Adjudication Officer under the IT Act,2000 [ cybercrime court for civil cybercrime matters ] all details

Who is an Adjudication Officer under the IT Act,2000 [ cybercrime court for civil cybercrime matters ] 

Adjudicating officer is generally an IAS officer in the rank of Principal Secratary -Information Technology or an IAS officer who should not be less than the rank of a Director to the Government of India or an equivalent officer of a state government as an adjudicating officer who shall adjudicate whether any person has committed a contravention of any of the provisions of this Act or of any rule, regulation, direction or order and shall hold an inquiry in the manner prescribed by the central government. Further, the adjudicating officer is vested with the power of a civil court to adjudicate any matter before it. Under Section 46 of the IT Act,2000 the power to adjudicate has been specifically enshrined for the purpose of adjudging under this Chapter.

The central government has notified “Scope and Manner of Holding Inquiry” as per the gazette notification for Information technology Rules, 2003 under the short title “Qualification and Experience of Adjudicating Officer and Manner of Holding Enquiry” dated 17th March 2003.

It be noted that the Information Technology Act, 2000 extends to the whole of India and applies to any offence or contravention thereunder outside India by any person (computers should be located in India) .

Chapter IX of the Information Technology Act, 2000, ” deals with penalties and adjudication. This Chapter specifically tackles “cyber contraventions” through unauthorized access to the computer, computer system, or computer network. The term ‘Contravention’ is more of a violation of law or rule of procedure which has damages and compensation as a remedy. Section 43(a-j) or 43A are majorly quoted to get damages by way of compensation to the person who has suffered due to such contravention. In order to seek damages by way of compensation, the affected person approaches the adjudicating officer appointed under Section 46 of the IT Act, 2000. The adjudicating officer has the pecuniary jurisdiction of up to five crore rupees, and any affected person seeking to claim compensation above Rs. 5 Crores has to approach the competent Court (civil court senior division or high Court) for proper redressal. 

Power to adjudicate under Section 46 of IT Act, 2000

Section 46(1) of the IT Act, 2000 states that the central government shall subject to the provisions of sub-section (3): 

•Appoint an adjudicating officer for the purpose of adjudging under Chapter IX whether any person has violated any of the provisions of this Act, rendering him liable to pay penalty or compensation. 

•The adjudicating officer shall have the power to hold an inquiry to adjudge upon the complaints being filed.

Section 46(1A) prescribes that the pecuniary jurisdiction to adjudicate matters wherein the claim for injury or damage does not exceed Rs 5 crores. In case the claim for compensation goes beyond the Rs 5 crores, the jurisdiction shall vest with a competent or higher court i.e. Civil Court Senior Division or High Court with Original Jurisdictions

Further, Section 46(2) states that the adjudicating officer shall give a reasonable opportunity to make representation to the person who has violated any of the provisions of this Act or any rule, regulation, direction, or order made thereunder. And if satisfied after conducting an inquiry that the person so accused has committed the contravention, penalty or award of compensation may be imposed by him as deemed fit in accordance with the provisions of that section.

The essential requisites which are required to be fulfilled so as to be appointed as an adjudicating officer have been laid down under Section 46(3) of the IT Act, which states that in order to be eligible for this post, one must possess qualifications like experience in the field of information technology and legal or judicial experience as may be prescribed by the central government.

Appointment of more than one adjudicating officer has been provided under sub-section (4) of Section 46. It states that where more than one adjudicating officer is appointed, it is for the central government to specify by order the matters and places with respect to which such officers shall exercise jurisdiction.

Lastly, Section 46(5) vests the powers of a civil court on every adjudicating officers which are conferred on the Cyber Appellate Tribunal under sub-section (2) of Section 58 and includes the power to order attachment and sale of property, arrest, and detention of the person who has committed the contravention and appointment of the receiver which increases the enforceability and efficacy of its orders and working.

Scope and manner of holding an inquiry

1. The adjudicating officer shall exercise jurisdiction in respect of the contraventions in relation to Chapter IX of the IT Act,2000

2. To receive a complaint from the complainant on the basis of the location of computer system, computer network as defined in sub-section (2) of Section 75 of IT on a plain paper on a plain paper on the proforma attached to these Rules along with the fee payable which is computed on the basis of damages claimed by way of compensation.

3. To issue notices together with all the documents to all the necessary parties to the proceedings, fixing a date and time for further proceedings.

