The emergence of internet crimes in the law
The internet has opened up a world of new opportunity for gender activists and development actors working in the arena of information and communications technologies (ICT). The need for access, connectivity and relevant content has been well argued by researchers and advocates alike, but as the reach of the internet expands, new issues arise in bridging the 'digital divide'. Invasions of privacy, objectionable and malicious content, cyber harassment and other forms of 'cyber crimes' undermine the internet's potential as a great equaliser and threaten autonomy and security of individuals, organisations and communities, and nations.
Chapter XI of India's Information Technology (IT) Act defines cyber crime offenses as: tampering with computer source documents; hacking; publishing of information which is obscene in electronic format; breaching of confidentiality; and publishing false digital signatures. Yet as the Internet has evolved drastically and often in unanticipated directions in the years since the IT Act was passed in 2000, so has the nature and severity of cyber crime.
A typology of cyber crimes reveals that most crimes fall into three categories: crimes committed against persons, crimes committed against property and crimes committed against governments. Crimes of the first category have particularly captured the attention of the Indian news media and public, and generated considerable discussion on the need for more safety measures and increased regulation of the internet. As policy makers are called upon to respond, it becomes critical to consider how cyber crime and the emergent legislation will have an impact on the social, economic and political participation of women and other marginalised groups.
Women at the fringes of protection
Cyber crimes committed against persons affect all sections of the population, including those who are not online. For marginalised groups, however, cyber crimes can threaten the very communication rights that have been one of the most democratising aspects of the internet. The creation of secure online spaces has provided fora where marginalised groups can feel safe from harassment and enjoy freedom of expression and privacy of communication. Unfortunately, the benefits of anonymity and privacy also extend to those who employ ICT to threaten the communication rights of others, and often to target groups that are already be marginalised on the basis of age, sexuality, race, or religion, among others.
The Electronic Privacy Information Center, for example, finds that because women control a majority of personal and household goods spending, they are more likely to be singled out for consumer profiling and collection of personal data. Online data collection, marketing and profiling pose a threat to growing numbers of young women in India, who have gained internet access and disposable income as a result of opportunities in the IT and IT-enabled services sectors. Due to disparities in access to connectivity, skills and development of ICT, women, children, the elderly and other users from marginalised groups may additionally lack the experience or knowledge needed for safe online participation. Consequently, these groups are more vulnerable to scams and security and privacy breeches, and become easy targets for cyber criminals.
The increasing availability of and ease of access to personal information online, especially through popular social networks such as Orkut and Facebook, also facilitate incidences of cyber harassment, with minority and marginalised groups often at the receiving end. One definition of cyber harassment, a term generally used interchangeably with cyber stalking or online abuse, is:
“A group of behaviours in which an individuals, group of individuals or organisation, uses information and communications technology to harass another individual, group of individuals or organisation. Such behaviours may include, but are not limited to, the transmission of threats and false accusations, damage to data or equipment, identity theft, data theft, computer monitoring, the solicitation of minors for sexual purposes and any form of aggression. Harassment is defined as a course of action that a reasonable person, in possession of the same information, would think causes another reasonable person to suffer emotional distress." (Jaishankar and Sankary)
While both men and women are affected by cyber stalking, a survey of the characteristics of 'victims' finds that amongst users from the ages of 18-32, victims are predominantly female. In India, Delhi police confirm this observation, noting that nearly half of cyber crime cases reported are filed by women who discover their faces morphed onto pornographic images and posted online, usually accompanied by a personal phone number and an invitation for strangers to call (Sinha).
This was exactly the situation in India's first reported case of cyber stalking, in which an Indian woman filed a complaint to the Delhi police after receiving several obscene phone calls. Upon investigation, the police discovered that Mr. Manish Kathuria had impersonated the woman online, using obscene and obnoxious language, and had distributed her telephone number, encouraging people to call her. Mr. Kathuria was promptly arrested under Section 509 of the Indian Penal Code for “outraging the modesty” of the woman (Rediff, Sharma).
While cases of cyber harassment continue to appear in the media, many go unresolved. One woman, who complained to the Delhi police after she receive frequent calls from men offering to pay her for 'dates', found that the police had limited power to resolve her case. The woman discovered that her image and mobile number had been posted on a US-based website that "promoted friendship between people of different sexes", but when the police contacted the company that managed the website, it refused to cooperate by providing information on the person who could have posted her photo (Times News Network). It is interesting to note however, that no such hesitance was demonstrated by the huge multinational company Yahoo! when submitting user data to the China State government under the discourse of “national security”. This suggests that some kinds of cybercrimes are given more weight than others, and perhaps unsurprisingly, violence against women are more easily de-priotised in this matter.
Challenges to legislative measures
Lack of cooperation from foreign-based websites is just one of many hindrances to the resolution of cyber crime cases. Other factors include understaffed cyber crime cells within police departments; lack of IT knowledge of police, judges and prosecutors who must then rely on private professionals for expert help; and legislation that does not provide existing cyber crime cells with enough authority to take cases to completion. Pavan Duggal, president of cyberlaws.net and a well-known Indian advocate against cyber crime, and other critics of India's IT Act find that existing legislation is insufficient (Pavan Duggal. 5 July 2004. What's wrong with our cyber laws. Express Computer). Crimes such as chat room abuse, cyber stalking, and credit card theft have no specific laws or provisions of the IT Act under which these cases can be reported. The cyber crimes that are set forth by the IT Act are covered under civil procedures rather than criminal procedures, so it take a longer time to deliver justice.
