Syllabus: GS-III & V: Cyber Security

Why in the News?

The issue of cybercrime in Assam has surged into the spotlight, emerging as one of the state’s most challenging security threats.Official figures indicate a staggering rise in digital offences, with over 18,315 arrests made since 2014, signaling the deep penetration of criminal elements into the region’s online spaces. The State’s efforts, including a reported 81% decline in cases between 2021 and 2023 due to targeted operations, show a commitment to tackling this ‘new frontier of policing’, which is now closely tied to India’s landmark criminal and data protection law reforms.

 Diverse Landscape of Digital Offences in Assam

Cybercrime in Assam is not monolithic; it encompasses a complex range of activities that target citizens’ finances, identity, and personal safety:

• Financial Frauds: These constitute the most common form, exploiting systemic vulnerabilities. Examples include:
  • ATM skimming (stealing card data at ATM points).
  • KYC-related scams (tricking victims into sharing details to ‘update’ their Know Your Customer information).
  • Phishing schemes (using fraudulent communications to steal sensitive data).
• Identity-Related Crimes: These offences undermine the country’s identification infrastructure, allowing criminals to operate anonymously.
  • The forgery and proliferation of fake documents like Aadhaar cards, PAN cards, Voter IDs, and fake SIM cards are rampant.
  • These forged identities are crucial for opening fraudulent bank accounts, obtaining illegal loans, and facilitating organized criminal activities.
• New Sophisticated Scams: The recent emergence of the “digital arrest” scam shows rising criminal sophistication. In this scheme, impersonators, often posing as law enforcement or central agency officials, coerce victims via video calls into transferring large sums of money to avoid fictitious legal consequences.
• Vulnerability Offences: At the darkest extreme are deeply troubling crimes involving the misuse of technology for generating and distributing obscene images and child pornography, victimizing the most vulnerable populations.

India’s New Legal Arsenal Against Cybercrime

The fight against digital crime has been significantly bolstered by three new landmark legislations that came into effect on July 1, 2024, alongside existing laws:

• The Bharatiya Nyaya Sanhita (BNS), 2023 (replacing the IPC):
  • The BNS explicitly incorporates digital elements into traditional crimes.
  • Section 318 specifically addresses Cheating by Personation using Computer Resource and Section 319 covers Identity Theft in Electronic Form, with penalties extending up to seven years imprisonment.
  • It also covers offences related to the publication and transmission of obscene material (Section 294) and stalking in cyber forms (Section 78).
• The Bharatiya Nagarik Suraksha Sanhita (BNSS), 2023 (replacing the CrPC):
  • The BNSS procedural reforms mandate the electronic filing of First Information Reports (e-FIRs), making it possible for citizens to report cybercrimes without the geographical barriers of a physical police station.
  • It recognises digital evidence as primary evidence, streamlining the investigation process.
• The Bharatiya Sakshya Adhiniyam (BSA), 2023 (replacing the Evidence Act):
  • The BSA formally recognises electronic records and digital forms of evidence, granting them the same legal weight as physical documents.This is crucial for prosecuting cybercrimes where evidence often exists solely in digital formats (e.g., chat logs, email headers).
• The Digital Personal Data Protection (DPDP) Act, 2023:
  • This Act establishes that personal data is a fundamental right of every citizen, operationalizing the Right to Privacy (recognized under Article 21 by the Puttaswamy Judgement).
  • It mandates explicit consent for data collection and imposes stringent security measures on entities (Data Fiduciaries), with penalties of up to ₹250 crore for negligent data breaches.
  • It empowers citizens (Data Principals) with rights like the Right to Access their data, demand Corrections, and invoke the Right to Erasure (the right to be forgotten).
• The Information Technology (IT) Act, 2000: The older IT Act continues to operate, covering specific offences like hacking (Section 66), identity theft (Section 66C), and child pornography (Section 67B).

Challenges for Law Enforcement in Assam

Despite the new legal framework and progress in arrests, Assam’s police force faces systemic challenges unique to the nature of cybercrime:

• Transnational and Ephemeral Nature: Cybercriminals operate across state and international borders, use encrypted communications, and can erase digital evidence quickly, making jurisdiction and apprehension extremely difficult.
• Digital Competence Deficit: There is an acute shortage of personnel trained in digital forensics and advanced investigative techniques. Many rural police stations lack the basic infrastructure, including specialized software and hardware, to effectively register and investigate complex digital complaints.
• Time Sensitivity: Digital trails—bank transactions, IP addresses, server logs—go cold rapidly. The time taken to navigate bureaucratic channels often allows perpetrators to vanish, leading to low recovery rates for stolen funds.
• Under-Reporting: Many victims, especially the elderly, do not report crimes due to shame or the perception that law enforcement lacks the capacity to help, which only emboldens the criminals.

Citizen Awareness and Key Action Points

The most powerful weapon against cybercrime remains digital awareness and citizen action:

• Immediate Reporting: Victims must immediately report the incident via the National Cybercrime Reporting Portal at cybercrime.gov.in or call the helpline 1930.
  • Reporting within the first few hours drastically increases the chance of fund recovery.
• Preservation of Evidence: All evidence, including screenshots, transaction details, and email headers, must be meticulously preserved, as the BSA ensures its validity in court.
• Exercising Data Rights: Citizens must understand their rights under the DPDP Act—to demand transparency on data collection, insist on corrections, and require the deletion of unnecessary personal data.
  • This reduces the attack surface available to criminals.
• Healthy Scepticism: Citizens should maintain a mindset of healthy scepticism: real police never demand money or banking credentials over video calls (as in the “digital arrest” scam), and banks should never ask for PINs or OTPs.

The convergence of strengthened criminal laws, procedural reforms, modern evidence standards, and fundamental data protection rights provides a strong foundation. Assam’s success in this fight now depends on every citizen becoming an informed stakeholder in their own digital safety.

Exam hook: Key Takeaways

• Cybercrime in Assam: A major internal security challenge involving financial fraud, identity theft (fake Aadhaar/SIM), and novel scams like ‘digital arrest’.
• Legal Framework: Strengthened by the BNS (substantive law on digital cheating/ID theft), BNSS (e-FIRs, digital evidence as primary), BSA (admissibility of electronic records), and DPDP Act (Right to Privacy, penalties up to ₹250 crore).
• Citizen Role: Crucial for immediate reporting (1930, cybercrime.gov.in) and exercising data rights (Consent, Correction, Erasure) to reduce vulnerability.

Mains Question:

“The effectiveness of India’s new criminal laws (BNS, BNSS, BSA) and the Digital Personal Data Protection Act against cybercrime hinges on overcoming significant capacity deficits in state policing. Discuss this challenge with specific reference to the North Eastern Region, suggesting structural solutions.”

SOURCE