Tuesday, November 2, 2010

Cyber Crimes

The term ‘cyber crime’ is a misnomer. This term has nowhere been defined in any statute /Act passed or enacted by the Indian Parliament. The concept of cyber crime is not radically different from the concept of conventional crime. Both include conduct whether act or omission, which cause breach of rules of law and counterbalanced by the sanction of the state.

Before evaluating the concept of cyber crime it is obvious that the concept of conventional crime be discussed and the points of similarity and deviance between both these forms may be discussed.

CONVENTIONAL CRIME-

Crime is a social and economic phenomenon and is as old as the human society. Crime is a legal concept and has the sanction of the law. Crime or an offence is “a legal wrong that can be followed by criminal proceedings which may result into punishment.”(1) The hallmark of criminality is that, it is breach of the criminal law. Per Lord Atkin “the criminal quality of an act cannot be discovered by reference to any standard but one: is the act prohibited with penal consequences”. (2)

A crime may be said to be any conduct accompanied by act or omission prohibited by law and consequential breach of which is visited by penal consequences.

CYBER CRIME

Cyber crime is the latest and perhaps the most complicated problem in the cyber world. “Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime” (13). “Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime”(12)

A generalized definition of cyber crime may be “ unlawful acts wherein the computer is either a tool or target or both”(3) The computer may be used as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following cases- unauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system.

DISTINCTION BETWEEN CONVENTIONAL AND CYBER CRIME-

There is apparently no distinction between cyber and conventional crime. However on a deep introspection we may say that there exists a fine line of demarcation between the conventional and cyber crime, which is appreciable. The demarcation lies in the involvement of the medium in cases of cyber crime. The sine qua non for cyber crime is that there should be an involvement, at any stage, of the virtual cyber medium.

REASONS FOR CYBER CRIME:
Hart in his work “ The Concept of Law” has said ‘human beings are vulnerable so rule of law is required to protect them’. Applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be:

Capacity to store data in comparatively small space-

The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much more easier.

Easy to access-
The problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system.

3.Complex-

The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.

4.Negligence-

Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system.

5. Loss of evidence-

Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation.

CYBER CRIMINALS:

The cyber criminals constitute of various groups/ category. This division may be justified on the basis of the object that they have in their mind. The following are the category of cyber criminals-

1. Children and adolescents between the age group of 6 – 18 years –

The simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know and explore the things. Other cognate reason may be to prove themselves to be outstanding amongst other children in their group. Further the reasons may be psychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by his friends.

2. Organised hackers-

These kinds of hackers are mostly organised together to fulfil certain objective. The reason may be to fulfil their political bias, fundamentalism, etc. The Pakistanis are said to be one of the best quality hackers in the world. They mainly target the Indian government sites with the purpose to fulfil their political objectives. Further the NASA as well as the Microsoft sites is always under attack by the hackers.

3. Professional hackers / crackers –

Their work is motivated by the colour of money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information. Further they are ven employed to crack the system of the employer basically as a measure to make it safer by detecting the loopholes.

4. Discontented employees-

This group include those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge they normally hack the system of their employee.

MODE AND MANNER OF COMMITING CYBER CRIME:

Unauthorized access to computer systems or networks / Hacking-
This kind of offence is normally referred as hacking in the generic sense. However the framers of the information technology act 2000 have no where used this term so to avoid any confusion we would not interchangeably use the word hacking for ‘unauthorized access’ as the latter has wide connotation.

Theft of information contained in electronic form-
This includes information stored in computer hard disks, removable storage media etc. Theft may be either by appropriating the data physically or by tampering them through the virtual medium.

Email bombing-
This kind of activity refers to sending large numbers of mail to the victim, which may be an individual or a company or even mail servers there by ultimately resulting into crashing.

Data diddling-
This kind of an attack involves altering raw data just before a computer processes it and then changing it back after the processing is completed. The electricity board faced similar problem of data diddling while the department was being computerised.

Salami attacks-
This kind of crime is normally prevalent in the financial institutions or for the purpose of committing financial crimes. An important feature of this type of offence is that the alteration is so small that it would normally go unnoticed. E.g. the Ziegler case wherein a logic bomb was introduced in the bank’s system, which deducted 10 cents from every account and deposited it in a particular account.

Denial of Service attack-
The computer of the victim is flooded with more requests than it can handle which cause it to crash. Distributed Denial of Service (DDoS) attack is also a type of denial of service attack, in which the offenders are wide in number and widespread. E.g. Amazon, Yahoo.

7. Virus / worm attacks-

Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. The losses were accounted to be $ 10 million. The world's most famous worm was the Internet worm let loose on the Internet by Robert Morris sometime in 1988. Almost brought development of Internet to a complete halt.

8. Logic bombs-

These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus).

Trojan attacks-
This term has its origin in the word ‘Trojan horse’. In software field this means an unauthorized programme, which passively gains control over another’s system by representing itself as an authorised programme. The most common form of installing a Trojan is through e-mail. E.g. a Trojan was installed in the computer of a lady film director in the U.S. while chatting. The cyber criminal through the web cam installed in the computer obtained her nude photographs. He further harassed this lady.

