Consumer Dispute resolution under the Telecom Act 2023

The Telecommunications Act of 2023 has strengthened the dispute resolution framework by introducing an online grievance redressal system. The aim is to expedite the resolution of conflicts between telecommunications companies and consumers while ensuring transparency in the redressal process. Following an inquiry, a telecom company found violating license or service terms may incur severe penalties, spectrum holdings cancellation, service restrictions, or even be prohibited from providing telecom services, depending on the seriousness of the breach. 

How does the online grievance redressal system operate, and who plays key roles? 

An Adjudicating Officer (AO), appointed by the Centre and not below the rank of joint secretary, will conduct inquiries to resolve disputes between telecom service providers and consumers. Additionally, a separate Designated Appeals Committee (DAC) will be formed, consisting of officers at the rank of additional secretaries. Individuals dissatisfied with an AO’s decision can appeal to the DAC, and those unhappy with the DAC's ruling can escalate the matter to the telecom tribunal, TDSAT. Both the AO and DAC will function digitally, conducting their operations entirely online, and any telecom company involved in a dispute must actively engage in the grievance redressal process.

What is the role of an Adjudicating Officer (AO)?

If a telecom company is found to violate the licence or service terms as per the Telecommunications Act, the AO initiates an inquiry by issuing a notice. Following the inquiry, the AO has the authority to issue a written order, requiring corrective actions. Additionally, the AO can impose specific civil penalties based on the severity of the breach. Moreover, the AO has the power to request the Centre to impose restrictions, halt services, or even cancel spectrum allotment for the concerned telecom company.

What types of penalties might telecom companies potentially encounter? 

For violations of conditions outlined in Sections 32 and 34 of the Telecom Act, penalties can vary, ranging from Rs 1 lakh for minor offenses to Rs 1-5 crore for more significant and severe breaches. The Adjudicating Officer (AO) determines the penalty amount by considering factors such as the gravity of the contravention, the number of affected individuals, whether it led to disproportionate gains, and if it was repetitive, negligent, intentional, or caused government revenue losses. Additionally, the AO examines whether the errant telecom company took any measures to mitigate the violation before determining the penalty.

What authority do the AO and DAC hold in the new grievance redressal system?

Both the Adjudicating Officer (AO) and the Designated Appeals Committee (DAC) possess the powers of a civil court, and the adjudication processes conducted by them will be considered judicial proceedings.

Are there mechanisms for voluntary disclosure, and how do they operate?

Telecom companies have the option to proactively disclose a contravention of licence or service terms to the AO before an inquiry begins. They can also provide a voluntary undertaking, detailing the steps already taken or proposed measures to address the contravention within a specified timeframe. If the AO accepts this voluntary undertaking, it will be considered a mitigation measure, and the AO must take it into account when determining the penalty.

https://tccms.trai.gov.in/

https://trai.gov.in/

What to do when police does not take your FIR?

What to do when FIR is not taken by the Police ?

A First Information Report is the first legal document that initiates criminal proceedings. The first information received about the commission of a cognizable offense has to be noted down by a Police Officer. It is called as First Information Report under Section 154 of CRPC.

Cognizable and Non-Cognizable Offences:

Cognizable offences are offences where the police can arrest the accused without any warrant. In such offences, the police can Suo-moto take cognizance of the offence and it does not require any sanction from the court in order to begin the investigation. On the other hand, 

Non-Cognizable offences are those in which police cannot make an arrest without taking prior assent from the court. Schedule I of the Criminal Procedure Code clearly distinguishes which offenses are cognizable and which are not.

According to section 154(1) of the Criminal Procedural Code, an FIR can be filed only in cognizable offenses. Schedule 1 of the Criminal Procedural Code clearly distinguishes Cognizable and Non-Cognizable Offences.

Who can register an FIR?

Anyone who has knowledge of the commission of cognizable offence can request the Police to register an FIR. The Police is under obligation to take down the information narrated by the informant as it is and prepare the First Information Report. The information can be given orally or in written format. Section 154(2) of the Cr.P.C lays down the procedure to be followed while registering an FIR.

What to do if Police Officer refuses to register an FIR?

The police has discretionary power regarding the registration of an FIR. However, this power is not absolute; it is subject to reasonable justifications. Following are steps to be followed if a Police Officer unreasonably denies registering an FIR:

1.   Complaint to Superintendent (SP) or DCP of that Police Officer:

According to section 154(3) of the Cr.P.C if a police officer refuses to register an FIR then a complaint in writing and by post can be sent to the Superintendent or DCP of Police concerned. If the Superintendent or DCP is satisfied that the subordinate police officer is unreasonably denying to register an FIR then the superintendent or DCP shall either investigate the case himself or direct an investigation to be made by any police officer subordinate to him.

2. Complaint to Judicial Magistrate:

If Police machinery doesn’t register FIR then a direct complaint can be given to the Judicial Magistrate. Section 156(3) read with section 190 of the Cr.P.C. provides that an application may be sent to the Judicial Magistrate Jmfc or Metropolitan Magistrate mm seeking a direction to the police to register an FIR.  

Key Essentials of the Complaint to the Hon’ble Court of Magistrate under Section 156(3) of the Code of Criminal Procedure, 1973 covering the topics:- 

1.   Compliance of Section 154(1) CrPC

2.   When Police refuses to take complaint

3.   Complaint under Section 154(3) CrPC

4.   Memo of Parties to the Complaint to the Magistrate

5.   Complaint to the Magistrate under Section 156(3) CrPC

6.   Jurisdiction of the Magistrate

7.   Prayer Clause

8.   Action Taken Report

9.   Application Of Section 156(2) CrPC

10. Compliance of the Ratio of Priyanka Srivastava

11.  Compliance of the Ratio Of Lalit Kumari

12. Cases requiring Preliminary Enquiry 

13. Annexure's of the Complaint

14.  Certificate of Compliance of Section 65B of the Indian Evidence Act, 1872

This would give you fair idea about the Complaint to the Hon’ble Court of Magistrate under Section 156(3) of the Code of Criminal Procedure, 1973.

Case Laws

1. Lalita Kumari v. Govt. of U.P., (2014) 2 SCC 1

2. Priyanka Srivastava v. State of U.P., (2015) 6 SCC 287

Police Closure Report in Cyber Crime cases

Police Closure Reports after investigation in cyber crime cases :

1. Art 21 of the Constitution guarantees fundamental right to life and personal liberty. This article of Constitution has been interpreted by the Judiciary with widest amplitude so as to include several other rights such as right to food and shelter, and other rights and most importantly the right to fair trial which includes the right to fair investigation. In Anbaizhagan’s case, the apex court observed that, ‘if the criminal trial is not free and fair and not free from bias the judicial fairness and the criminal justice system would be at stake, shaking the confidence of the public in the system and woe would be the rule of law’,¹ Trial should be fair to all concerned and ‘denial of fair trial is as much an injustice to the accused as is to the victim and the society.²

2. The right to fair trial includes ‘Fair Investigation’,³ Fair trial and fair

investigation are pre-requisites to get justice which the parties

deserve as per law, and one without the other cannot yield to fair

justice. A victim of a crime is entitled to fair investigation⁴ and if

required the case can be entrusted to a specialized agency like CBI and the courts have enough power to do complete justice to the

parties by giving appropriate directions.