4. On the date so fixed, the person to whom the notice has been issued about the contravention alleged to have been committed shall be explained by the adjudicating officer about the contravention alleged to have been committed in relation to any of the provisions of this Act.

5. Suppose the person who is alleged to have committed the contravention, pleads guilty. In that case, it shall be recorded by the adjudicating officer, and penalty might be imposed upon him or award such compensation as deemed fit in accordance with the provisions of this Act, rules, regulations, order, or directions made thereunder.

6. Alternatively, on the date fixed, the person who has committed the alleged contravention may show cause as to why an enquiry should not be held in the alleged contraventions or why the report alleging contraventions against him should be dismissed.

7. On the basis of the submissions made, the adjudicating officer shall form an opinion that there is sufficient cause to hold an enquiry or dismiss the matter or may get the matter investigated.

8. If any person or persons fails, neglects, or refuses to appear, or present himself before the adjudicating officer, he shall proceed with the inquiry in the absence of such person or persons after recording the reasons for doing so.

9. The adjudicating officer shall fix a date and time for the production of documents (including electronic records) or evidence.

10. To hear and decide every application, as far as possible, in four months and the whole matter in six months.

11. And if in a case, the adjudicating officer is convinced that the scope of the case extends to the offences under Chapter XI of IT Act (the Cyber Appellate Tribunal) instead of contravention, needing appropriate punishment instead of mere financial penalty, should transfer the case to the magistrate having jurisdiction to try the case, through presiding officer.

Quantum of compensation

While adjudging the quantum of compensation or penalty, the following factors shall be considered by the adjudicating officer:

1. The amount of gain of unfair advantage, wherever quantifiable, made as a result of the default;

2. The amount of loss caused to any person as a result of the default; and

3. The repetitive nature of the default.

Adjudicating officer vested with powers of a civil court

Sub-section (5) of Section 46 states that the Adjudicating Officer has been vested with the same powers as are vested in a civil court under the Code of Civil procedure, 1908 while trying a suit, in respect of the following matters, namely: –

1. Summoning and enforcing the attendance of any person and examining him on oath;

2. Requiring the discovery and production of documents or other electronic records;

3. Receiving evidence on affidavits;

4. Issuing commissions for the examination of witnesses or documents;

5. Reviewing its decisions;

6. Dismissing an application for default or deciding it ex parte; and

7. Any other matter, which may be prescribed.

The adjudicating officer shall deliver a certified copy of the order to the complainant & the respondent.

Appeals

For appeals, the IT Act,2000 (as amended in 2017) the Telecom Dispute Settlement and Appellate Tribunal having the appellate jurisdiction. Section 48 of the IT Act,2000 provides that the central government shall by notification establish one or more appellate tribunals to be known as Telecom Dispute Settlement and Appellate Tribunal. It should be noted that currently TDSAT is only at Delhi in Ashok Hotel. 

As per Section 57 of the IT Act,2000 a person who is aggrieved by the order passed by the controller or an adjudicating officer under this Act may file an appeal before the appellate tribunal having jurisdiction in the matter. It is to be noted that no appeal shall lie to the appellate tribunal from an order passed by the adjudicating officer when it is arrived at with the consent of the parties. The limitation period for filing an appeal from the order of the adjudicating officer is 45 days from the date on which a copy of the order made by the controller or the adjudicating officer is received by the person aggrieved, and it shall be in such form and be accompanied by such fee as may be prescribed. The limitation period of appeal is provided under Section 57(1) of the IT Act,2000. In case the appeal is filed after the expiry of the limitation period, the appellate tribunal may entertain an appeal if it is satisfied that there was sufficient cause.

Quasi-judicial authority

In the Indian National Congress (I) v. Institute of Social Welfare, it was held by the Supreme Court “… where law requires that an authority before arriving at a decision must make an enquiry, such a requirement of law makes the authority a quasi-judicial authority.”

It can be inferred from this observation of the SC that the adjudicating officer under the Act is a quasi-judicial authority as holding an enquiry is required by him before making a decision. The quasi-judicial authority of the adjudicating officer is restricted to the determination of contraventions and impositions of penalties only for Sections 43–45 of the IT Act,2000 only. Further, the scope of quasi-judicial authority of the adjudicating officer if extended beyond the determination of contraventions as provided under Sections 43 to 45 would be conflicting with the legislative intent behind the Act. His quasi-judicial authority covers not only the entire range of computer-related contraventions, but also adjudicating body corporates vis-à-vis any failure to protect data, including sensitive personal data.

What is expected from State Governments ?