Individuals from minority and marginalised groups are left especially vulnerable by these limitations of cyber crime laws. Such groups often already face information deprivation – not only online but also offline – and may not have knowledge of the protections that exist to guard their basic human rights. Thus they do not have the resources to seek legal recourse when their communications rights are violated in cyber space.
To compound these problems, many victims of cyber crime are unwilling to file their cases with the authorities. The true magnitudes of cyber crime, as well as demographic statistics on perpetrators and victims, are unknown because most incidents of cyber crime go unreported. Duggal has observed that “In 2006, I did a survey to find out how many cybercrime reports were filed and I was shocked to discover that only 10% of the cases were reported and that one percent got registered as FIRs. The reason beind this is that the victim is either scared of police harassment or wrong media publicity” (Vinita Gupta. 19 November 2007. No End to Cyber Crime. Express Computer). For minority and marginalised groups who already bear the brunt of media bias, reporting online harassment to the police may simply draw further unwanted attention.
Within India, even the discourse of cyber crime that has been taken up by news media, government and citizens may perpetuate existing structures of inequality. The IT Act concerns itself primarily with issues of commerce and governance, and discussions of cyber crime focus on individuals in the role of users and consumers who partake of available services and applications. Offering advice such as “stay away from chatrooms” or “don't give give out personal information online”, advocates against cyber crime suggest that these users/consumers are 'victims' who should minimise their online interactions because they do not know how to protect themselves adequately, instead of addressing this through capacity building or awareness raising measures. Minority and marginalised groups that are vulnerable to cyber crime are thus even further discouraged from participation. As more business, leisure, governance and other activities take place online, such prescriptions may actually increase 'digital divides'.
Clearly, increased online security is not simply a matter of not giving passwords, contact details or photographs to strangers. Nor is it creating more stringent legislation that forces internet service providers to disclose customers' information and mandates that internet cafes register and take photo identification for all customers. While legislation is certainly required to ensure the realisation of communication rights for both internet users and non-users, the dangers of increased policing of the web in both physical and virtual spaces and its impact on marginalised groups must be clearly examined.
Precedents in control and regulation of the internet can be found throughout the world. Legislative measures on cyber crime have been implemented by governments in China, the United Kingdom, Australia, and the Middle East, among many others. From restrictions on access and content meant to prevent child pornography but in effect regulates a broad range of content including information on women's sexual and reproductive health, to full scale State censorship to stifle freedom of expression, examples of the limitations of reliance on legislation can be easily found.
The Indian Minister of State in the communications and IT ministry has discussed amending the IT Act to tackle new forms of cyber crimes like phishing, identity theft, and cyber stalking by making internet usage more transparent. A proposed amendment to the IT Act “would make it a punishable offence to provide any false information on the net. It will be punishable by imprisonment of up to two years,” says an official at the ministry (Fake identity may lead to real crisis. Times of India: 15 October 2007). Such a requisite would facilitate India's cyber crime cells in tracking and prosecuting cyber criminals. However, it would also increase the volume of personal information available online, which would make marginalised groups even more vulnerable to crime, particularly with current problems of compromised data security through carelessness, hacking, and even profiteering.
Next steps: Protecting rights for empowering spaces
In assessing cyber crime legislation, policy makers and gender and development advocates must carefully consider the implications for privacy and information security. On the one hand, ICT have created opportunities to combat inequality through movements and communities against issues that were once deemed 'private', such as domestic violence and sex trafficking. On the other hand, ICT exacerbate existing structures of inequality by enabling cyber criminals to access and misuse private information to target vulnerable groups. As ICT blur the lines between personal and public, the nature of the internet and cyber crime - including how they affect human rights and social justice - must be questioned. If the internet is in fact a public arena, then do individuals forego their rights to privacy by simply being online? If people knowingly provide their personal information online, what are they then consenting to with regards to how this information is used?
ICTs complicate not only the divisions between the public and private spheres, but also the boundaries that define the jurisdictions of legislature. For example, companies based in India host their websites on servers in the US, while US-based companies outsource their customer service to India. Such global expansion of human and technical resources makes tracing cyber crime even more difficult. In India, police complain that "The [IT] Act does not give us enough teeth to initiate action against portals who function from abroad ... In cases where the websites originate on a foreign server, it becomes difficult to persuade them to discharge with information" (Sinha). Policy makers must thus consider the need for global policy spaces and how the internet as a global good affects the effectiveness of legislation.
Rather than seeking to address cyber crime after the fact, policy makers and gender and development advocates must create an alternate discourse of developers/producers who appropriate technologies to create secure and empowering online spaces. The project of creating an internet that enables and ensures the social, economic and political participation of minority and marginalised groups requires participation from all stakeholders. Individuals must become savvy both online and off; they should know how to take precautionary measures in cyber space and how to seek recourse if their rights are violated.
Governments can facilitate these processes by taking legislative measures that ensure human rights are protected online just as they are physical spaces. Legislation should not just protect users, however, it should also educate and inform all groups on how to exercise their communication rights. As cyber crime evolves and adapts, so too must cyber crime legislation. It must not only catch up to changes that have already happened, but also look beyond the 'next billion' users to anticipate the needs of all those whose well-being depends on the internet, whether or not they themselves are online.