What the National Crime Records Bureau report does not tell us about cyber crime in India

In July 2015, an Azerbaijani woman emailed the Delhi police complaining an India-based man was blackmailing her and threatening to upload her morphed pictures to pornographic websites. In two months, the man was traced in Haryana’s Kurukshetra town and briefly detained. But the incident did not make it to the Crime in India report for that year. That is because the complaint did not result in a First Information Report, and the annual crime report, published by the National Crime Records Bureau, counts only FIRs and not police complaints.

The Bureau is now seeking to rectify this by collecting data directly from the Crime and Criminal Tracking Network System, the electronic record keeper used by police in all states and Union Territories, and streamlining the process to take into account police complaints, too. Until now, it would send proformas for police departments to fill in.

A senior National Crime Record Bureau official said they plan to start counting police complaints from this year. It will help present a more accurate picture of cyber crime in India, he added.

According to the latest Crime in India report released last month, the country recorded 12,187 cases of cyber crime in 2016, 7.55% more than in the previous year. The highest number of cases was reported in Uttar Pradesh, which has a special task force and district cells to tackle cyber crime, followed by Maharashtra, which has cyber police stations in every police district.

Of the cyber crimes recorded last year, 669 involved insulting the modesty of a woman, 570 blackmail and extortion and 562 sexual exploitation.

Cyber security experts and lawyers, however, said these figures are “severely low” and don’t reflect the actual scale of cyber crime in India. The case of the Azerbaijani woman seems to bear this out.

She had befriended the man on Facebook and, at his convincing, sent him her pictures. The man then threatened to morph the pictures and upload them to porn websites if she did not send him $100 every month. Apparently to show he wasn’t bluffing, the man uploaded a few of the woman’s morphed pictures to Facebook, forcing her to deactivate her account, said an official who was posted with the Delhi police’s Crime Branch when the incident was reported.

The woman paid him for at least six months before complaining to the police. Turned out the man had similarly blackmailed scores of women from several countries, including Afghanistan, Bahrain and the Philippines, the official said, but the Azerbaijanis woman was the only one to have filed a police complaint.

The case was transferred to the Haryana police and they made the accused get down on his knees, hold his ears and apologise to the woman. They recorded a video of the apology and sent it to the woman, and closed the matter. They did not register a case because they thought the involvement of a foreign national would create hassles, the official said.

Lack of awareness

“Cyber crime victims often approach cyber experts instead of the police, or some of them approach police officials in their personal capacity rather than opting for due process,” said Vineet Kumar, a cyber security consultant to the Union Ministry of Women and Child Development.

There are many reasons for this, added Kislay Chaudhari, a cyber security consultant to the central government’s Computer Emergency and Response Team and the Delhi police’s Crime Branch. For one, people just want their problems solved, not realising they have been victims of criminal acts. The Crime Branch, Chaudhary said, has dealt with scores of such matters since 2015 and helped many victims. But in the majority of the cases, mostly of sexual exploitation and blackmail, the complainants did not want to register FIRs. “Their issues were resolved through technical means but no criminal action could be initiated against the perpetrators in these matters,” he added.

Many victims do approach the police, Chaudhary said, only to find they are not sufficiently trained to deal with such matters. Of the cases that are registered, a few are transferred to cyber cells or other dedicated units, but most end up as mere daily diary entries.

In many cases, Kumar said, investigations lead to foreign countries and then get stuck in hassles over bilateral agreements and international treaties. On the rare occasion investigators get access to data servers located abroad it is often too late as data is auto-deleted after a specific period of time depending upon the nature of operations the server is used for.

Advocate Pavan Duggal, a cyber law expert, disagreed. “Bilateral agreements and international treaties can’t be called hassles if investigators make it a point to be prompt and take the right step at the right time,” he said. “The majority of police officials who deal with cyber crime are not trained in the field. Their reluctance to register First Information Reports comes from general lack of confidence about their own ability to investigate such cases.”

Low conviction rate

In 2016, police departments across the country prepared final reports on 5,453 cyber crime cases, most of them pending from previous years. Of these, 4,424 had to be dropped for lack of evidence, 276 were concluded to be false while 513 were put under the category of mistaken facts, the Crime in India report said. The same year, charge sheets were filed in 3,712 cases and trial completed in 743 cases – 201 led to conviction, 542 led to acquittal.

Duggal blamed the low conviction rate on investigators’ lack of training in gathering electronic evidence. The low conviction rate, in turn, dissuades officials from registering cyber crime cases because they want to have “high rates for solving cases” on their performance reports. “Taking into account police complaints pertaining to cyber crime incidents can significantly contribute in their analysis,” he said.