Internet time thefts-
Normally in these kinds of thefts the Internet surfing hours of the victim are used up by another person. This is done by gaining access to the login ID and the password. E.g. Colonel Bajwa’s case- the Internet hours were used up by any other person. This was perhaps one of the first reported cases related to cyber crime in India. However this case made the police infamous as to their lack of understanding of the nature of cyber crime.

11. Web jacking-

This term is derived from the term hi jacking. In these kinds of offences the hacker gains access and control over the web site of another. He may even mutilate or change the information on the site. This may be done for fulfilling political objectives or for money. E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed therein. Further the site of Bombay crime branch was also web jacked. Another case of web jacking is that of the ‘gold fish’ case. In this case the site was hacked and the information pertaining to gold fish was changed. Further a ransom of US $ 1 million was demanded as ransom. Thus web jacking is a process where by control over the site of another is made backed by some consideration for it.

CLASSIFICATION:
The subject of cyber crime may be broadly classified under the following three groups. They are-

1. Against Individuals

a. their person &
b. their property of an individual


2. Against Organization

a. Government
c. Firm, Company, Group of Individuals.

3. Against Society at large

The following are the crimes, which can be committed against the followings group

Against Individuals: –


i. Harassment via e-mails.
ii. Cyber-stalking.
iii. Dissemination of obscene material.
iv. Defamation.
v. Unauthorized control/access over computer system.
vi. Indecent exposure
vii. Email spoofing
viii. Cheating & Fraud



Against Individual Property: -


i. Computer vandalism.
ii. Transmitting virus.
iii. Netrespass
iv. Unauthorized control/access over computer system.
v. Intellectual Property crimes
vi. Internet time thefts



Against Organization: -

i. Unauthorized control/access over computer system
ii. Possession of unauthorized information.
iii. Cyber terrorism against the government organization.
iv. Distribution of pirated software etc.



Against Society at large: -


i. Pornography (basically child pornography).
ii. Polluting the youth through indecent exposure.
iii. Trafficking
iv. Financial crimes
v.Sale of illegal articles
vi.Online gambling
vii. Forgery

The above mentioned offences may discussed in brief as follows:

1. Harassment via e-mails-

Harassment through e-mails is not a new concept. It is very similar to harassing through letters. Recently I had received a mail from a lady wherein she complained about the same. Her former boy friend was sending her mails constantly sometimes emotionally blackmailing her and also threatening her. This is a very common type of harassment via e-mails.

2. Cyber-stalking-

The Oxford dictionary defines stalking as "pursuing stealthily". Cyber stalking involves following a person's movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.

3. Dissemination of obscene material/ Indecent exposure/ Pornography (basically child pornography) / Polluting through indecent exposure-

Pornography on the net may take various forms. It may include the hosting of web site containing these prohibited materials. Use of computers for producing these obscene materials. Downloading through the Internet, obscene materials. These obscene matters may cause harm to the mind of the adolescent and tend to deprave or corrupt their mind. Two known cases of pornography are the Delhi Bal Bharati case and the Bombay case wherein two Swiss couple used to force the slum children for obscene photographs. The Mumbai police later arrested them.

4. Defamation

It is an act of imputing any person with intent to lower the person in the estimation of the right-thinking members of society generally or to cause him to be shunned or avoided or to expose him to hatred, contempt or ridicule. Cyber defamation is not different from conventional defamation except the involvement of a virtual medium. E.g. the mail account of Rohit was hacked and some mails were sent from his account to some of his batch mates regarding his affair with a girl with intent to defame him.

4. Unauthorized control/access over computer system-

This activity is commonly referred to as hacking. The Indian law has however given a different connotation to the term hacking, so we will not use the term "unauthorized access" interchangeably with the term "hacking" to prevent confusion as the term used in the Act of 2000 is much wider than hacking.

5. E mail spoofing-

A spoofed e-mail may be said to be one, which misrepresents its origin. It shows it's origin to be different from which actually it originates. Recently spoofed mails were sent on the name of Mr. Na.Vijayashankar (naavi.org), which contained virus.

Rajesh Manyar, a graduate student at Purdue University in Indiana, was arrested for threatening to detonate a nuclear device in the college campus. The alleged e- mail was sent from the account of another student to the vice president for student services. However the mail was traced to be sent from the account of Rajesh Manyar.(15)

6. Computer vandalism-

Vandalism means deliberately destroying or damaging property of another. Thus computer vandalism may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral attached to the computer or by physically damaging a computer or its peripherals.

7. Transmitting virus/worms-

This topic has been adequately dealt herein above.

8. Intellectual Property crimes / Distribution of pirated software-

Intellectual property consists of a bundle of rights. Any unlawful act by which the owner is deprived completely or partially of his rights is an offence. The common form of IPR violation may be said to be software piracy, copyright infringement, trademark and service mark violation, theft of computer source code, etc.

