Wednesday, October 30, 2019

Advocate Mahendra Limaye’s assessment of NCRB 2017 about Cyber Crimes


You can hide the hen but can’t stop the Sunrise, is old saying and it can be seen in 2017 report of NCRB about Cyber Crimes.

Government maintains that cyber crimes are quite satisfactorily contained by existing law enforcement officers with available legal framework and judicial set-up. It has been only handful of people who make more clamours about growing pace of cyber crimes but actually situation is in control. Rate of cyber crimes is only 1.7 per lac of the total Indian population meaning that in a country of 12885 lac's population total cyber crimes registered in 2017 are meager 21796, as per recently published National Crimes Record Bureau report.
But the fact is that in 2017, total cyber crimes registered in India are 21,796 as compared to 12317 registered in 2016 shows surge of @75%. So it’s difference of perception about the way you look towards cyber crimes statistics. If you go by growth in terms of percentage its 75% growth as compared to previous year but report puts it at 1.7 per lac of the population and finds no significance in growth of crime.
A country where almost 70% population enjoys benefits of digitization (?) the argument that 1.7 per lac of the population is affected by cyber crimes genuinely holds no meaning.
Karnataka and Jharkhand witnessed @200% growth followed by Chattisgarh, Telangana, Uttarakhand which witnessed @ 100% growth; Uttar Pradesh witnessed 80% growth followed by Maharashtra which witnessed 50% growth. Out of 29 states and 7 Union territories Arunachal Pradesh, Goa, Nagaland and Tripura witnessed negative growth in cyber crimes.
As regards to share of states in total number of cyber crimes registered in entire India, UP witnessed maximum crimes i.e. 4971(22.1%) followed by 3604(16.5%) in Maharashtra, 3174 in Karnataka (14.6%), 1304(6%) in Rajasthan , 1204(5.5%) in Telangana and 1120(5.1%) in Assam. These six states collectively witnessed 15377 crimes i.e. almost 70% of the total crimes registered in India and suggests that there needs more focus on these states if we want to contain/curtail cyber crimes.