3. The investigating authorities have been empowered to submit a

report to the magistrate that there is no evidence or reasonable grounds or suspicion to justify the forwarding of the accused to the Magistrate and to release the accused from the custody on his executing a bond with or without surety, as the police officer direct, to appear, if and when so required, before a Magistrate empowered to take cognizance of the offence on a police report and to try the accused or commit for trial.⁵ The 41st report of the Indian Law Commission recommended that an accused person must get a fair trial in accordance with the principles of natural justice, efforts must be made to avoid delay in investigation and trial and the procedures should aim at ensuring fair deal to the poorer sections of the society.⁶ The report under Sec 169 Cr Pc is referred to as a ‘closure report’. The Magistrate however, can direct the police to make further investigation. The scope of the power to direct further investigation when the police report states that there is no evidence to proceed further, and really there is no evidence in the case at all, whether it would be an order which can be justified or held valid needs examination.

 

4. In a case where the Director-General of Anti-Corruption Bureau gave an order and a report under Sec 169 Cr Pc and it was a ‘speaking order’ containing reasons that there is absolutely no evidence to prosecute the accused, the direction given by the Magistrate when the case itself does not contain any evidence to proceed further, the direction of the court has to be viewed as bad in law. This view finds support when there is a finding by Lokayukta that there is no material against the accused. As the apex court ruled that a reference is made to the investigating officer or the courts to Section 169 Cr Pc, the same has to be read as a reference to Sec 173 Cr Pc.⁷

5. The power of the court to take cognizance of a case, it is to examine whether there is sufficient ground for taking judicial notice of the offence in order to initiate further proceedings. The apex court examined this issue in Chief Enforcement Officer’s case⁸ and stated thus:-

“The expression ‘cognizance’ has not been defined in the

code. But the word ‘cognizance’ is of indefinite import. It has

no esoteric or mystic significance in criminal law. It merely

means ‘become aware of’ and when used with reference to a

court or a Judge, it connotes ‘to take notice of judicially’. It indicates the point when a court or a Magistrate takes judicial notice of an offence with a view to initiating proceedings in respect of such offences said to have been committed by someone”.

It was further elucidated thus:-⁹

i) Taking cognizance does not involve any formal action of any

kind;

ii) It occurs as soon as the Magistrate applies his mind to the

suspected commission of an offence;

iii) It is prior to the commencement of criminal proceedings;

iv) It is an indispensable requisite for holding a valid trial;

v) Cognizance is taken of an offence and not an offender;

vi) Whether the Magistrate has taken cognizance of an offence or

not depends on the facts and circumstances of each case, as no

universal application rule can be laid down;

vii) Under Sec 190 of Cr Pc, it is the application of the Judicial

mind to the averments in the complaints that constitutes

‘cognizance’;

viii) The Magistrate has to consider whether there is sufficient

ground for proceeding further and not sufficient ground for conviction, as the sufficient ground for conviction can be

considered only at the trial;

ix) If there is sufficient ground for proceedings, then the

Magistrate can issue the process under Sec 204 Cr Pc.¹⁰ The Magistrate has the undoubted discretion, to be judicially exercised in determining whether there is a prime-facie case to take cognizance¹¹ and

x) Despite a report of the police that no case is made out, the Magistrate can reject the report and take cognizance and to order further investigation under Sec 173 (8) Cr Pc.

6. The main object for taking cognizance is to commence proceedings against the accused. At this stage of cognizance, court is concerned with the involvement of the person and not of his innocence. When there is no material to proceed, there is no point in taking cognizance and proceeding further. The prosecution becomes futile exercise when the materials available do not show an offence is committed. The apex court observed thus:-

i) Summoning of an accused in a criminal case is a serious matter. Criminal law cannot be set in motion as a matter of course;¹²

ii) The process of criminal court shall not be permitted to be used as a weapon of harassment. Once it is found that there is no material on record to connect an accused with the crime, there is no meaning in prosecuting him. It would be a sheer waste of public time and money to permit such proceedings to continue against such a person;¹³

iii) Unmerited and undeserved prosecution is an infringement of the guarantee under Art 21 of the Constitution;¹⁴ and

iv) No court can issue a positive direction to an authority to give sanction for prosecution, when there is a police report that no case is made out to prosecute, unless the court finds otherwise.¹⁵ Criminal law should not be used for vexatious prosecution. (In case where sanction is required to prosecute such as for offences under the Prevention of Corruption Act etc.

7. Thus, the fair investigation requires that the police should thoroughly examine the entire evidence to find out whether any prime-facie is made out against the accused. If no case is made out, there should be a closure report under Sec 169 which will be regarded as a report under Sec 173 Cr Pc.

It is again the duty of the Magistrate to find out whether there is any material on record to proceed against the accused. If there is no material to proceed further, there is no point in taking cognizance. In other words, the fair investigation and trials need the protection of an accused from unwanted and vexatious prosecutions to avoid harassment to persons concerned.

References 

1 AIR 2004 SC P.524.

2 Best Bakery Case, for details refer to AIR 2004 SC P.3114.

3 Kalyani Baskar Vs. M.S.Sampoornam, (2007)2 SCC P.259.

4 Nirmal Singh Kahlon’s case, AIR 2006 SC P.1367.

5 See for details Sec 169 of the Criminal Procedure Code, 1973. 

6 See for details report submitted in September, 1969.

7 Sanjay Sinh Ram Rao Chavan Vs. Dattatray Gulab Rao Phalke (2015)3 SCC P.126 at P.133 

8 (2008)3 SCC P.492 at P.499.

9 Ibid, See para 20.

10 The expression Cr PC has been used for the Criminal Procedure Code, 1973 throughout this study. 

11 See for details Nagawwa Vs. Veeranna Shivaligappa Konjaligi (1976)3 SCC P.736.

12 Pepsi Foods Ltd., Vst. Judicial Magistrate (1998)3 SCC P.749 Para 28.

13 State of Karnatak Vs. Muniswamy (1977)2 SCC P.699 At P.803 Para 8.

14 State of Bihar Vs. P.P.Sharma, (1992) Supp (1) SCC P.222 at P.265 Para 60.

15 Mansukhlal Vithaldas Chauhan Vs. State of Gujarath (1997)7 SCC P.622 at P.635 Para 32.

 

Arguments in Court - cyber crime and data protection cases

 Basic structure of legal argument

• (1) If conditions A, B and C are satisfied, then legal consequences X, Y and Z follow. (Major premise: legal rule)

• (2) Conditions A, B and C are satisfied (or not). (Minor Premise: the facts of the case)

• (3) Therefore, legal consequences X, Y and Z do (or do not) follow. (Conclusion: legal judgment in the case).