The Department of Information Technology of each and every state is required to create a website for the citizens to have direct access to the various redressal mechanisms as provided by the Information Technology Act, 2000 and spread awareness about the working of these mechanisms. It is pertinent to note that as per IT Act Notification No. 240 issued by the Ministry of Communications and Information Technology, the Department of Information Technology of each of the states or of union territories shall provide the infrastructure and maintain the records of the matters handled by the adjudicating officer Functioning in the states/union territories. However, when a person tries to have access to the websites of the information technology of the states, the websites are either found to be not in a working condition or lacks the information which is quintessential for a layman to understand the system of the redressal mechanism set up under the Information Technology Act, 2000.

The adjudicating officers belonging to the State of Maharashtra, Karnataka, Tamil Nadu, Kerala, Madhya Pradesh, Gujarat and Delhi have been the most judicially active in adjudicating the matters before them compared to their counterparts in other States of India, who are struggling. The reason as to why the other states are lagging lies in the very fact that there is a death of cases filed before the adjudicating officers of these States, which is again because the general public isn’t aware of the existence of any such mechanism for seeking compensation under the IT Act, 2000. 

My NOTES TO ADJUDICATION OFFICER

The proceedings before The AO are of summary proceedings in nature 

Section 65B(4) Certificate under Indian Evidence Act is mandatory

Police Report wherever required should be adduced and the respective police officer should be summon during date of the case with his report of investigation

Orders passed should have proper reasoning and appreciation of facts and evidences appreciated during the hearing before The AO

No Jail term / imprisonment can be awarded only damages and compensation

Cases like credit card fraud, Online banking fraud, Data Theft, Data Leak, Phishing Software Source Code Theft, Spreading of Virus, Denial of Service, Unauthorised access (hacking), cases where Banks, Insurance companies or any organisations do not follow IT reasonable security practices such cases may be Adjudicated by the Adjudication Office.

Types of cyber crimes and offences mentioned in The IT Act,2000

 

There are 22 sections and 31 instances (i.e section 66 actually is applicable for ten different crimes mentioned in section 43) of offences and cyber crimes provisioned in the IT Act,2000 . Some sections are Non- Bailable too and one section 66F is a grievous offence having provision of punishment of imprisonment for life.

The table below shows the offence and penalties against all the mentioned sections of the IT Act,2000