The cyber crimes registered under various sections of Information Technology Act are as below;
A-S 65 Tampering Computer source code – 233, B-S 66 Computer related offenses (a-e) – 10108, C-S 66f Cyber Terrorism-13 ,D-S 67 Publishing obscene info in electronic form -948, E-S 67A Continuity of Act – 401, F-S 67B- Child pornography – 46, G-S 67 c – Related to intermediaries – 11, H-S 67 Other sections  – 362
The cyber crimes registered/covered under IPC are as below;
I-IPC SECTIONS BUT UNDER CYBER CRIMES (Total 7976),J-354 D Cyber Stalking 542, K-379-381Data Theft – 307, L-420 r/w 465,468-471 Fraud – 3466, M-Credit card fraud- 395, N- ATM Fraud-1543,O- Online BANKING Fraud-804 and P- OTP Fraud-334
This break up is really strange and surprising. Sections of IPC are applied in about 8000 cases i.e. about in 30% cases registered by police in India. This shows that either police are not sure about the applicability of I T Act or are not properly trained to apply provisions of I T Act which is special act passed by parliament to deal with cyber crimes. There are various judgements of the court wherein courts have held that if provisions of I T Act are not maintainable then provisions of IPC can’t be applied in the crime owing to principle of dual jeopardy. This applicability of IPC sections also establishes that police are not comfortable with I T Act even after 19 years of its enactment.  
 The motive as per NCRB for crimes is analyzed as below
For personal revenge total 628 crimes were committed and Assam tops with 246 followed by Kerala 62 and Maharashtra 47. Fraud was motive in 12213 crimes wherein UP Tops with 3450 followed by Karnataka 2764 and Maharashtra 2171. Extortion was the motive in 906 crimes in which UP Again tops with 419 followed by Telangana 95 and Assam and AP with 65 each. Causing disrepute to someone was the motive in 1002 crimes and again UP tops with 366 followed by Maharashtra 135 and Karnataka 94. Motive of Sexual extortion was witnessed in 1460 crimes and Maharashtra topping with 462 followed by Assam 217 and UP with 117. Terrorist activities through cyber space was witnessed in 110 cases and Assam 44 followed by Rajasthan 20 and TN 13 were top three states. Hate against country was registered in 206 cases where Maharashtra tops with 57 followed by UP 51 and Karnataka with 21. Software Piracy was registered in 90 cases in which Odisha contributes almost 50% with 43 cases. Motive in category others was reported in 3756 cases in which Rajasthan has 819 cases followed by Maharashtra 619 cases , Haryana 382 cases, West Bengal 379 cases, Assam 322 cases and Telangana 304 cases.
The details state that Fraud is the most prominent motive in cyber crimes as in 12213 cases it was observed. Terrorist activities was the motive in 110 cases and Hate against country was motive in 206 cases but surprisingly cases registered under section 66F relating to cyber terrorism are only 13 indicating that something is missing in understanding the basics of cyber crimes and motives behind them.
Many times these crimes are committed by faceless criminals who are totally unknown to victims and located at different territorial locations even outside INDIA also and in the present policing system which is handicapped by jurisdictional issues in its investigation it is practically impossible to nab these criminals and hence we find very poor and pathetic report of police disposal in cyber crimes which is elaborated below.
Police disposal report
As per report 8877 cases were pending for investigation in previous year (2016) and 13635 new cases were added to investigations in the year 2017. Out of these cases 5457 cases were in the category Cases true but insufficient evidence or untraced or No clue. Total 730 cases were reported in category cases ended as Mistakes of Fact or of law or Civil dispute.
Total 3169 charge sheets were filed by the police in 2017. Total 9750 cases were disposed off by the police out of 22513 cases and most surprisingly in @ 6500 cases or 70% cases  which were disposed, investigation was never carried out meaning police investigated only 3250 cases successfully in the entire year 2017. At end of 2017 pending cases for investigation are 12750 with 32.5% charge sheeting rate and 56% pendency rate.
Judicial set-up for cyber crimes trials is also in equally pitiable condition.5712 cases were pending in courts under head Cyber crimes at start of 2017 and 3169 cases were added in 2017 making total 8881 cases before Courts in India. Out of which 44 cases were disposed off without actual trial. In 84 cases of previous year conviction was pronounced along with 31 cases of 2017. With 19 discharges and 323 acquittals conviction rate in cases of cyber crimes is merely 25%. Pendency rate is 94% and this situation is very alarming.
NCRB also published reports about 19 Metropolitan cities in India, where population is more than 2 Million. The interesting facts are as below.
Bengaluru with 2743 crimes tops the list followed by 1362 in Mumbai and 685 in Jaipur. Nagpur witnessed only 82 crimes as compared to 97 in 2016 and 102 in 2015 meaning actually there is decline in cyber crimes in Nagpur and ranks at 12’Th position.
Nagpur tops in pendency of cyber crimes are concerned with 91.9% followed by Patna with 87.7% and Delhi with 85.5%.
The overall pendency rate of 64.1% in all 19 major metropolitan cities suggest that our police machinery is inadequately trained and equipped to carry out cyber crime investigation. The crimes which are committed with use of technology can certainly be more effectively investigated by use of same technology but there seems to be lack of investigative skills on behalf of police personnel which needs to be sharpened.
Advocate Mahendra Limaye’s additional take----Whether to believe on the current report is million dollar question because it is observed that cyber crime is happening on every passing second but not reported to police or report is not taken by the police if victim goes to police station.
If our own assessment of cyber crime helpline is to be believed then we receive almost 60-70 calls per day and about 20-30 complaints through our FB page. Receiving about 100 complaints per day by an ordinary cyber crime helpline managed by CYBER AWARENESS ORGANISATION, without any SEO or promotion for past few years shows that more than 21796 CYBER CRIMES are committed in India. If premier agencies wish to undermine the supremacy of Cyber criminals and unwilling to accept the reality in cyberspace then it is misfortune of the citizen who are compelled to carry our most of the activities through online medium.