As I mentioned in part one, the first premise of this argument structure tends to get most of the attention in law schools. The second premise — establishing the actual facts of the case — tends to get rather less attention. This is unfortunate for at least three reasons.

First, in practice, establishing the facts of a case is often the most challenging aspect of a lawyer’s job. Lawyers have to interview clients to get their side of the story. They have to liaise with other potential witnesses to confirm (or disconfirm) this story. Sometimes they will need to elicit expert opinion, examine the locus in quo (scene of the crime/events) and any physical evidence, and so on. This can be a time-consuming and confusing process. What if the witness accounts vary? What if you have two experts with different opinions? Where does the truth lie?

Second, in practice, establishing the facts is often critical to winning a case. In most day-to-day legal disputes, the applicable legal rules are not in issue. The law is relatively clearcut. It’s only at the appeal court level that legal rules tend to be in dispute. Cases get appealed primarily because there is some disagreement over the applicable law. It is rare for appeal courts to reconsider the facts of case. So, in the vast majority of trials, it is establishing the facts that is crucial. Take, for example, a murder trial. The legal rules that govern murder cases are reasonably well-settled: to be guilty of murder one party must cause the death of another and must do this with intent to kill or cause grievous bodily harm. At trial, the critical issue is proving whether the accused party did in fact cause the death of another and whether they had the requisite intent to do so. If the accused accepts that they did, they might try to argue that they have a defence available to them such as self-defence or insanity. If they do, then it will need to be proven that they acted in self defence or met the requirements for legal insanity. It’s all really about the facts.

Third, the legal system has an unusual method of proving facts. This is particularly true in common law, adversarial systems (which is the type of legal system with which I am most familiar). Courts do not employ the best possible method of fact-finding. Instead, they adopt a rule-governed procedure for establishing facts that tries to balance the rights of the parties to the case against both administrative efficiency and the need to know the truth. There is a whole body of law — Evidence Law — dedicated to the arcana of legal proof. It’s both an interesting and perplexing field of inquiry — one that has both intrigued and excited commentators for centuries.

I cannot do justice to all the complexities of proving facts in what follows. Instead, I will offer a brief overview of some of the more important aspects of this process. I’ll start with a description of the key features of the legal method for proving facts. I’ll then discuss an analytical technique that people might find useful when trying to defend or critique the second premise of legal argument. I’ll use the infamous OJ Simpson trial to illustrate this technique. I’ll follow this up with a list of common errors that arise when trying to prove facts in law (the so-called ‘prosecutor’s fallacy’ being the most important). And I’ll conclude by outlining some critiques of the adversarial method of proving facts.

1. Key Features of Legal Proof

As mentioned, the legal method of proving facts is unusual. It’s not like science, or history, or any other field of empirical inquiry. I can think of no better way of highlighting this than to simply list some key features of the system. Some of these are more unusual than others.

Legal fact-finding is primarily retrospective: Lawyers and judges are usually trying to find out what happened in the past in order to figure out whether a legal rule does or does not apply to that past event. Sometimes, they engage in predictive inquiries. For example, policy-based arguments in law are often premised on the predicted consequences of following a certain legal rule. Similarly, some kinds of legal hearing, such as probation hearings or preventive detention hearings, are premised on predictions. Still, for the most part, legal fact-finding is aimed at past events. Did the accused murder the deceased? Did my client really say ‘X’ during the contractual negotiations? And so on.

Legal fact-finding is norm-directed:Lawyers and judges are not trying to find out exactly what happened in the past. Their goal is not to establish what the truth is. Their goal is to determine whether certain conditions — as set down in a particular legal rule — have been satisfied. So the fact-finding mission is always directed by the conditions set down in the relevant legal norm. Sometimes lawyers might engage in a more general form of fact-finding. For instance, if you are not sure whether your client has a good case to make, you might like to engage in a very expansive inquiry into past events to see if something stands out, but for the most part the inquiry is a narrow one, dictated by the conditions in the legal rule. At trial, this narrowness becomes particularly important as you are only allowed to introduce evidence that is relevant,/i> to the case at hand. You can’t go fishing for evidence that might be relevant and you can’t pursue tangential factual issues that are not relevant to the case simply to confuse jurors or judges. You have to stick to proving or disputing the conditions set down in the legal rule.

Legal fact-finding is adversarial (in common law systems): Lawyers defend different sides of a legal dispute. Under professional codes of ethics, they are supposed to do this zealously. Judges and juries listen to their arguments. This can result in a highly polarised and sometimes confusing fact-finding process. Lawyers will look for evidence that supports their side of the case and dismiss evidence that does not. They will call expert witnesses that support their view and not the other side’s. This is justified on the grounds that the truth may emerge when we triangulate from these biased perspectives but, as I will point out later on, this is something for which many commentators critique the adversarial system. There is a different approach in non-adversarial system. For instance, in France judges play a key role in investigating the facts of a case. At trial, they are the ones that question witnesses and elicit testimony. The lawyers take a backseat. Sometimes this is defended on the grounds that it results in a more dispassionate and less biased form of inquiry but this is debatable given the political and social role of such judges, and the fact that everyone has some biases of their own. Indeed, the inquisitorial system may amplify the biases of a single person.

Legal fact-finding is heavily testimony-dependent: Whenever a lawyer is trying to prove a fact at trial, they have to get a witness to testify to this fact. This can include eyewitnesses (people who witnessed the events at issue in the trial) or expert witnesses (people who investigated physical or forensic evidence that is relevant to the case). The dependence on testimony can be hard for people to wrap their heads around. Although physical evidence (e.g. written documents, murder weapons, blood-spattered clothes etc) is often very important in legal fact-finding, you cannot present it by itself. You typically have to get a witness to testify as to the details of that evidence (confirming that it has not been tampered with etc).

Legal Fact-Finding is probabilistic: Nothing is ever certain in life but this is particularly true in law. Lawyers and judges are not looking for irrefutable proof of certain facts. They are, instead, looking for proof that meets a certain standard. In civil (non-criminal trials), facts must be proved ‘on the balance of probabilities’, i.e. they must be more probable than not. In criminal trials, they must be proved ‘beyond reasonable doubt’. What this means, in statistical terms, is unclear. The term ‘reasonable doubt’ is vague. Some people might view it as proving someting is 75% likely to have occurred; others may view it as 90%+. There are some interesting studies on this (LINK). They are not important right now. The important point is that legal proof is probabilistic and so, in order to be rationally warranted, legal fact-finders ought to follow the basic principles of probability theory when conducting their inquiries. This doesn’t mean they have to be numerical and precise in their approach, but simply that they should adopt a mode of reasoning about facts that is consistent with the probability calculus. I’ll discuss this in more detail below.

