A labyrinth of confusion leads to the small but neat fourth-floor office of Unistal Systems in Delhi's Nehru Place. The promoter of the Rs 20-crore company which manufactures data recovery software and tools, Alok Gupta, has battled a data theft case against a former employee since 2007. Gupta has the best legal brains on his side; well-known lawyer Pavan Duggal represents him in a civil suit, and the cyber cell of the Central Bureau of Investigation, or CBI, handles the criminal case. But Gupta is disappointed; the perpetrator never went to prison and the source code of the software stolen from him (source code is a language described by The Economist as a string of zeroes and ones) is still out in the market. "They are selling it," says Gupta. "I have lost interest in the case". Gupta says the Indian legal system is just not equipped to deal with cyber crime; the police is only a little better- it is just getting its cyber crime cells into shape. The CBI cyber crime cell, which handled Gupta's case, for instance, has jurisdiction in only eight states; 10 have rejected its request and 10 have yet to respond to the cell's request it be allowed to advice on cyber crimes the states cannot solve, or even collect evidence related to such crimes in those states. No clear data exists on cyber crime in corporate India. The Reserve Bank of India releases figures only on fraud in Internet transactions in banks, which, in 2012, went up to Rs 53 crore from Rs 40 crore two years earlier. But cyber crime is more than just credit card fraud or software piracy. It includes a whole gamut of crimes such as data theft, sexual harassment, cyber stalking, cyber bullying, circulating sexually explicit material and unsolicited friendliness. "Even if there is no sexual content and all you are offering is 'Have you read this book' and other stuff repeatedly to a colleague on intra-office messenger, you are guilty of unsolicited friendliness," says N S Nappinai, a lawyer who practises in the Bombay High Court and specialises in cyber law and privacy issues. She says cyber crime ranging from data theft to publishing sexually explicit images are on the rise in Indian offices. The concern with cyber crime in the corporate world is a worldwide issue. "..this time my unease does not resolve around financial threats, but another issue - cyber security. Most notably, after chatting to corporate executives at Davos this year, it is clear many are suffering from a deluge of cyber attacks," wrote Financial Times columnist Gillian Tett in January. Companies, however, don't want to talk about their exposure to cyber fraud openly. "..the overwhelming majority of companies today are terrified of talking too publicly about the issue for fear of suffering stigma or sparking panic. It is even tougher for shareholders to work out the degree to which individual companies are being targeted" said Tett.
|WHAT IS CYBER CRIME?|
Data theft can rob a company of future earnings; for a bank, crores can disappear with the click of a button. For an individual, cyber crime can be as big as loss of personal data or even a morphed nude picture going viral. Duggal, who has handled cyber litigation for 15 years, says of every 10 people using the Internet, six are victims of cyber crime. One reason why such cases are on the rise is that people are unaware when they are committing such crimes. They are equally unsure about reporting them or even who to turn to. "There is no transparency or clarity on jurisdiction. Where do you go for your remedy-cyber crime cell or local police?" says Nappinai. "I always advise my clients to first register a case with the local police station and then approach the cyber crime cell; otherwise the case will get lost. To a large extent, it works." The Information Technology Act was formed in 2000 with the intention to regulate e-commerce. Amendments were made to the Act in 2008 to widen its ambit to include cyber crime and child pornography. The Act, in the news for its now-infamous Section 66A which concerns hosting offensive information of the Internet, draws different opinions in the legal world. "It is a toothless act," says Duggal, who reports that only seven cases of cyber crime have reached conviction in the country. But the law itself is not the only problem. Policing in cyber crimes is slow, often not reacting fast enough results in evidence being obliterated. Another reason for fewer convictions could also be the veil of secrecy that companies put over cyber crime. Mostly, such cases are settled by the human resource department within closed walls as they are wary of the publicity arising out of it. "Ninety per cent cases are sorted out (out of court)", says Nappinai. Data theft is hardly something any company wants to advertise, especially when it deals with personal information and multiple geographies such as the US and the UK where data protection acts are strong. To tackle crime, companies are increasingly coming out with Internet usage policies, privacy policies and Internet audits as part of their HR codes. They are also banding together to address this issue and smoke it out into the open. The Bombay Chamber of Commerce and Industry, for instance, recently held a one-day session on mobile security. "A lot of companies such as in insurance, banking, online bookings and so on are conducting business on employees' mobile devices. It is easy to secure a laptop or a desktop, but how do you secure a mobile which anyone in the family can end-up using?" says Hanuman Tripathi, head of Mumbai-based banking software solutions company Infrasoft Technologies, who chaired the session which had a 60-strong audience of CIOs. Lawyer Duggal says that hybrid mobiles or smartphones are the next frontier for criminals of the cyber world. "You yourself are putting so much of your profile out there. Telemarketing companies have no problem getting cell numbers, e-mail identities, bank accounts," says Tripathi. "We need special judges, who are trained in IT; we need forensic labs in at least the metros," says Gupta of Unistal.