Monday, July 29, 2019

FTC PENALISES FACEBOOK AND INDIA IS SILENT


MAHENDRA LIMAYE ASSOCIATES’S TAKE ON FACEBOOK FTC JUDGEMENT
It is one of the biggest penalties inflicted in History of USA or anywhere in world on Social Media Company. Surprisingly it was neither debated nor discussed in India as if India has nothing to do with it. Most of the digital intellectuals as well as legal luminaries didn’t utter a word either praising or criticizing the FTC judgement, which is a compromise settlement. Neither the more vocal supporters of Digital India made any comments on the same favouring their blue eyed boy Marc. When most of the Indian population is trapped in CATCH 22 situation created by Digital Revolution in India and Whatsapp trying to enter Indian payment market, this FTC judgement needs to be carefully scrutinised and must be understood by one and all, irrespective of whether you are concerned or not !!!!! And specially when meeting of Whatsapp Global Head Will Cathcart meeting Mr Ravi Shankar Prasad making headlines in India.
This silence is the strange and startling and hence more dangerous!!!

Nothing in human history has reached 2.4 billion people, roughly one out of every three living humans, with the regularity and influence of Facebook. The only company close to that influence is Google, which controls YouTube and its nearly 2 billion regular users. Both of these companies have developed advertising platforms that deliver carefully targeted messages more effectively and efficiently than anything else in the world. On this backdrop recent compromise judgement of FTC becomes more relevant.
When USA Federal Trade Commission has found the much beloved Marc Zuckerberg’s Facebook guilty on various counts including “Misrepresenting the Extent to Which Users Could Control the Privacy of Their Data and the Extent to Which Facebook Made User Data Accessible to Third Parties” and “ Failure  to Implement and Maintain a Reasonable Privacy Program”, the country having maximum number of users on Mark Zuckerberg’s FB/WA/Insta taken together, none is concerned. Rather it is extending red carpet welcome to Whatsapp global CEO Will Cathcart.

DOES IT INDIVIDUALLY AFFECT ME?
WHY SHOULD I BE CONCERNED AND CARING ABOUT SOCIETY?

This is why we prefer to remain silent on many issues happening in the society and that’s where we are being exploited by these anti-social elements.FTC decision’s likely impact on Indian netizens is far reaching and if we don’t debate it now, future generation will never excuse us!!!!!

The parties have reached a settlement of the Complaint’s allegations and the Order requires Facebook to pay a $5 billion civil penalty and imposes significant injunctive relief, primarily in the form of an amended administrative order that will be entered by the FTC” is the order in brief which needs more debate.

This judgement of FTC was by 3-2 margin and if we just go through excerpts of dissenting statement of federal trade commissioner REBECCA KELLY SLAUGHTER, it will be easier for us to understand and we may be compelled to introspect.

1)       “During the years of Facebook’s continuous alleged lawlessness, its gross annual revenue increased from $5 billion to over $55 billion. Facebook’s collection and use of personal data have grown in unprecedented, unchecked, and often unseen ways.”

