EDITORIAL ANALYSIS–Data deprivation makes cybercrime difficult to tackle
The Editorial covers GS paper3 [Cyber Security]
- In recent times, there have been many instances of the hard-earned money of Indians being taken out of bank accounts and charges loaded onto credit cards through online frauds.
- As a nation making a huge transition to a cashless economy, public faith in the digital system needs to be consistently reinforced.
What is the background?
- All the players involved, including banks, telecom companies, financial service providers etc. and the government, need to play a responsible role in ensuring innocent citizens do not undergo the trauma of suffering losses.
- The customer also has a responsibility to maintain basic cyber hygiene, which includes following practices and taking precautions to keep one’s sensitive information organized, safe and secure.
How is it affecting “startup” ecosystem?
- Another emerging casualty of such cybercrimes is the emerging “startup” ecosystem.
- We are beginning to see multiple cases where customers of genuine startups, unicorns and Indian businesses have been subjected to online fraud.
- These customers initially presume that it is the customer care departments of the companies that have conned them, as we see in many of the cases that get filed.
- This is a dangerous trend.
- Not only does it shake people’s faith in digital systems, the scepticism vis-a-vis online transactions also hurts the potential of emerging companies.
What is the modus operandi of cyber crimes?
- Let us look at the modus operandi of some of the recent internet-based financial frauds affecting companies in the digital and e-commerce space.
- Fraudsters usually start by creating various websites or accounts on social-media platforms that host some content to make them look deceptively similar to the authentic companies’ websites or social media interfaces.
- Such websites and social media accounts list fake customer care numbers for the relevant brands.
- When a customer tries to search for a company name by using a search engine, the customer care numbers or email IDs that pop up as results are often these fraudulent ones.
Why most cases go unreported?
- Also, some victims of fraud are too ashamed to admit that they have been conned, and often do not even tell their families.
- Yet, if the losses are large, the results can be devastating for fraud victims.
- While many cases aren’t even reported, in cases that are, the investigations make little or no progress due to lack of access to data.
- Even the income tax department has not been spared, with people getting messages from a fraudulent source that masks itself as an income tax authority and sends a message asking them to claim tax refunds by sharing a link.
- It is difficult to estimate the scale of the problem, as law enforcement agencies in different states are not fully equipped to understand and act upon complaints of such frauds.
- On its part, Russia also wants to make sure that China does not become a hegemon in the Eurasian region and is hence deepening cooperation with countries like India, Vietnam and Indonesia.
- India has also been able to convince Russia that its engagement with the U.S. is not going to come against Russian interests.
- The Far East has the potential to become an anchor in deepening India-Russia cooperation; more so considering that New Delhi has expanded the scope of its ‘Act East policy’ to also include Moscow.
- The area has the potential to strengthen India-Russia economic partnership in areas like energy, tourism, agriculture, diamond mining and alternative energy.
What is the way forward?
- Since most search engines and social media platforms have no “permanent establishment” in India, law enforcement agencies have hit a wall on data access for the purpose of solving cybercrimes.
- This has often raised calls for complete data localization, which could have been avoided had a collaborative mechanism for data access, based on agreed criteria, been put in place.
- The Srikrishna Commission recommended that data be stored in the country either directly or through mirror servers to serve law enforcement needs.
- The US Electronic Communications Privacy Act bars US-based service providers from disclosing electronic communications to law enforcement agencies of any country unless US legal requirements are met.
- The bilateral mechanism of the India-US Mutual Legal Assistance Treaty is a bit outdated and does not seem to work.
- While privacy and data protection are necessary, and data localization may pose its own business challenges, India needs to work out a way to crack cyber frauds and crimes.
- For this, the country urgently needs a legally-backed framework for a collaborative trigger mechanism that would bind all parties and enable law enforcers to act quickly and safeguard Indian citizens and businesses from a fast-growing menace.