Legal fact-finding is guided by presumptions and burdens of proof (in an adversarial system): Sometimes certain facts do not have to be proved; they are simply presumed to be true. Some of these presumptions are rebuttable — i.e. evidence can be introduced to suggest that what was presumed to be true is not, in fact, true — sometimes they are not. The best known presumption in law is, of course, the presumption of innocence in criminal law. All criminal defendants are presumed to be innocent at the outset of a trial. It is then up to the prosecution to prove that this presumption is false. This relates to the burden of proof. Ordinarily, it is up to the person bringing the case — the prosecution in a criminal trial or the plaintiff in a civil trial — to prove that the conditions specified by the governing legal rule have been satisfied. Sometimes, the burden of proof shifts to the other side. For instance, if a defendant in a criminal trial alleges that they have a defence to the charge, it can be up to them to prove that this is so, depending on the defence.

Legal fact-finding is constrained by exclusionary rules of evidence:Lawyers cannot introduce any and all evidence that might help them to prove their case. There are rules that exclude certain kinds of evidence. For example, many people have heard of the so-called rule against hearsay evidence. It is a subtle exclusionary rule. One witness cannot testify to the truth of what another person may have said. In other words, they can testify to what they may have heard, but they cannot claim or suggest that what they heard was accurate or true. There are many other kinds of exclusionary rule. In a criminal trial, the prosecution cannot, ordinarily, provide evidence regarding someone’s past criminal convictions (bad character evidence), nor can they produce evidence that was in violation of someone’s legal rights (illegally obtained evidence). Historically, many of these rules were strict. More recently, exceptions have been introduced. For example, in Ireland there used to be a very strict rule against the use of unconstitutionally obtained evidence; more recently this rule has been relaxed (or “clarified”) to allow such evidence if it was obtained inadvertently. In addition to all this, there are many formal rules regarding the procurement and handling of forensic evidence (e.g. DNA, fingerprints and blood samples). If those formal rules are breached, then the evidence may be excluded from trial, even if it is relevant. There is often a good policy-reason for these exclusions.

 

Those are some of the key features of legal fact-finding, at least in common law adversarial systems. Collectively, they mean that defending the second premise of a legal argument can be quite a challenge as you not only have to seek the truth but you have to do so in a constrained and, in some sense, unnatural way.

Cybersecurity search engines

CyberSecurity search engines:

1. Dehashed—View leaked credentials.

2. SecurityTrails—Extensive DNS data.

3. DorkSearch—Really fast Google dorking.

4. ExploitDB—Archive of various exploits.

5. ZoomEye—Gather information about targets.

6. Pulsedive—Search for threat intelligence.

7. GrayHatWarefare—Search public S3 buckets.

8. PolySwarm—Scan files and URLs for threats.

9. Fofa—Search for various threat intelligence.

10. LeakIX—Search publicly indexed information.

11. DNSDumpster—Search for DNS records quickly.

12. ONYPHE—Collects cyber-threat intelligence data.

13. FullHunt—Search and discovery attack surfaces.

14. AlienVault—Extensive threat intelligence feed.

15. Grep App—Search across a half million git repos.

16. URL Scan—Free service to scan and analyse websites.

17. Vulners—Search vulnerabilities in a large database.

18. WayBackMachine—View content from deleted websites.

19. Wigle—Database of wireless networks, with statistics.

20. Netlas—Search and monitor internet connected assets.

21. Binary Edge—Scans the internet for threat intelligence.

22. GreyNoise—Search for devices connected to the internet.

23. Hunter—Search for email addresses belonging to a website.

24. Censys—Assessing attack surface for internet connected devices.

25. IntelligenceX—Search Tor, I2P, data leaks, domains, and emails.

 #cybersecurity #intelligence #cyber #data #content #content #searchengines #searchengines #threatintelligence #policy #law #databreach #lawyer #it #fintech 

When can Police Arrest you in Cyber crime: Explanation with Case Laws

Arrest by Police in cyber crime cases By Adv (Dr.) Prashant Mali

Cyber crime is a reality but personal liberty is a fundamental human right and a cornerstone of the social structure. 

Arrest brings humiliation, curtails freedom and cast scars forever. Its deprivation is a matter of grave concern. 

The law of arrest is one of balancing individual rights, liberties and privileges,on the one hand, and individual duties, obligations and responsibilities on the other.

The police officer can, without an order/warrant from a Magistrate, arrest a person in respect of a cognizable offence punishable with imprisonment exceeding 7 years without mentioning any 'special reasons'.

The problem arises when it comes to arrest of a person who is accused of an offence which is punishable up to 7 years. The Hon’ble Apex Court in Arnesh Kumar v. State of Bihar, (2014) 8 SCC 273 held;

Our endeavour in this judgment is to ensure that the police officers do not arrest the accused unnecessarily and Magistrates do not authorise the detention casually or mechanically.

In Manubhai Ratilal Patel V. State of Gujarat (2013) 1 SCC 314 the Hon’ble Supreme Court observed that remand is a fundamental judicial function of the magistrate and while performing such function, the magistrate has to satisfy himself/herself that there are reasonble grounds to justify the remand of the accused.

Arrest in case of a cognizable offence punishable with imprisonment for more than 7 years.

The police officer can, without a warrant from a Magistrate, arrest a person without mentioning any 'special reasons'.

Arrest or Notice in case of a cognizable offence punishable with imprisonment not exceeding 7 years.

When the accused can be arrested without issuing 41-A Cr.P.C Notice.

When a cognizable offence is committed in the presence of a police officer (Sec.41(1)(a) Cr.P.C)

If the police officer is satisfied that arrest of the accused is necessary to prevent the accused from committing any further offence (Sec. 41(1)(i)(ii)(a) Cr.P.C)

To prevent the accused from tampering with the evidence (Sec.41(1)(i)(ii)(c) Cr.P.C)

To prevent the accused from making any inducement, threat, or promise to the witness (Sec.41(1)(i)(ii)(d) Cr.P.C)

If the police officer is satisfied that unless the accused is arrested, his/her presence cannot be secured. (Sec.41(1) (i)(ii)(e) Cr.P.C)

If the accused is a Proclaimed offender

(Sec. 41(1) proviso (c) Cr.P.C)

When stolen property/contraband found in possession of the accused (Sec.41(1) proviso (d) Cr.P.C)

When the accused obstruct the police officer from discharging his/her duty, or when the accused has escaped or attempts to escape. (Sec.41(1) proviso (e) Cr.P.C)

When it appears that the person is deserter from any of the armed forces. (Sec.41(1) proviso (f) Cr.P.C)

When it is required to issue notice u/s 41-A Cr.P.C.