The Hyderabad Court has in a land mark judgement has convicted three people and sentenced them to six months imprisonment and fine of 50,000 each for unauthorized copying and sell of pirated software. (16)

9. Cyber terrorism against the government organization

At this juncture a necessity may be felt that what is the need to distinguish between cyber terrorism and cyber crime. Both are criminal acts. However there is a compelling need to distinguish between both these crimes. A cyber crime is generally a domestic issue, which may have international consequences, however cyber terrorism is a global concern, which has domestic as well as international consequences. The common form of these terrorist attacks on the Internet is by distributed denial of service attacks, hate websites and hate emails, attacks on sensitive computer networks, etc. Technology savvy terrorists are using 512-bit encryption, which is next to impossible to decrypt. The recent example may be cited of – Osama Bin Laden, the LTTE, attack on America’s army deployment system during Iraq war.

Cyber terrorism may be defined to be “ the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives” (4)

Another definition may be attempted to cover within its ambit every act of cyber terrorism.

A terrorist means a person who indulges in wanton killing of persons or in violence or in disruption of services or means of communications essential to the community or in damaging property with the view to –

(1) putting the public or any section of the public in fear; or

(2) affecting adversely the harmony between different religious, racial, language or regional groups or castes or communities; or

(3) coercing or overawing the government established by law; or

(4) endangering the sovereignty and integrity of the nation

and a cyber terrorist is the person who uses the computer system as a means or ends to achieve the above objectives. Every act done in pursuance thereof is an act of cyber terrorism.

10.Trafficking

Trafficking may assume different forms. It may be trafficking in drugs, human beings, arms weapons etc. These forms of trafficking are going unchecked because they are carried on under pseudonyms. A racket was busted in Chennai where drugs were being sold under the pseudonym of honey.

Fraud & Cheating
Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyber space. It may assume different forms. Some of the cases of online fraud and cheating that have come to light are those pertaining to credit card crimes, contractual crimes, offering jobs, etc.

Recently the Court of Metropolitan Magistrate Delhi (17) found guilty a 24-year-old engineer working in a call centre, of fraudulently gaining the details of Campa's credit card and bought a television and a cordless phone from Sony website. Metropolitan magistrate Gulshan Kumar convicted Azim for cheating under IPC, but did not send him to jail. Instead, Azim was asked to furnish a personal bond of Rs 20,000, and was released on a year's probation.

STATUTORY PROVISONS:

The Indian parliament considered it necessary to give effect to the resolution by which the General Assembly adopted Model Law on Electronic Commerce adopted by the United Nations Commission on Trade Law. As a consequence of which the Information Technology Act 2000 was passed and enforced on 17th May 2000.the preamble of this Act states its objective to legalise e-commerce and further amend the Indian Penal Code 1860, the Indian Evidence Act 1872, the Banker’s Book Evidence Act1891 and the Reserve Bank of India Act 1934. The basic purpose to incorporate the changes in these Acts is to make them compatible with the Act of 2000. So that they may regulate and control the affairs of the cyber world in an effective manner.

The Information Technology Act deals with the various cyber crimes in chapters IX & XI. The important sections are Ss. 43,65,66,67. Section 43 in particular deals with the unauthorised access, unauthorised downloading, virus attacks or any contaminant, causes damage, disruption, denial of access, interference with the service availed by a person. This section provide for a fine up to Rs. 1 Crore by way of remedy. Section 65 deals with ‘tampering with computer source documents’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Section 66 deals with ‘hacking with computer system’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Further section 67 deals with publication of obscene material and provides for imprisonment up to a term of 10 years and also with fine up to Rs. 2 lakhs. (14)

ANALYSIS OF THE STATUTORY PROVISONS:

The Information Technology Act 2000 was undoubtedly a welcome step at a time when there was no legislation on this specialised field. The Act has however during its application has proved to be inadequate to a certain extent. The various loopholes in the Act are-

1. The hurry in which the legislation was passed, without sufficient public debate, did not really serve the desired purpose (6)-

Experts are of the opinion that one of the reasons for the inadequacy of the legislation has been the hurry in which it was passed by the parliament and it is also a fact that sufficient time was not given for public debate.

2. “Cyberlaws, in their very preamble and aim, state that they are targeted at aiding e-commerce, and are not meant to regulate cybercrime”(6) –

Mr. Pavan Duggal holds the opinion that the main intention of the legislators has been to provide for a law to regulate the e-commerce and with that aim the I.T.Act 2000 was passed, which also is one of the reasons for its inadequacy to deal with cases of cyber crime.

At this point I would like to express my respectful dissent with Mr. Duggal. I feel that the above statement by Mr. Duggal is not fundamentally correct. The reason being that the preamble does state that the Act aims at legalising e-commerce. However it does not stop here. It further amends the I.P.C., Evidence Act, Banker’s Book Evidence and RBI Act also. The Act also aims to deal with all matters connected therewith or incidental thereto. It is a cardinal rule of interpretation that “text should be read as a whole to gather the meaning”. It seems that the above statement has been made in total disregard of this rule of interpretation. The preamble, if read as a whole, makes it very clear that the Act equally aims at legalising e-commerce and to curb any offences arising there from.

