India Completes Cybercrime Reporting/Investigation SystemHuge Backlog Remains - Only 2% of Cybercrime Complaints Fully Registered by Police
Work on setting up the infrastructure to deal with cybercrime in India has been completed, according to a report by local publication Business Standard, citing Union Home Minister Amit Shah.
The completion comes seven years after the Crime and Criminal Tracking Network and Systems, or CCTNS, was first established in June 2009.
The CCTNS project - a comprehensive, integrated networking infrastructure to improve the country's ability to detect and investigate crime and track criminals - cost 20 billion rupees ($265 million).
India's National Crime Records Bureau, or NCRB, says that the CCTNS provides advanced tools for investigation and an enhanced ability to analyze crime patterns and criminals' modi operandi.
State of Cybercrime in India
Shah discussed cybercrime trends in India at the Consultative Committee of the Ministry of Home Affairs on Tuesday and said that the National Cybercrime Threat Analysis Unit has issued 142 cybercrime prevention advisories and blocked 266 mobile apps. He said that 100% of all first investigation reports, or FIRs, are now being registered on the CCTNS. An FIR is a written document prepared by the police when they receive information about the commission of a crime.
Shah said that the National Cybercrime Forensic Laboratory provided 3,800 forensic investigation services over the past year.
But, he said, of the 600,000 cybercrime complaints filed, only 12,766 were recorded as FIRs. That's about 2% of all cybercrime complaints.
And NCRB's data shows that there are 34,733 cybercrime cases from last year that are pending investigation.
Inspector General of Police Brijesh Singh, who heads Maharashtra Cyber, tells ISMG: "Wherever there are foreign entities involved, such as service providers, platforms and social media firms, it is very difficult to get data from them in time. Evidence collection becomes the primary challenge in resolving cybercrime cases."
Few Cybercrime Convictions
Cyber law expert and Supreme Court advocate Karnika Seth says that there are barely a handful of convictions for cybercrime cases in India.
Cases registered under the Protection of Children from Sexual Offenses Act, or POSCO, are treated as high-priority cases in the country and police are obliged to record POSCO cases as Zero FIR, which means the police must take action even if a FIR has not been filed.
But Seth says that even in POSCO cases, the rate of convictions is around 3%.
In India, a victim of cybercrime can report the incident at any police station, irrespective of their jurisdiction, or on the National Cybercrime Reporting Portal, according to Section 154 of the Code of Criminal Procedure.
N.S. Nappinai, Supreme Court advocate and policy and investigation adviser to Maharashtra Cyber, tells ISMG that the portal lacks transparency. While it gives users the opportunity to file a cybercrime complaint, there's no way for the victim to know why a case has been dropped.
There are numerous instances of dropped cases. NCRB's data shows that 8,198 cybercrime cases are classified under the category ''True but Insufficient Evidence or Untraced or No Clue."
Cybercrime Investigations: Technical Challenges and Solutions
Triveni Singh, Superintendent of Police - Cyber Crime, Uttar Pradesh, points out that when a cybercrime investigation involving exfiltration of data from overseas servers is involved or legal complications arising from international law come into the picture, it prolongs the investigation.
He tells ISMG that the awareness levels among prosecutors, the police and the judiciary, who are not well-versed with cyber forensic tools and procedures, is also a factor contributing to delay in the prosecution and conviction of cybercrime cases. He adds that the lack of adequate tools and equipment to handle electronic crimes at the police station level is also a challenge.
"The first objective to achieving faster turnaround and resolution in cybercrime cases is to build technical expertise in the cyber forensics domain," says Singh.
To overcome the current challenges, Singh says that India's cyber police are focusing on capacity-building and acquiring the right tools and techniques to investigate cybercrime.
"We're also providing them training and purchasing state-of-the-art tools. It is a continuous process - the Ministry of Home Affairs is working on this; we, at the state level, are also driving these changes," says Singh.
He tells us that every state in the country now has a central cyber forensic laboratory. The Ministry of Home Affairs has also introduced a cybercrime and cyber forensics training, through the NCRB, that police personnel can access online.
"We're also providing training to junior police officers through workshops and training sessions," he adds.
He believes these changes from the ground up and added capabilities will show better results in resolving cybercrime cases.
Increasing Cybercrime Conviction Rates
Prashant Mali, cyber and privacy lawyer at the Bombay High Court, tells ISMG that for better conviction rates for cybercrime offences, the three arms of the justice delivery mechanism - police, public prosecutors and judges - should be educated enough to appreciate the evidence before them. "I think simultaneous training of all three on same topic across the country should be undertaken," he says.
Additionally, he says penalties and appreciation for acquittals and convictions could motivate investigation officers to supervise cases till conviction. This is because, at present, the police machinery only works till the crime detection stage. "Focusing on conviction, rather than detection is most important," he says.
"At present, learnings from acquittals and official knowledge sharing amongst police is absent as there is no common platform for the same. I think the CCTNS needs a 'knowledge and case judgement' sharing option, so that police personnel from all states can be made aware simultaneously," he adds.
In Mali's opinion, the Ministry of Home Affairs should introduce conviction targets for each states. "There should be a penalty imposed by courts on police officers for not uploading FIRs to the CCTNS within 24 hours," he says.
He points out that many state police departments, including Mumbai Police, falls short in uploading FIRs onto the CCTNS.