Where the arrest of the accused is not required as per Sec. 41 Cr.P.C, the police officer shall issue a notice directing the accused to appear before him/her at the place specified in the notice (Sec.41-A (1) Cr.P.C)

Such notice is to be issued to the accused within two weeks from the date of institution of the case. However the same may be extended by the superintendent of the police of the district. (Arnesh Kumar case)

It shall be the duty of the accused to to comply with the terms of notice. (Sec.41-A (2) Cr.P.C)

Arrest even after issuance of notice u/s 41-A Cr.P.C

When arrest is not Justifiable after issuance of notice u/s 41-A Cr.P.C

Where the accused complies and continue to comply with the terms of the notice. (Sec.41-A 93) Cr.P.C)

When arrest is Justifiable after issuance of notice u/s 41-A Cr.P.C

For the reasons to be recorded, the police officer is of the opinion that the arrest of the accused is necessary in the circumstances of the case. (Sec. 41-A (3) Cr.P.C) Where the accused fails to comply with the terms pf the notice. (Sec. 41-A (4) Cr.P.C)

The apprehension of arrest does not completely vanish away on the issuance of the notice u/s 41-A Cr.P.C. (Sri Ramappa @ Ramesh Vs. The state of Karnataka 2021 (4) Kant LJ 696 dt 22.06.2021)

The rejection of anticipatory bail need not result in the arrest of the accused.

(M.C. Abraham Vs. State of Maharashtra ((2003) 2 SCC 649)

Law mandates the police officer to state the facts and shall record the reasons for the arrest of accused in writing by way of a Check-list. The Magistrate while authorizing detention of the accused shall pursue the report and check-list produced by the police officer and only after recording his/her satisfaction, the Magistrate has to authorize detention. (Arnesh Kumar case)

If the Magistrate finds that the arrest of the person was in flagrant violation of the procedure, the Magistrate can even release the arrstee by recourse to Section 59 Cr.P.C. Therefore, it is not as if an arrest becomes a fait accompli however illegal it may be, and the Magistrate mechanically and routinely orders remand.

Cybercrime - Ransomeware as a Service

The cybercriminal economy is a continuously evolving connected ecosystem of many players with different techniques, goals, and skillsets.

Ransomware as a service (RaaS) is a subscription-based model that enables affiliates to use already-developed ransomware tools to execute ransomware attacks. Affiliates earn a percentage of each successful ransom payment.

Ransomware as a Service (RaaS) is an adoption of the Software as a Service (SaaS) business model. RaaS users don't need to be skilled or even experienced, to proficiently use the tool. RaaS solutions, therefore, empower even the most novel hackers to execute highly sophisticated cyberattacks. 

RaaS solutions pay their affiliates very high dividends. The average ransom demand increased by 33% since Q3 2019 to $111,605, with some affiliates earning up to 80% of each ransom payment. The low technical barrier of entry, and prodigious affiliate earning potential, makes RaaS solutions specifically engineered for victim proliferation.

In the same way our traditional economy has shifted toward gig workers for efficiency, criminals are learning that there’s less work and less risk involved by renting or selling their tools for a portion of the profits than performing the attacks themselves. This industrialization of the cybercrime economy has made it easier for attackers to use ready-made penetration testing and other tools to perform their attacks.

Ransomware attacks have become even more impactful in recent years as more ransomware-as-a-service ecosystems have adopted the double extortion monetization strategy. All ransomware is a form of extortion, but now, attackers are not only encrypting data on compromised devices but also exfiltrating it and then posting or threatening to post it publicly to pressure the targets into paying the ransom. Most ransomware attackers opportunistically deploy ransomware to whatever network they get access to, and some even purchase access to networks from other cybercriminals. Some attackers prioritize organizations with higher revenues, while others prefer specific industries for the shock value or type of data they can exfiltrate.

The RaaS affiliate model, which has allowed more criminals, regardless of technical expertise, to deploy ransomware built or managed by someone else, is weakening this link. As ransomware deployment becomes a gig economy, it has become more difficult to link the tradecraft used in a specific attack to the ransomware payload developers.

The dark web is a criminal-infested network, so any leaked information on the platform will give multiple cybercriminal groups free access to your sensitive data and those of your customers. The fear of further exploitation compels many ransomware victims to comply with cybercriminal demands.

To make the ransom payment, victims are instructed to download a dark web browser and pay through a dedicated payment gateway. Most ransomware payments are made with cryptocurrency, usually Bitcoin, due to their untraceable nature. 

Reporting a ransomware incident by assigning it with the payload name gives the impression that a monolithic entity is behind all attacks using the same ransomware payload and that all incidents that use the ransomware share common techniques and infrastructure. However, focusing solely on the ransomware stage obscures many stages of the attack that come before, including actions like data exfiltration and additional persistence mechanisms, as well as the numerous detection and protection opportunities for network defenders.

How to Protect Yourself from Ransomware Attacks

The most effective ransomware attack mitigation strategy is a combination of educating staff, establishing defenses, and continuously monitoring your ecosystem for vulnerabilities.

Here are some suggested defense tactics:

• Monitor all endpoints connection requests and establish validation processes
• Educate staff on how to identify phishing attacks
• Set up DKIM and DMARC to prevent attackers from using your domain for phishing attacks.
• Monitor and remediate all vulnerabilitiesexposing your business to threats
• Monitor the security posture of all your vendors to prevent third-party breaches
• Set up regular data backup sessions
• Do not solely rely on cloud storage, backup your data on external hard drives
• Avoid clicking on questionable links. Phishing scams do not only occur via email, malicious links could lurk on web pages and even Google documents.
• Use antivirus and anti-malware solutions
• Ensure all your devices and software are patched and updated.
• Provide your staff and end-users with comprehensive social engineering training
• Introduce Software Restriction Policies (RSP) to prevent programs from running in common ransomware environments, i.e. the temp folder location
• Apply the Principles of Least Privilege to protect your sensitive data
• Ransomware: Should You Pay the Ransom?

Whether or not you should pay for a ransomware price is a difficult decision to make. If you make a payment, you are trusting that the cybercriminals will deliver on their promise of supplying you with a decryption key.

Cybercriminal operations are inherently immoral, you cannot trust criminals to uphold a fragment of morality and follow through with their promises. In fact, many RaaS affiliates don't waste time providing decryption keys to all paying victims, time is better spent seeking out new paying victims. 

Because a ransom payment never guarantees the decryption of seized data, the FBI strongly discourages paying for ransoms. But companies have paid ransom and I personally know many clients who have budgeted for paying ransoms as it is a impending risk to any business inspite of having good cybersecurity practices. Some of my clients have cyber insurance which covers payment of ransom but frankly speaking. I don’t know the legality of such cyber insurance coverage .