Section	Offence	Punishment	Bailable and Cognizable
65	Tampering with Computer Source Code	Imprisonment up to 3 years or fine up to Rs 2 lakhs	Offence is Bailable, Cognizable and triable by Court of JMFC.
66	Computer Related Offences i.e All 10 offences mentioned in Section 43	Imprisonment up to 3 years or fine up to Rs 5 lakhs	Offences are Bailable, Cognizable and triable by Court of JMFC.
66-A	Sending offensive messages through communication services, etc... Section is removed	Imprisonment up to 3 years and fine in Shreya Singhals Case	Offence is Bailable, Cognizable and triable by Court of JMFC Do Not Apply
66-B	Dishonestly receiving stolen computer resource or communication device	Imprisonment up to 3 years and/or fine up to Rs. 1 lakh	Offence is Bailable, Cognizable and triable by Court of JMFC
66-C	Identity Theft	Imprisonment of either description up to 3 years and/or fine up to Rs. 1 lakh	Offence is Bailable, Cognizable and triable by Court of JMFC
66-D	Cheating by Personation by using computer resource	Imprisonment of either description up to 3 years and /or fine up to Rs. 1 lakh	Offence is Bailable, Cognizable and triable by Court of JMFC
66-E	Violation of Privacy (Clicking photographs of women's private parts)	Imprisonment up to 3 years and /or fine up to Rs. 2 lakh	Offence is Bailable, Cognizable and triable by Court of JMFC
66-F	Cyber Terrorism	Imprisonment extend to imprisonment for Life	Offence is Non-Bailable, Cognizable and triable by Court of Sessions
67	Publishing or transmitting obscene material in electronic form	On first Conviction, imprisonment up to 3 years and/or fine up to Rs. 5 lakh On Subsequent Conviction imprisonment up to 5 years and/or fine up to Rs. 10 lakh	Offence is Bailable, Cognizable and triable by Court of JMFC
67-A	Publishing or transmitting of material containing sexually explicit act or conduct etc... in electronic form	On first Conviction imprisonment up to 5 years and/or fine up to Rs. 10 lakh On Subsequent Conviction imprisonment up to 7 years and/or fine up to Rs. 10 lakh	Offence is Non-Bailable, Cognizable and triable by Court of JMFC
67-B	Publishing or transmitting of material depicting children in the sexually explicit act or conduct etc., in electronic form	On first Conviction imprisonment of either description up to 5 years and/or fine up to Rs. 10 lakh On Subsequent Conviction imprisonment of either description up to 7 years and/or fine up to Rs. 10 lakh	Offence is Non-Bailable, Cognizable and triable by Court of JMFC
67-C	Intermediary intentionally or knowingly contravening the directions about Preservation and retention of information	Imprisonment up to 3 years and fine	Offence is Bailable, Cognizable.
68	Failure to comply with the directions given by Controller	Imprisonment up to 2 years and/or fine up to Rs. 1 lakh	Offence is Bailable, Non-Cognizable.
69	Failure to assist the agency referred to in sub section (3) in regard to interception or monitoring or decryption of any information through any computer resource	Imprisonment up to 7 years and fine	Offence is Non-Bailable, Cognizable.
69-A	Failure of the intermediary to comply with the direction issued for blocking for public access of any information through any computer resource	Imprisonment up to 7 years and fine	Offence is Non-Bailable, Cognizable.
69-B	An intermediary who intentionally or knowingly contravenes the provisions of sub-section (2) in regard monitor and collects traffic data or information through any computer resource for cybersecurity	Imprisonment up to 3 years and fine	Offence is Bailable, Cognizable.
70	Any person who secures access or attempts to secure access to the protected system in contravention of a provision of Sec. 70	Imprisonment of either description up to 10 years and fine	Offence is Non-Bailable, Cognizable.
70-B	Indian Computer Emergency Response Team to serve as a national agency for incident response. Any service provider, intermediaries, data centres, etc., who fails to prove the information called for or comply with the direction issued by the ICERT.	Imprisonment up to 1 year and/or fine up to Rs. 1 lakh	Offence is Bailable, Non-Cognizable
71	Misrepresentation to the Controller to the Certifying Authority	Imprisonment up to 2 years and/ or fine up to Rs. 1 lakh.	Offence is Bailable, Non-Cognizable.
72	Breach of Confidentiality and privacy	Imprisonment up to 2 years and/or fine up to Rs. 1 lakh.	Offence is Bailable, Non-Cognizable.
72-A	Disclosure of information in breach of lawful contract	Imprisonment up to 3 years and/or fine up to Rs. 5 lakh.	Offence is Cognizable, Bailable
73	Publishing electronic Signature Certificate false in certain particulars	Imprisonment up to 2 years and/or fine up to Rs. 1 lakh	Offence is Bailable, Non-Cognizable.
74	Publication for a fraudulent purpose	Imprisonment up to 2 years and/or fine up to Rs. 1 lakh	Offence is Bailable, Non-Cognizable.

How cybercriminal’s use cryptocurrency ?

How cybercriminals use cryptocurrency?

Cybercriminals all over the world have leveraged this technology’s increased anonymity to buy and sell illegal goods, services, stolen data, underground infrastructure and force victims to pay ransom. While blockchain analysis enables researchers and law enforcement to glean information from illicit transactions, criminals have countered by adopting the use of cryptomixers to obscure their transactions and further complicate investigations. It has been observed gangs in the cybercriminal underground are increasingly relying on cryptomixing services to obfuscate the origin of their criminal earnings.

What are Cryptomixers ?

Cryptomixers are often stand-alone services that are available to the general public via the open internet. They often use anonymous means of communication and do not keep logs of customer transactions, which given the push by law enforcement for crypto exchanges to incorporate financial compliance laws into their operations, makes cryptomixers a useful tool for criminals.

How Mixers Work ?

Mixers work by allowing threat actors to send a sum of cryptocurrency, usually bitcoin, to a wallet address the mixing service operator owns. This sum joins a pool of the service provider’s own bitcoins, as well as other cybercriminals using the service. The initial threat actor’s cryptocurrency joins the back of the “chain” and the threat actor receives a unique reference number known as a “mixing code” for deposited funds. This code ensures the actor does not get back their own “dirty” funds that theoretically could be linked to their operations. The threat actor then receives the same sum of bitcoins from the mixer’s pool, muddled using the service’s proprietary algorithm, minus a service fee. For added anonymity, the threat actor can choose to send this new “clean” sum of bitcoins to numerous wallet addresses to further obfuscate the trail of the illicit funds. This makes it more difficult for law enforcement to associate the original “dirty” cryptocurrency with the threat actor.