3.Cyber torts-

The recent cases including Cyber stalking cyber harassment, cyber nuisance, and cyber defamation have shown that the I.T.Act 2000 has not dealt with those offences. Further it is also contended that in future new forms of cyber crime will emerge which even need to be taken care of. Therefore India should sign the cyber crime convention. However the I.T.Act 2000 read with the Penal Code is capable of dealing with these felonies.

4.Cyber crime in the Act is neither comprehensive nor exhaustive-

Mr. Duggal believes that we need dedicated legislation on cyber crime that can supplement the Indian Penal Code. The contemporary view is held by Mr. Prathamesh Popat who has stated- "The IT Act, 2000 is not comprehensive enough and doesn't even define the term 'cyber crime". (8) Mr. Duggal has further commented, “India, as a nation, has to cope with an urgent need to regulate and punish those committing cyber crimes, but with no specific provisions to do so. Supporters of the Indian Penal Code School vehemently argue that IPC has stood the test of time and that it is not necessary to incorporate any special laws on cyber crime. This is because it is debated by them that the IPC alone is sufficient for all kinds of crime. However, in practical terms, the argument does not have appropriate backing. It has to be distinctly understood that cyber crime and cyberspace are completely new whelms, where numerous new possibilities and opportunities emerge by the day in the form of new kinds of crimes.”(6)

I feel that a new legislation on cyber crime is totally unwarranted. The reason is that the new legislation not come alone but will bring with it the same confusion, the same dissatisfaction and the same desire to supplant it by further new legislation. Mr. Duggal has stated above the need to supplement IPC by a new legislation. If that is the issue then the present legislation along with the Penal Code when read harmoniously and co- jointly is sufficient to deal with the present problems of cyber crime. Further there are other legislations to deal with the intellectual property crimes on the cyber space such as the Patents Act, Copy Right Act, Trade Marks Act.

5.Ambiguity in the definitions-

The definition of hacking provided in section 66 of the Act is very wide and capable of misapplication. There is every possibility of this section being misapplied and in fact the Delhi court has misapplied it. The infamous go2nextjob has made it very clear that what may be the fate of a person who is booked under section 66 or the constant threat under which the netizens are till s. 66 exists in its present form.

Further section 67 is also vague to certain extent. It is difficult to define the term lascivious information or obscene pornographic informa­tion. Further our inability to deal with the cases of cyber pornography has been proved by the Bal Bharati case.

6. Uniform law-

Mr. Vinod Kumar (9) holds the opinion that the need of the hour is a worldwide uniform cyber law to combat cyber crime. Cyber crime is a global phenomenon and therefore the initiative to fight it should come from the same level. E.g. the author of the love bug virus was appreciated by his countrymen.

7.Lack of awareness-

One important reason that the Act of 2000 is not achieving complete success is the lack of awareness among the s about their rights. Further most of the cases are going unreported. If the people are vigilant about their rights the law definitely protects their right. E.g. the Delhi high court in October 2002 prevented a person from selling Microsoft pirated software over an auction site. Achievement was also made in the case before the court of metropolitan magistrate Delhi wherein a person was convicted for online cheating by buying Sony products using a stolen credit card. (17)

8. Jurisdiction issues-

Jurisdiction is also one of the debatable issues in the cases of cyber crime due to the very universal nature of cyber space. With the ever-growing arms of cyber space the territorial concept seems to vanish. New methods of dispute resolution should give way to the conventional methods. The Act of 2000 is very silent on these issues.

9. Extra territorial application-

Though S.75 provides for extra-territorial operations of this law, but they could be meaningful only when backed with provisions recognizing orders and warrants for Information issued by competent authorities outside their jurisdiction and measure for cooperation for exchange of material and evidence of computer crimes between law enforcement agencies.

10. Raising a cyber army-

By using the word ‘cyber army’ by no means I want to convey the idea of virtual army, rather I am laying emphasis on the need for a well equipped task force to deal with the new trends of hi tech crime. The government has taken a leap in this direction by constituting cyber crime cells in all metropolitan and other important cities. Further the establishment of the Cyber Crime Investigation Cell (CCIC) of the Central Bureau of Investigation (CBI) 11) is definitely a welcome step in this direction. There are man cases in which the C.B.I has achieved success. The present position of cases of cyber crime (17) is –

Case 1: When a woman at an MNC started receiving obscene calls, CBI found her colleague had posted her personal details on Mumbaidating.com.

Status: Probe on

Case 2: CBI arrested a man from UP, Mohammed Feroz, who placed ads offering jobs in Germany. He talked to applicants via e-mail and asked them to deposit money in his bank account in Delhi.

Status: Chargesheet not filed

Case 3: The official web-site of the Central Board of Direct Taxes was hacked last year. As Pakistan-based hackers were responsible, authorities there were informed through Interpol.

Status: Pak not cooperating.