Best Cyber and Privacy Lawyer 2022 awarded to Adv Prashant Mali

Prashant Mali receiving award from Actor Makrand Deshpande 

Advocate Prashant Mali Got Best Cyber and Privacy lawyer of the year by the hands of Makrand Deshpande , other awardees include Mumbai Mayor Kishori Pednekar, ex Mumbai Police Commissioner Hemant Nagrale , VC of University of Mumbai, Hon. Sharad Pawar  n others . Lop Devendra Phadnavis and MP Sanjay Raut were chief guests 

Earlier Lt. Balasaheb Thakre and Lt. Lata Mangeshkar we’re also recipients of the same award. 

#award #cybercrime #privacy #lawyer #law #follow #media #mumbai #cybersecurity #publicpolicy #IamChevening #IVLP #media #news

How A Student Hacked Teachers WhatsApp

How A Student Hacked into Teachers WHATSAPP Account?

A teacher from Kerala noticed that her WhatsApp account was logged out soon after an online class. Knowing this, she lodged a complaint with cyberpolice. Police cracked the case and found out that the culprit was her student, studying in high school, who logged into the teacher’s account.

The technique used by the student was simple. The teacher was using a screen-share app in her phone during the class. So the students were able to see the screen and also the pop-up notification alerts coming into the phone. The ‘culprit’ student then tried to login WhatsApp with teacher’s number in his phone. And the OTP for verification came as pop-up alert in the teacher’s phone which was visible for all the students. Thus the student easily logged in to the account. The teacher did not have two-step verification on the phone and did not have a password.

The account in teacher’s phone got logged out as WhatsApp does not allow simultaneous use on two different devices. After the police cracked the case and found out the culprit is the student, the teacher withdrew the complaint.

PRECAUTIONS to avoid hacking

With some simple steps, one can avoid getting hacked during screen-sharing. Disable the notification alerts when sharing the screen with others.

Also enable two-step verification for WhatsApp login, so that an additional password is required to login to WhatsApp through other devices.

Soon after screen-sharing, make sure that OTPs or verification messages were not received during the time.

Adv (Dr.) Prashant Mali

Cyber & Privacy Lawyer & Author

Why Cybercrime is increased ? Due to Low Cost I feel

 

Why Cybercrime is increased ? Due to Low Cost I feel

You can buy ransomware for as little as $66, or hire a threat actor for $250. And if you look hard enough, you can even get a phishing kit for free on underground forums. Although these illicit methods may not be expensive, the damage they inflict can be substantial.

Phishing has become more popular than ever. Bhagwat Karad, the minister of state for finance reported to Indian parliament, that more than 50,000 (50,242) cases of cyber frauds, banking frauds using internet banking, ATM-Debit and Credit Cards were registered in the first nine months of the current fiscal year, citing RBI data (April-December 2021 period). During the nine-month period, the victims of these frauds lost a total of nearly Rs 167 crore.

According to the FBI’s Internet Crime Complaint Center, the number of phishing complaints more than doubled in 2020 to 241,342 cases compared to the prior year. From there, attacks doubled again as phishing reached a monthly record in Q3 2021, according to a recent report from the Anti-Phishing Working Group (APWG). The total number of incidents (reported & unreported) must be higher. A record 2 million phishing sites were reported in 2020, the most in a decade. This comes as no surprise, as phishing kits are cheap and easy available.

What is a Phishing Kit

Phishing kits are .zip files with all the scripts required to deploy an attack. These kits enable anyone with minimal programming skills to unleash massive ransomware campaigns. In 2019, the average price of a phishing kit was $304, with the prices ranging between $20 and $880. 

Recently, Microsoft discovered a campaign that used 300,000 newly created and unique phishing subdomains in one massive run. Microsoft also identified a phishing-as-a-service organization known as BulletProofLink. It resembled any other software-as-a-service brand, with tiered service levels, email and website templates, hosting, a newsletter and even 10% off your first order.

Meanwhile, even attackers get targeted. Some phish kits have been unlocked and posted for free on dark web forums. 

What is the Cost of a Ransomware Attack

On the other hand, suffering attacks is expensive. According to the IBM Cost of a Data Breach report, in 2021 the average cost of a ransomware attack totaled $4.62 million (not including the ransom, if paid). Compare that to the $66 attackers can pay for a ransomware kit.

Alert

Before you think to become cyber criminal, be aware that the cyberlaw is also catching up. There’s even some evidence that the police can now track and recover funds paid for in cryptocurrency. many cryptocurrency cases in India were detected and cyber expert fraudsters were arrested including ex police officers.Also remember, WHILE CYBERCRIME is largely measured in financial terms it is the psychological trauma that hurts victims the most when they are blamed by their family members or society in general for falling victim to the attack/scam.

The criminal use of cryptocurrency

The criminal use of cryptocurrencies

Cryptocurrencies have been adopted as part of money laundering schemes and are particularly associated with several predicate offences including fraud and drug trafficking. They are also widely used as a means of payment for illegal goods and services offered online and offline.

Money laundering is the main criminal activity associated with the illicit use of cryptocurrencies. The growing popularity and adoption of cryptocurrencies have led to their increasing use in money laundering schemes. Other criminal activities that show an intensive use of cryptocurrencies are related to the use of cryptocurrencies as a payment method for illicit goods and services, fraudulent cryptocurrency investments and cybercrime. In all instances, criminals want to obfuscate the source of the illicit assets with cryptocurrencies. A number of indicators show how criminals involved in frauds strongly rely on the use of cryptocurrencies.

Cryptocurrencies are also the means of payment of choice for criminal commodities and services, such as drugs or child sexual abuse material (CSAM) purchased online. This applies in particular to listings on dark web marketplaces where they are the main means of payment. Different types of malware target cryptocurrencies for theft as well as for the mining of coins in the network of unaware victims. Extortion schemes carried on by cybercriminals make extensive use of cryptocurrencies. Digital services and infrastructure abused for criminal purposes like servers, virtual private networks (VPNs) and hosting services are mostly purchased in cryptocurrency.

Money laundering

Virtually all kinds of criminal profits are laundered using cryptocurrencies. These activities range from the laundering of proceeds already in digital form, such as the payment of ransoms or criminal infrastructures, to a transformation of huge amounts of cash into virtual assets. Examples of cryptocurrency usage in money laundering schemes include the purchase of cryptocurrencies by criminal networks using illicit proceeds and the use of cryptocurrencies to transfer funds.

The use of cryptocurrencies in money laundering schemes has been increasing, and many criminal networks relied on cryptocurrencies as a payment medium during the COVID-19 pandemic.

Money laundering networks specialised in large-scale money laundering

as a service have adopted cryptocurrencies and are offering their services

to other criminal actors. These networks can already rely on established infrastructure such as numerous bank accounts as well as in-depth knowledge of the banking system and use of FinTech.