POPULAR CRYPTOMIXERS

While the act of “mixing” cryptocurrency is not itself an illegal practice, these platforms aren’t widely used by the vast majority of crypto-enthusiasts. Most users do not need the extra level of privacy nor want to lose crypto to the service fees that come with mixing cryptocurrency. The cryptomixers that were observed all had well-established presences on multiple, well-known cybercrime forums. All of the mixers had professional-looking sites, likely serving as an attempt to make their operations appear more legitimate and attract a wider range of clients. None of the providers advertised their roles in money laundering, instead preferring to suggest their sites serve businesses using cryptocurrencies and individuals interested in protecting their privacy.

Among the most popular mixers observed are

• 

• Absolutio  

• AudiA6

• Blender

• Mix-BTC

• Helix

All the mixers observed were operational on the clear web and Tor network except mix-btc, which was only available on the open internet. All four providers offered their services in English, with Absolutio, AudiA6 and mix-btc also featuring Russian-language versions of their sites. All four mixers offered services for Bitcoin, while others also offered mixing services for Bitcoin Cash, Bitcoin SV, Dash, Ethereum, Ethereum Classic, Litecoin, Monero and Tether cryptocurrencies.

All the mixers listed a minimum balance for mixing services, which varied from 0.001 bitcoin (about US $60) for Blender to 0.006 bitcoin (about US $375) for mix-btc. Maximum amounts varied significantly, with Absolutio limited to 2 bitcoins (about US $125,700), Audi A6 to 27 bitcoins (about US $1.7 million) and Blender to 2,600 bitcoins (about US $163 million). Mix-btc did not specify an upper limit for transactions.

Additionally, all four mixers charge transaction fees, collected as a percentage of the total amount of cryptocurrency to be mixed. Some services allow users to choose a “dynamic” service fee, which is most likely done to complicate investigations into illicit cryptocurrency funds by altering the amount being laundered at different stages of the process, making it more difficult to tie the funds to a specific crime or individual. The fees are the following:

• Absolutio: ​​Users select “dynamic” service fees, falls between 1 percent to 30 percent

• AudiA6: Flat service fee between 3 percent and 5.5 percent

• Blender: Users select “dynamic” service fee, falls between 0.6 and 2.5 percent

• Mix-BTC: Flat service fee between 3 percent and 5.5 percent, additional charges depending on the volatility of bitcoin price

While these mixers do not share their wallet addresses publicly, Intel 471 found a wallet that was used by Blender from June 2020 to July 2020, handling bitcoin transactions in excess of 54 bitcoins (about US $3.4 million). Assuming an average transaction fee of 1.6 percent, this wallet could have received fees in excess of US $50,000 during that time period.

EVEN MORE “PRIVACY”

With RaaS groups wanting as many ways as possible to keep a low profile, some developers decided to integrate cryptocurrency mixing services in their administrative panel instead of relying on the web-based options. The developers behind Avaddon, DarkSide 2.0 (also known as BlackMatter) and REvil likely integrated the BitMix cryptocurrency mixer to facilitate the laundering of ransom payments for program affiliates. Additionally, BitMix itself operated an affiliate-type program in which registered partners received 50 percent of fees charged for mixing funds. This meant any RaaS groups engaged in this partnership would receive 50 percent of the commission BitMix charged ransomware affiliates With BitMix commissions reaching as much as 4 percent, the affiliate program presents an appealing prospect to RaaS groups.

Action against Cryptomixers

Larry Dean Harmon, founder of Helix and Coin Ninja, has been fined $60 million for being involved in money laundering. He is among the first mixing services operator in the crypto industry, but the Financial Crimes Enforcement Network announced its involvement in money laundering on Monday. The founder has faced continued criminal charges and is now fined for breaching the Bank Secrecy Act (BSA). Larry was arrested in February for operating mixers that the prosecutors allege constitute unauthorized money services companies. The charges against Harmon indicate that he has laundered more than $300 million in Bitcoin.

CONCLUSION

Cryptomixers are a linchpin in ransomware schemes. Through these services, threat actors can achieve their end goal of cashing out and keeping the criminal underground liquid through the trade of illicit goods and services. A thorough understanding of the operational underpinnings of these mixing services is key to comprehending how criminals are laundering the money they earn from their crimes. It’s important to understand how all facets of a ransomware operation works if civil society is to stop the losses inflicted by these schemes.