2)       My principal objections are: (1) the negotiated civil penalty is insufficient under the applicable statutory factors we are charged with weighing for order violators: injury to the public, ability to pay, eliminating the benefits derived from the violation, and vindicating the authority of the FTC. (2) While the order includes some encouraging injunctive relief, I am sceptical that its terms will have a meaningful disciplining effect on how Facebook treats data and privacy. Specifically, I cannot view the order as adequately deterrent without both meaningful limitations on how Facebook collects uses, and shares data and public transparency regarding Facebook’s data use and order compliance. (3) Finally, my deepest concern with this order is that its release of Facebook and its officers from legal liability is far too broad. Rather than accepting this settlement, I believe we should have initiated litigation against Facebook and its CEO Mark Zuckerberg. The Commission would better serve the public interest and be more likely to effectively change Facebook by fighting for the right outcome in a public court of law. For these reasons, I respectfully dissent.
3)      I will not recite the facts before the Commission, other than to note that there was extremely compelling evidence of a series of significant, substantial order violations and law violations. In addition to the evidence the Commission reviewed against Facebook, I believe there was sufficient evidence to name Mr. Zuckerberg in a lawsuit.
4)      I believe litigation was the best course of action in this matter. Litigation would have provided public transparency and accountability for the company, its leaders, and the Commission. It would send a message to the market and the public that the Commission is willing to go to the mat to ensure compliance with its orders. Under the jurisdiction and mandate of a federal court, the Commission would have been able to seek, and if necessary move to compel, discovery of important documents and testimony to inform a court’s assessment of liability. A finding of liability at the end of litigation would deter the company from further violations of the law even without substantial monetary or injunctive relief. If a hard-fought litigation against Facebook produced a result that fell short of public expectations, the public would have every incentive to demand that Congress take steps to address deficiencies in the law.
5)      Five billion dollars represents an astronomical penalty compared to prior Commission settlements or to the financial position of most individuals and firms. In the context of Facebook’s financial position and scope of violations, it is a substantially less significant sum. From the time of the original 2012 Facebook order to 2018, Facebook’s gross annual revenue increased more than 1000% from $5 billion to over $55 billion. Its 2019 revenues indicate continued growth, posting first-quarter earnings of over $15 billion. Put another way, as of this year, Facebook brings in around $5 billion on a monthly basis.
6)       In this case, the injury to the public, the defendant’s ability to pay, the desire to eliminate the benefits derived from the violations, and the necessity of vindicating the FTC’s authority—all drive the conclusion that $5 billion is an insufficient civil penalty. Injury to the public can be difficult to quantify in monetary terms in the case of privacy violations. That said, I regard the injury to the public and the institutions of our democracy to be quite substantial. Facebook’s conduct that the Commission alleges violated the order also facilitated Cambridge Analytica’s expropriation of data and manipulation of voters.
7)       My colleagues in the majority note that civil penalties have exceeded $5 billion only in instances of serious environmental disaster or widespread financial fraud. I believe that the injury to the public from damaging the integrity of our elections is as serious if not more serious than environmental and financial harms because it threatens the very systems that stand to protect Americans from those harms. Concern over this fact pattern should be bipartisan; the manipulative tactics weaponized in favour of a particular party in one election can just as easily be turned against it in the next.
8)       The order the Commission voted to accept does not impose any limitations on whether Facebook can transfer information to third parties or to other Facebook subsidiaries. Instead, the order requires Facebook to demand certain purpose and use certifications from third parties that request information, giving Facebook free rein to maintain control over what constitutes a permissible purpose and use. In other words, if Facebook wants third parties to have certain data, it can permit that under its Platform Terms; if Facebook wants to withhold access to that data, it can do so. But there may be a gulf between what is good for Facebook and what is good for its users. I believe that the order itself should limit third-party data access to information necessary to provide or operate the product or service for which the third party is requesting the information—it should not just rely on Facebook’s malleable developer standards.

9)      Finally, the order also fails to impose any substantive restrictions on Facebook’s collection and use of data from or about users (and non-users). This failure, in addition to allowing Facebook to aggregate rich data stores across its platform unfettered, may exacerbate competition as well as privacy concerns. We should strive to ensure that all our enforcement efforts are cognizant of, and not inconsistent with, both our consumer protection and competition missions.

10)  In sum, many of the problems identified in our investigation and in the related Cambridge Analytica investigation arose from the use of data beyond consumers’ expectations or permissions to enhance Facebook’s partnerships and therefore its bottom line. I believe that it is important and appropriate for the order to apply stringent limitations to how Facebook collects, uses, and shares data.

If we go through few reactions about this judgement we can be more enlightened.