Money laundering networks provide their services to other criminal networks, which may include the acquisition or trade of cryptocurrencies, the legalisation of criminal assets and the final cash out in the accounts of criminals. Professional money laundering networks are a significant threat and enable other criminal networks to operate. Marketplaces on the dark web advertise money laundering cryptocurrency service providers. They also offer information on how criminals can cash out cryptocurrencies, such as by exchanging Bitcoin for gift vouchers or prepaid debit cards.

Predicate offences

The use of cryptocurrency in money laundering involves the profits of both online and offline criminal activities. They are in fact frequently reported in the context of drug trafficking, fraud and cybercrime.

Cybercrime proceeds

primarily concern funds coming from online frauds, ransomware and dark web marketplaces. The highest volume of illicit transactions is associated with these criminal activities.

Fraud

Fraud is the most frequently identified predicate offence for the illegal use of cryptocurrencies, accounting for more than half of identified criminal transactions.Criminals involved in fraud either make use of professional (crypto) money laundering services or set up their own money laundering schemes.

Criminals involved in investment fraud are particularly adept at using cryptocurrencies to channel illicit proceeds. Cryptocurrency investment fraud schemes have been identified in several EU Member States.

Fraudsters create websites devoted to cryptocurrency investments or advertise lucrative investments and encourage investors to create accounts on online trading platforms. Alternatively, operators from established call- centres offer opportunities requiring small initial investments that end in high profits. The victims have the impression to be able to monitor their investments thanks to internet platforms. However, the whole process is a deception. Brokers try to obtain information about the victims using social engineering techniques, while gaining their trust with simulated trading activities.

On some occasions, fraudsters collect capital to initiate a new profitable cryptocurrency which does not really exist. Pyramid schemes are a frequently used method of attracting investors with promises of high returns. The increase in value promised to investors is just an illusion, and any disbursements to investors are merely funds transferred from investors further down the pyramid. Members are encouraged to bring others into the fold in exchange for a commission.

Drug trafficking

Cryptocurrencies are increasingly used to launder the proceeds of drug trafficking. In recent years, EU law enforcement authorities carried out several investigations into the laundering of drug trafficking proceeds using cryptocurrencies. These large-scale laundering activities normally involve specialised criminal networks that provide professional crypto money laundering services.

Cybercriminals

Cybercriminals make extensive use of cryptocurrencies that consequently have to be laundered, invested or cashed out. Proceeds from cybercrime activities normally do not require a conversion as they are often already in cryptocurrencies. Cybercriminals extensively use obfuscation techniques and services to hinder transactions traceability.

Conclusion 

As I write there seems to be no solution like one tablets suits all. Cryptocurrency as currency for crime is a neat equation and this would remain till cryptocurrencies exist in the world. Do though costly solutions exist to track cryptocurrency used for any type of crime but is not feasible for all police forces across the world . Government now need policies and regulations if crypto is to be governed for at lease law and order purposes .

Adjudication Officer under the IT Act,2000 [ cybercrime court for civil cybercrime matters ] all details

Who is an Adjudication Officer under the IT Act,2000 [ cybercrime court for civil cybercrime matters ] 

Adjudicating officer is generally an IAS officer in the rank of Principal Secratary -Information Technology or an IAS officer who should not be less than the rank of a Director to the Government of India or an equivalent officer of a state government as an adjudicating officer who shall adjudicate whether any person has committed a contravention of any of the provisions of this Act or of any rule, regulation, direction or order and shall hold an inquiry in the manner prescribed by the central government. Further, the adjudicating officer is vested with the power of a civil court to adjudicate any matter before it. Under Section 46 of the IT Act,2000 the power to adjudicate has been specifically enshrined for the purpose of adjudging under this Chapter.

The central government has notified “Scope and Manner of Holding Inquiry” as per the gazette notification for Information technology Rules, 2003 under the short title “Qualification and Experience of Adjudicating Officer and Manner of Holding Enquiry” dated 17th March 2003.

It be noted that the Information Technology Act, 2000 extends to the whole of India and applies to any offence or contravention thereunder outside India by any person (computers should be located in India) .

Chapter IX of the Information Technology Act, 2000, ” deals with penalties and adjudication. This Chapter specifically tackles “cyber contraventions” through unauthorized access to the computer, computer system, or computer network. The term ‘Contravention’ is more of a violation of law or rule of procedure which has damages and compensation as a remedy. Section 43(a-j) or 43A are majorly quoted to get damages by way of compensation to the person who has suffered due to such contravention. In order to seek damages by way of compensation, the affected person approaches the adjudicating officer appointed under Section 46 of the IT Act, 2000. The adjudicating officer has the pecuniary jurisdiction of up to five crore rupees, and any affected person seeking to claim compensation above Rs. 5 Crores has to approach the competent Court (civil court senior division or high Court) for proper redressal. 

Power to adjudicate under Section 46 of IT Act, 2000

Section 46(1) of the IT Act, 2000 states that the central government shall subject to the provisions of sub-section (3): 

•Appoint an adjudicating officer for the purpose of adjudging under Chapter IX whether any person has violated any of the provisions of this Act, rendering him liable to pay penalty or compensation. 

•The adjudicating officer shall have the power to hold an inquiry to adjudge upon the complaints being filed.

Section 46(1A) prescribes that the pecuniary jurisdiction to adjudicate matters wherein the claim for injury or damage does not exceed Rs 5 crores. In case the claim for compensation goes beyond the Rs 5 crores, the jurisdiction shall vest with a competent or higher court i.e. Civil Court Senior Division or High Court with Original Jurisdictions

Further, Section 46(2) states that the adjudicating officer shall give a reasonable opportunity to make representation to the person who has violated any of the provisions of this Act or any rule, regulation, direction, or order made thereunder. And if satisfied after conducting an inquiry that the person so accused has committed the contravention, penalty or award of compensation may be imposed by him as deemed fit in accordance with the provisions of that section.

The essential requisites which are required to be fulfilled so as to be appointed as an adjudicating officer have been laid down under Section 46(3) of the IT Act, which states that in order to be eligible for this post, one must possess qualifications like experience in the field of information technology and legal or judicial experience as may be prescribed by the central government.

Appointment of more than one adjudicating officer has been provided under sub-section (4) of Section 46. It states that where more than one adjudicating officer is appointed, it is for the central government to specify by order the matters and places with respect to which such officers shall exercise jurisdiction.

Lastly, Section 46(5) vests the powers of a civil court on every adjudicating officers which are conferred on the Cyber Appellate Tribunal under sub-section (2) of Section 58 and includes the power to order attachment and sale of property, arrest, and detention of the person who has committed the contravention and appointment of the receiver which increases the enforceability and efficacy of its orders and working.