11. Cyber savvy bench-

Cyber savvy judges are the need of the day. Judiciary plays a vital role in shaping the enactment according to the order of the day. One such stage, which needs appreciation, is the P.I.L., which the Kerela High Court has accepted through an email. The role of the judges in today’s word may be gathered by the statement- judges carve ‘law is’ to ‘law ought to be’. Mr T.K.Vishwanathan, member secretary, Law Commission , has highlighted the requirements for introducing e-courts in India. In his article published in The Hindu he has stated “if there is one area of Governance where IT can make a huge difference to Indian public is in the Judicial System”.

12. Dynamic form of cyber crime-

Speaking on the dynamic nature of cyber crime FBI Director Louis Freeh has said, "In short, even though we have markedly improved our capabilities to fight cyber intrusions the problem is growing even faster and we are falling further behind.” The (de)creativity of human mind cannot be checked by any law. Thus the only way out is the liberal construction while applying the statutory provisions to cyber crime cases.

13. Hesitation to report offences-

As stated above one of the fatal drawbacks of the Act has been the cases going unreported. One obvious reason is the non-cooperative police force. This was proved by the Delhi time theft case. "The police are a powerful force today which can play an instrumental role in preventing cybercrime. At the same time, it can also end up wielding the rod and harassing innocent s, preventing them from going about their normal cyber business."(10) This attitude of the administration is also revelled by incident that took place at Merrut and Belgam. (for the facts of these incidents refer to naavi.com). For complete realisation of the provisions of this Act a cooperative police force is require.

PREVENTION OF CYBER CRIME:

Prevention is always better than cure. It is always better to take certain precaution while operating the net. A should make them his part of cyber life. Saileshkumar Zarkar, technical advisor and network security consultant to the Mumbai Police Cyber crime Cell, advocates the 5P mantra for online security: Precaution, Prevention, Protection, Preservation and Perseverance. A netizen should keep in mind the following things-

1.to prevent cyber stalking avoid disclosing any information pertaining to oneself. This is as good as disclosing your identity to strangers in public place.

2.always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs.

3.always use latest and up date anti virus software to guard against virus attacks.

4.always keep back up volumes so that one may not suffer data loss in case of virus contamination

5.never send your credit card number to any site that is not secured, to guard against frauds.

6.always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children.

7.it is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal.

8.web site owners should watch traffic and check any irregularity on the site. Putting host-based intrusion detection devices on servers may do this.

9.use of firewalls may be beneficial.

10. web servers running public sites must be physically separate protected from internal corporate network.

Adjudication of a Cyber Crime - On the directions of the Bombay High Court the Central Government has by a notification dated 25.03.03 has decided that the Secretary to the Information Technology Department in each state by designation would be appointed as the AO for each state.

CONCLUSION:

Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime. I would conclude with a word of caution for the pro-legislation school that it should be kept in mind that the provisions of the cyber law are not made so stringent that it may retard the growth of the industry and prove to be counter-productive.

REFERENCES:

1. Granville Williams

2. Proprietary Articles Trade Association v. A.G.for Canada (1932)

3. Nagpal R. – What is Cyber Crime?

4. Nagpal R- Defining Cyber Terrorism

5. Duggal Pawan – The Internet: Legal Dimensions

6. Duggal Pawan - Is this Treaty a Treat?

7. Duggal Pawan - Cybercrime

8. Kapoor G.V. - Byte by Byte

9. Kumar Vinod – Winning the Battle against Cyber Crime

10. Mehta Dewang- Role of Police In Tackling Internet Crimes


11. For the sake of convenience the readers are requested to read sections 43, 65, 66,67 of the Information Technology Act.

12. Sify News 14.03.03

13. Deccan Herald 16.03.03

14. Hindustan Times 03.03.03

Monday, October 18, 2010

Practical Guide to Alternative Data Streams in NTFS

Alternative Data Stream support was added to NTFS (Windows NT, Windows 2000 and Windows XP) to help support Macintosh Hierarchical File System (HFS) which uses resource forks to store icons and other information for a file. While this is the intended use (as well as a few Windows internal functions) there or other uses for Alternative Data Streams that should concern system administrators and security professionals. Using Alternative Data Streams a user can easily hide files that can go undetected unless closely inspection. This tutorial will give basic information on how to manipulate and detect Alternative Data Streams.

(Note about conventions: Alternative Data Streams are also sometimes referred to as Alternate Data Streams or ADS. Since Alternative Data Streams is so long, an ADS can be confused with Active Directory Services I will simple call this feature AltDS for short.)

Creating an AltDS

Making an AltDS is fairly simple. I will use command line examples, feel free to follow along. We could hide some data in an AltDS behind an already existing file, but for this example we will create a new base file to hide behind:


C:>echo Just a plan text file>sample.txt

C:>type sample.txt
Just a plan text file

C:>



Next we will use a colon as the operator to tell our commands to create or use an AltDS:


C:>echo You can't see me>sample.txt:secret.txt


Unfortunately, the use of the colon operator is a bit hit or miss in its' implementation and some times does not work as we might expect as seen below:


C:>type sample.txt:secret.txt
The filename, directory name, or volume label syntax is incorrect.