House Commerce Committee Chairman Frank Pallone (D-NJ):  “While $5 billion is a record fine for the FTC, monetary damages are not enough. Facebook has repeatedly demonstrated that it prioritizes profit over people. Tough oversight is needed to prevent the abuse of consumer information by Facebook and other companies. Comprehensive privacy legislation is necessary to strengthen the FTC’s authorities and give it more enforcement tools and resources so that violating consumers’ privacy and breaking public trust isn’t just the cost of doing business.”
Senate Commerce Committee Chairman Roger Wicker (R-MS): “The settlement between the FTC and Facebook further stresses the need for a strong federal data privacy law. The details of Facebook’s conduct that were illuminated by the FTC’s investigation are troubling. This investigation and settlement, including a fine significantly larger than has ever been assessed by a privacy enforcer anywhere in the world, are examples of the great work the FTC can do. However, without a robust, comprehensive federal privacy law covering data collectors and consumers, bad actors will be able to continue to abuse data in the online marketplace.
Charlotte Slaiman, Competition Policy Counsel at Public Knowledge: "Today we see the result of over a year of investigation and negotiation by the FTC. It is frustrating that the FTC was not able to achieve more significant changes to Facebook’s behaviour going forward. Facebook users cannot count on being protected as a result of this settlement. Under this settlement, Facebook does not have to meaningfully change how it collects and uses your data. Facebook retains complete control over when to share your data outside of Facebook, as long as the company complies with the privacy policy that it gets to write. The settlement also protects Facebook from further enforcement on other potential violations that we may not even know exist. The settlement does not impose any pro-competition terms, such as interoperability requirements or limiting data-sharing between Facebook, Instagram, and Whatsapp to the same terms used with third-parties so that competitors can compete fairly. While the settlement does require additional auditing processes and reporting requirements as well as a very large fine, the settlement is weak given the repeated violations and the severity of the harm. We must pass new and more effective privacy laws, as well as broader platform regulation aimed at improving competition in the sector so that consumers can more easily switch to an alternative product if they are not happy.”
Eric Null, senior counsel at New America’s Open Technology Institute: “With the Facebook settlement, the FTC appears to be stepping up its privacy enforcement. But consumers should be sceptical that the settlement will lead to any effective change in online privacy protections or Facebook’s business practices—the company was rewarded on the stock market for the settlement, the settlement imposed no meaningful restrictions on Facebook’s data collection and sharing practices, and structural changes require a tenacious overseer to ensure compliance or they may lead to nothing. Today’s settlement exemplifies the need for strong privacy legislation, which could better protect consumers everywhere by making many practices, including those Facebook engaged in, explicitly unlawful. The FTC only achieved as much as it did because it had a prior consent decree in place. Without comprehensive privacy legislation, consumers will likely end up with more of the same.”
Free Press Policy Counsel Gaurav Laroia: “While the $5-billion fine is one of the largest in the FTC’s history, it still falls far too short. As Commissioners Chopra and Slaughter explained in their dissents, the FTC’s $5-billion fine is unlikely to change the company’s behaviour. It represents just one month’s worth of earnings for Facebook and is a tiny fraction of the company’s growth in revenue since it entered into a consent decree with the agency in 2012 for violating its users’ privacy. Far more serious consequences are needed to curb the tech industry’s behaviour and its amoral pursuit of growth at our expense. This settlement doesn’t change that underlying dynamic. The FTC order places no meaningful limits on Facebook’s collection of users’ personal information. The settlement also fails to address the business model that incentivizes the invasive and manipulative practices the company was fined for. The Cambridge Analytica scandal rightfully motivated the FTC’s to reopen its investigation into Facebook. The company’s lax privacy controls enabled the manipulation of voters in the 2016 election and damaged our democracy. Without corrective action, the business of behavioural advertising is bound to harm our social, political and private lives again and again. It’s now up to Congress to pass legislation to protect our privacy, our democracy and our civil rights.”
Marta Tellado, President and CEO of Consumer Reports: “As expected, the size of the settlement is historic, but these attempts to hold Facebook accountable are not enough to make a real difference. With a weak and under-resourced FTC, and a glaring need for far more comprehensive privacy laws, Congress must raise the standards for consumers and hold Big Tech accountable. Lawmakers have a responsibility to pass laws that offer real protections, giving consumers control of their data and the FTC the power it needs to rein in Big Tech. The details of this settlement make it brutally clear that this isn’t just about Facebook’s privacy policies.  Facebook made a concerted effort to control and manipulate consumer choices, by misrepresenting how they do business, and how they treat their users.”
Open Markets Institute: "The Open Markets Institute denounces the Federal Trade Commission’s (FTC) official $5 billion settlement with Facebook. Even as the FTC’s complaint alleges that Facebook committed major privacy violations, the FTC still failed to question Mark Zuckerberg and has not required an admission of guilt by the corporation, protecting Facebook from legal liability.
The Guardian-- No collection of scandals, errors, embarrassments, hearings, threats of regulation, fines, or public scolding’s like this one seem to able to stall these two companies in their quest to become the operating systems of our lives. The world has never seen anything like Google. The world has never seen anything like Facebook.
By going through the tone of dissenting judgement it becomes clear that many in this world holds view that Marc Zuckerberg should have been personally held liable for the data breach in its criminal capacity because it is this person who is cheating the entire world with his false promises and assurances. The 2012 assurances from the Facebook to FTC and thereafter breaches of the same by FB are now in public domain and how this serial offender can be believed for his future assurances and promises?