Scope and manner of holding an inquiry

1. The adjudicating officer shall exercise jurisdiction in respect of the contraventions in relation to Chapter IX of the IT Act,2000

2. To receive a complaint from the complainant on the basis of the location of computer system, computer network as defined in sub-section (2) of Section 75 of IT on a plain paper on a plain paper on the proforma attached to these Rules along with the fee payable which is computed on the basis of damages claimed by way of compensation.

3. To issue notices together with all the documents to all the necessary parties to the proceedings, fixing a date and time for further proceedings.

4. On the date so fixed, the person to whom the notice has been issued about the contravention alleged to have been committed shall be explained by the adjudicating officer about the contravention alleged to have been committed in relation to any of the provisions of this Act.

5. Suppose the person who is alleged to have committed the contravention, pleads guilty. In that case, it shall be recorded by the adjudicating officer, and penalty might be imposed upon him or award such compensation as deemed fit in accordance with the provisions of this Act, rules, regulations, order, or directions made thereunder.

6. Alternatively, on the date fixed, the person who has committed the alleged contravention may show cause as to why an enquiry should not be held in the alleged contraventions or why the report alleging contraventions against him should be dismissed.

7. On the basis of the submissions made, the adjudicating officer shall form an opinion that there is sufficient cause to hold an enquiry or dismiss the matter or may get the matter investigated.

8. If any person or persons fails, neglects, or refuses to appear, or present himself before the adjudicating officer, he shall proceed with the inquiry in the absence of such person or persons after recording the reasons for doing so.

9. The adjudicating officer shall fix a date and time for the production of documents (including electronic records) or evidence.

10. To hear and decide every application, as far as possible, in four months and the whole matter in six months.

11. And if in a case, the adjudicating officer is convinced that the scope of the case extends to the offences under Chapter XI of IT Act (the Cyber Appellate Tribunal) instead of contravention, needing appropriate punishment instead of mere financial penalty, should transfer the case to the magistrate having jurisdiction to try the case, through presiding officer.

Quantum of compensation

While adjudging the quantum of compensation or penalty, the following factors shall be considered by the adjudicating officer:

1. The amount of gain of unfair advantage, wherever quantifiable, made as a result of the default;

2. The amount of loss caused to any person as a result of the default; and

3. The repetitive nature of the default.

Adjudicating officer vested with powers of a civil court

Sub-section (5) of Section 46 states that the Adjudicating Officer has been vested with the same powers as are vested in a civil court under the Code of Civil procedure, 1908 while trying a suit, in respect of the following matters, namely: –

1. Summoning and enforcing the attendance of any person and examining him on oath;

2. Requiring the discovery and production of documents or other electronic records;

3. Receiving evidence on affidavits;

4. Issuing commissions for the examination of witnesses or documents;

5. Reviewing its decisions;

6. Dismissing an application for default or deciding it ex parte; and

7. Any other matter, which may be prescribed.

The adjudicating officer shall deliver a certified copy of the order to the complainant & the respondent.

Appeals

For appeals, the IT Act,2000 (as amended in 2017) the Telecom Dispute Settlement and Appellate Tribunal having the appellate jurisdiction. Section 48 of the IT Act,2000 provides that the central government shall by notification establish one or more appellate tribunals to be known as Telecom Dispute Settlement and Appellate Tribunal. It should be noted that currently TDSAT is only at Delhi in Ashok Hotel. 

As per Section 57 of the IT Act,2000 a person who is aggrieved by the order passed by the controller or an adjudicating officer under this Act may file an appeal before the appellate tribunal having jurisdiction in the matter. It is to be noted that no appeal shall lie to the appellate tribunal from an order passed by the adjudicating officer when it is arrived at with the consent of the parties. The limitation period for filing an appeal from the order of the adjudicating officer is 45 days from the date on which a copy of the order made by the controller or the adjudicating officer is received by the person aggrieved, and it shall be in such form and be accompanied by such fee as may be prescribed. The limitation period of appeal is provided under Section 57(1) of the IT Act,2000. In case the appeal is filed after the expiry of the limitation period, the appellate tribunal may entertain an appeal if it is satisfied that there was sufficient cause.

Quasi-judicial authority

In the Indian National Congress (I) v. Institute of Social Welfare, it was held by the Supreme Court “… where law requires that an authority before arriving at a decision must make an enquiry, such a requirement of law makes the authority a quasi-judicial authority.”

It can be inferred from this observation of the SC that the adjudicating officer under the Act is a quasi-judicial authority as holding an enquiry is required by him before making a decision. The quasi-judicial authority of the adjudicating officer is restricted to the determination of contraventions and impositions of penalties only for Sections 43–45 of the IT Act,2000 only. Further, the scope of quasi-judicial authority of the adjudicating officer if extended beyond the determination of contraventions as provided under Sections 43 to 45 would be conflicting with the legislative intent behind the Act. His quasi-judicial authority covers not only the entire range of computer-related contraventions, but also adjudicating body corporates vis-à-vis any failure to protect data, including sensitive personal data.

What is expected from State Governments ?

The Department of Information Technology of each and every state is required to create a website for the citizens to have direct access to the various redressal mechanisms as provided by the Information Technology Act, 2000 and spread awareness about the working of these mechanisms. It is pertinent to note that as per IT Act Notification No. 240 issued by the Ministry of Communications and Information Technology, the Department of Information Technology of each of the states or of union territories shall provide the infrastructure and maintain the records of the matters handled by the adjudicating officer Functioning in the states/union territories. However, when a person tries to have access to the websites of the information technology of the states, the websites are either found to be not in a working condition or lacks the information which is quintessential for a layman to understand the system of the redressal mechanism set up under the Information Technology Act, 2000.

The adjudicating officers belonging to the State of Maharashtra, Karnataka, Tamil Nadu, Kerala, Madhya Pradesh, Gujarat and Delhi have been the most judicially active in adjudicating the matters before them compared to their counterparts in other States of India, who are struggling. The reason as to why the other states are lagging lies in the very fact that there is a death of cases filed before the adjudicating officers of these States, which is again because the general public isn’t aware of the existence of any such mechanism for seeking compensation under the IT Act, 2000. 

My NOTES TO ADJUDICATION OFFICER

The proceedings before The AO are of summary proceedings in nature 

Section 65B(4) Certificate under Indian Evidence Act is mandatory

Police Report wherever required should be adduced and the respective police officer should be summon during date of the case with his report of investigation

Orders passed should have proper reasoning and appreciation of facts and evidences appreciated during the hearing before The AO

No Jail term / imprisonment can be awarded only damages and compensation

Cases like credit card fraud, Online banking fraud, Data Theft, Data Leak, Phishing Software Source Code Theft, Spreading of Virus, Denial of Service, Unauthorised access (hacking), cases where Banks, Insurance companies or any organisations do not follow IT reasonable security practices such cases may be Adjudicated by the Adjudication Office.