For this, the country urgently needs a legally-backed framework for a collaborative trigger mechanism that would bind all parties and enable law enforcers to act quickly and safeguard Indian citizens and businesses from a fast-growing menace.
Notify of
Inline Feedbacks
View all comments