As of 2018, Facebook had more than 2.2 billion monthly active users worldwide. Personal information, such as user’s real name, date of birth, hometown, current city, employer, relationship status, and spouse’s name, as well as sensitive personal information, such as political views, sexual orientation, photos of minor children, and membership in health-related and other support groups is used by FB for its marketing purpose. Users can also provide information about themselves by indicating that they “like” public Facebook pages. Research suggests that a user’s “likes” of public Facebook pages can be used to accurately predict that user’s personality traits, sometimes better than the user’s own friends and family. In addition, Facebook users may install and use applications (“apps”) developed by third-parties (“third-party developers”) that allow the users to share information with their Facebook Friends.

In 2012, after an FTC investigation, Facebook settled allegations that its practice of sharing Affected Friends’ data with third-party developers of apps was deceptive. The resulting Commission Order, among other things, prohibited Facebook from misrepresenting the extent to which consumers can control the privacy of their information, the steps that consumers must take to implement such controls, and the extent to which Facebook makes user information accessible to third parties. But even in 2018 it was found by FTC, after revelations in Cambridge Analytica’s case, that FB is sharing its user’s data to its app developers who in turn are misusing/commercially exploiting the same. So can such company be called trustworthy? If the company can cheat the nation in which it is born, can such company will remain faithful to other nation? Can such company be blindly relied upon is the core issue.

Between November 2015 and March 2018, Facebook asked its users to provide personal information to take advantage of security measures on the Facebook website or mobile application, including a two-factor authentication measure that encouraged provision of users’ phone numbers. But Facebook did not effectively disclose that such information would also be used for advertising. This shows the mens rea of the policy makers of the company and specially its CEO Marc Zuckerberg’s intentions to defraud and cheat the people by mere lip services. We are overwhelmed by the red carpet welcome My Dear Marc received in Modi 1.0 tenure and assurances he made to make global citizens lives simpler and easier with the POWER TO CONNECT. But the real face behind this POWER TO CONNECT was to sell their sensitive personal data and information to mint money!!!!!

One of the significant disclosures by FB in FTC investigations is, “The full scale of unauthorized collection, use, and disclosure of consumer information resulting from Facebook’s conduct is unknown due, at least in part, to the company’s lack of recordkeeping.”

Can anyone believe that FB not having proper record keeping regarding who accessed which information and how many times any information was accessed? To my mind this evasive reply is just to make the penalty quantum very less as it will create confusion in minds of commissioners regarding the real valuation of the sensitive personal data compromised. This quantum of undervalued compromise decree to the tune of 5 Billion Dollars can be guessed from the reaction of the US stock markets in which FB stock gained after this compromise decree was announced. It means markets were expecting much higher penalties on FB than the inflicted one.

To my mind India should be more concerned and watchful about the FTC findings and the manner in which India is welcoming FB group in India. A company with highest following in terms of user base is working on the diametrically opposite principles followed in India which is TRUTH. The company’s decision of accepting US FTC’s offer of compromise settlement rather than challenging the same in Court of Law itself establishes than company has more to lose in civil suit than 5 Billion dollars. So it was easy escape route offered to one of the biggest Social Media giants in the world.

Have you ever seen any example of such meagre surrender by the respondents in any law suits especially when 5 Billion is at the stake?

As a country we must be ready to read between the lines of this FTC Judgement and be more careful while dealing with such companies in future.

If FTC can act then why not any Indian Statutory Bodies like Competition Commission of India or Indian Courts by way of Suo Motu PIL act when FB is openly compromising privacy of the Indian Citizen, is the million dollar question.
 
AND MAHENDRA LIMAYE ASSOCIATES WANTS TO KNOW THE ANSWER.

This article is just to provide the spark needed for much bigger debate amongst intellectuals in India, especially those who are concerned about sovereignty and security of the nation!!!!


JAI HIND.


Reply us on mahendralimaye@yahoo.com or call 09422109619