Since the "type" command does not understand the colon operator we will have to use notepad to read the file:


C:>notepad sample.txt:secret.txt


If all worked well, you should not see a notepad window with the text "You can't see me" in it. Also notice that while the amount of total hard drive space free went down the file size of sample.txt did not increase:


C:>dir sample.txt
Volume in drive C has no label.
Volume Serial Number is 40CC-B506

Directory of C:

09/27/2004 01:58 PM 23 sample.txt
1 File(s) 23 bytes
0 Dir(s) 12,658,040,832 bytes free

C:>


You can make an AltDS in not only files, but also directories, here is a quick example:


C:>md stuff

C:>cd stuff

C:stuff>echo Hide stuff in stuff>:hide.txt

C:stuff>dir
Volume in drive C has no label.
Volume Serial Number is 40CC-B506

Directory of C:stuff

09/28/2004 10:19 AM

.
09/28/2004 10:19 AM ..
0 File(s) 0 bytes
2 Dir(s) 12,253,208,576 bytes free

C:stuff>notepad :hide.txt


Hopefully you now see a notepad window with hide.txt's contents. If all one could do with AltDS was hide text files it would not be that impressive, but there's much more that can be done with this useful NTFS feature.

Hiding and running an executable.

As it turns out, using AltDS to hide executables is not much harder than it is to hide text files. AltDS makes for a great way for malware to hide itself on a system. Here's an example of how and executable can be hidden behind another file:

First we make our file to hide behind:


C:WINDOWS>echo Test>test.txt


Next we put an EXE behind is, I'm just using notepad.exe because it's convenient:


C:WINDOWS>type notepad.exe>test.txt:note.exe


Next we confirm the contents of the text file when some one tries to open it.


C:WINDOWS>type test.txt
Test


Now we will confirm the file size, notice that adding notepad.exe as a steam did not increase the size of test.txt.


C:WINDOWS>dir test.txt
Volume in drive C has no label.
Volume Serial Number is 007E-2E3C

Directory of C:WINDOWS

09/19/2004 08:37 AM 6 test.txt
1 File(s) 6 bytes
0 Dir(s) 19,734,708,224 bytes free


Now we will attempt to run our hidden exe. Notice the "." in front of the file name, this is necessary because the "start" command needs to know the correct path to the file (at least if you are using XP).


C:WINDOWS>start .test.txt:note.exe

C:WINDOWS>


If all worked well there should now be a notepad window up on your system. You should be able to hide just about any other EXE file this way if you wish.

Batch Programming Basics

The Basic's of Batch file programming. Explains you what batch file programming is and hot to create batch files.
  • The Basics of Batch File Programming


Batch file programming is nothing but a batch of DOS ( Disk Operating System ) commands, hence the name Batch. If you code a lot and know many languages you are sure to notice that Operating System ( OS )specific langauges ( languages that work only on a particular operating system, eg: Visual Basic Scripting works only in Windows ) give you amazing control over the system. This is why Batch is so powerfull, it gives you absolute control over DOS. Batch isnt reccomended at all because it is OS specific, but it is fun and easy to learn. This tutorial will not only teach you Batch file programming but also how to fend for yourself and learn more commands that tutorials dont teach you.


The first command you should know is ECHO. All ECHO does is simply print something onto the screen. It's like "printf" in C or "PRINT" in Basic. Anyway, this is how we use it.

ECHO Hello World!

All right, now save the above line as a .bat file and double click it. This should be the output -

C:WINDOWSDesktop>ECHO Hello World!
Hello World!

Hmmm, notice that it shows the command before executing it. But we're coders right? We dont want our code to look so untidy so just add an @ sign before ECHO and execute it. Woohoo! much better. The @ sign tells DOS to hide from the user whatever commands it is executing. Now, what if I want to write to a file? This is how I do it -

@ECHO Hello World > hello.txt

Simple huh? Remember, ">" to create or overwrite a file and ">>" to append ( write at the end ) of a file that already exists. Guess why this program wont work as desired to -

@ECHO Hello World > hello.txt
@ECHO Hello World Again > hello.txt

Looking at it, you will see that the program is supposed to write two lines one after another but it wont work because in the first line it will create a file called hello.txt and write the words "Hello World" to it, and in the second line it just over-writes the earlier text. So actually what it is doing is that it creates a file and writes to it and then over-writes what it had earlier written, to change this we just add a ">". The additional ">" will make DOS append to the file. So here's the improved form of the program -

@ECHO Hello World > hello.txt
@ECHO Hello World Again >> hello.txt

Save the above code as a .bat file and execute it, it will work without a hitch. The next thing we should learn is the GOTO statement. GOTO is just the same as it is in BASIC or for that fact any programming langauge but the only difference is between the labels.

This is a label in C or BASIC - label:

This is a label in batch - :label

In C or BASIC, the ":" comes after the label and in Batch it comes before the label. Bear this in mind as you proceed. Here's an example of the GOTO statement -

:labelone
@ECHO LoL
GOTO labelone

If you execute this code, you will see that it is an unlimited loop; it will keep printing to the screen till the end of time if you dont interupt it Smile The GOTO statement is very usefull when it comes to building big Batch programs. Now, we will learn the IF and EXIST commands. The IF command is usually used for checking if a file exists, like this -

@IF EXIST C:WINDOWSEXPLORER.EXE ECHO It exists

Observe that I have not used inverted commas ( " ) as I would in BASIC or C. The EXIST command is only found in Batch and not in any other language. The EXIST command can also be used to check if a file does not exist, like this -

@IF NOT EXIST C:WINDOWSEXPLORER.EXE ECHO It does not exist

Remember, Batch is not a language like C or BASIC or Pascal, it cannot do mathematical functions. In Batch, all you can do is control DOS. In the above example notice that there is no THEN command as there would be in most languages.
Sick and tired off using the @ sign before each and every command ? Let's do some research, go to the DOS prompt and type in ECHO /? and press enter. Interesting, in this way, when you hear of a new DOS command you dont know about, just type in "command /?" and you can get help on it. Now back to ECHO. According to the help we received by typing in ECHO /? you must have concluded if you type in ECHO OFF you no longer need to type an @ sign before every command.
Wait! just add an @ before ECHO OFF so that it does not display the message - ECHO is off.

The next command we are going to learn about is the CLS command. It stands for CLear Screen. If you know BASIC, you will have no problem understanding this command. All it does is clear the screen. Here's an example -

@ECHO OFF
CLS
ECHO This is DOS

This command need's no further explanation but type in CLS /? to get more help on the command.

The next command we are going to learn is CD. It stands for Current Directory. It displays the current directory in which you are if you just type in "CD" but if you type in"CD C:WindowsDesktop" it will take you to the Desktop. Here's an example -

@ECHO OFF
CD C:WindowsDesktop
ECHO Testing.. > test.txt
ECHO Testing...>>test.txt

This will change the directory to the Desktop and create a file there called test.txt and write to it. If we had not used the CD command, this is how the program would have looked.

@ECHO OFF
ECHO Testing.. > C:WindowsDesktoptest.txt
ECHO Testing...>> C:WindowsDesktoptest.txt

See the difference? Anyway that's all for the The Basics of Batch File Programming. Remember, each an every DOS command can be used in Batch.

Unthinkable Hacking Techniques !!!

Hi Guys !
I am writing this article for those who use pirated soft wares. Because this is the time to stop using pirated soft wares. You can't even imagine what your loss can be if you are using your PC for professional purposes.

  • Usually we download soft wares from various forums/boards which provides cracks or keygens. These keygens are not only keygens but most of the time small server programs (hack tool) which transfers your sensitive data over internet to someone. If you are using Windows Firewall , it is quite easy to bypass the windows firewall. you wont be able to know that your data is being sent over the internet. and Same thing goes for the CRACKS also. Spreading trojans is quite easy by providing game cracks or some full screen applications. Because user won't be able to know what is going on behind the full-screen. So beware of using cracks and keygens. Your anti-virus may or may not detect such malware. Now a days viruses are created more rapidly than detected.

  • Another MOST DANGEROUS HACKING TECHNIQUE is quite undetectable. You know what are you type in browser's address bar is resolved by your ISP's Domain Name Servers. What if your request goes to a hackers's machine first and then goes to ISP. Yes, this is possible a simple VBSCRIPT or WSH Script can do the trick. you won't be able to know that you are being watched or you are being traced. No firewall or no anti-hacking tool will help you. Usually such scripts might be available as registration scripts for some kind of software s.

  • Now About Windows XP users, this operating system's services are available through internet which can be very dangerous. Do you that by default you are all drives are ready to share data over network. Another thing is TERMINAL SERVICES which allows multiple users on a single machine. It means if you are working on your machine, if someone can log in to your machine remotely and you won't be alerted.

  • If you are downloading Operating Systems from Internet. Then take care that you download from trusted sources only. Cause it is very easy to embed some tracking code into your OS Images which can not be detected later on by any security software.

  • If you are using LINUX Operating Systems, it is highly recommended that you use the soft-wares from trusted sources only otherwise you can be hacked or can cause damage to your machine.

  • Another good hacking tool is sniffer which is used by network administrator. It scans the network traffic and can filter sensitive information like passwords, credit card numbers etc. So if you are using credit cards at cafes so beware. you can be victim.

How to hide your hard drive?

Here is an easy manual method on how to lock and hide hard-drives.

Follow these steps below:

1. Open Registry[Administrator Account only] (go to run command, type "regedit" and press enter)

2. Then go to this key

Code:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

3. Now click right button and create DWORD Value (blue color)

4. Rename it as "NoViewOnDrive" (for locking drive)

or

Rename it as "NoDrives" (for Hiding drive)

5. Double click it and put some numbers to lock ur desired Drive and click ok.

6. Here is Drive No.

A: 1

C: 4

D: 8

E: 16

F: 32

G: 64

H: 128

7. Finally restart or log-off the computer to take effect.

Friday, May 7, 2010

Human Right Act 1993

An Act to provide for the constitution of a National Human Rights Commission. State Human Rights Commission in States and Human Rights Courts for better protection of Human Rights and for matters connected therewith or incidental thereto.

Be it enacted by the parliament in the forty-fourth year of the Republic of India as follows-

Chapter IPRELIMINARY
Chapter IITHE NATIONAL HUMAN RIGHTS COMMISSION
Chapter IIIFUNCTIONS AND POWERS OF THE COMMISSION
Chapter IVPROCEDURE
Chapter VSTATE HUMAN RIGHTS COMMISSIONS
Chapter VIHUMAN RIGHTS COURTS
Chapter VIIFINANCE, ACCOUNTS AND AUDIT
Chapter VIIIMISCELLANEOUS

Chapter I

PRELIMINARY

1. Short title, extent and commencement

(1 ) This Act may be called the Protection of Human Rights Act, 1993.

(2) It extends to the whole of India.
Provided that it shall apply to the State of Jammu and Kashmir only in so far as it pertains to the matters relatable to any of the entries enumerated in List I or List lll in the Seventh Schedule to the Constitution as applicable to that State.

(3) It shall be deemed to have come into force on the 28th day of September, 1993.

2. Definitions

(1) In this Act, unless the context otherwise requires-

(a) "armed forces" means the naval, military and air forces and includes any other armed forces of the Union;
(b) "Chairperson" means the Chairperson of the Commission or of the State Commission, as the case may be;
(c) "Commission" means the National Human Rights Commission under section 3;
(d) "human rights" means the rights relating to life, liberty, equality and dignity of the individual guaranteed by the Constitution or embodied in the International Covenants and enforceable by courts in India.
(e) "Human Rights Court" means the Human Rights Court specified under section 30;
(f) "International Covenants" means the International Covenant on Civil and Political Rights and the International Covenant on Economic, Social and Cultural Rights adopted by the General Assembly of the United Nations on the 16th December, 1966;
(g) "Member" means a Member of the Commission or of the State Commission, as the case may be, and includes the Chairperson;
(h) "National Commission for Minorities" means the National Commission for Minorities constituted under section 3 of the National Commission for Minorities Act, 1992;
(i) "National Commission for the Scheduled Castes and Scheduled Tribes" means the National Commission for the Scheduled Castes and Scheduled Tribes referred to in article 338 of the Constitution;
(j) "National Commission for Women" means the National Commission for Women constituted under section 3 of the National Commission for Women Act, 1990;
(k) "Notification" means a notification published in the official Gazette;
(I) "Prescribed" means prescribed by rules made under this Act;
(m) "Public servant" shall have the meaning assigned to it in section 21 of the Indian Penal Code;
(n) "State Commission" means a State Human Rights Commission constituted under section 21.

(2) Any reference in this Act to a law, which is not in force in the State of Jammu and Kashmir, shall, in relation to that State, be construed as a reference to a corresponding law, if any, in force in that State.


Chapter II

THE NATIONAL HUMAN RIGHTS COMMISSION

3. Constitution of a National Human Rights Commission

(1) The Central Government shall constitute a body to be known as the National Human Rights Commission to exercise the powers conferred upon, and to perform the functions assigned to it, under this Act.

(2) The Commission shall consist of:

(a) a Chairperson who has been a Chief Justice of the Supreme Court;
(b) one Member who is or has been, a Judge of the Supreme Court;
(c) one Member who is, or has been, the Chief Justice of a High Court;
(d) two Members to be appointed from amongst persons having knowledge of, or practical experience in, matters relating to human rights.

(3) The Chairpersons of the National Commission for Minorities, the National Commission for the Scheduled Castes and Scheduled Tribes and the National Commission for Women shall be deemed to be Members of the Commission for the discharge of functions specified in clauses (b) to (j) of section 12.

(4) There shall be a Secretary-General who shall be the Chief Executive Officer of the Commission and shall exercise such powers and discharge such functions of the Commission as it may delegate to him.

(5) The headquarters of the Commission shall be at Delhi and the Commission may, with the previous approval of the Central Government, establish offices at other places in India.

4. Appointment of Chairperson and other Members

(1) The Chairperson and other Members shall be appointed by the President by warrant under his hand and seal.

Provided that every appointment under this sub-section shall be made after obtaining the recommendations of a Committee consisting of

(a) The Prime Minister —Chairperson
(b) Speaker of the House of the People — Member
(c) Minister in-charge of the Ministry of Home Affairs in the Government of India — Member
(d) Leader of the Opposition in the House of the People — Member
(e) Leader of the Opposition in the Council of States — Member
(f) Deputy Chairman of the Council of States — Member


Provided further that no sitting Judge of the Supreme Court or sitting Chief Justice of a High Court shall be appointed except after consultation with the Chief Justice of India.

(2) No appointment of a Chairperson or a Member shall be invalid merely by reason of any vacancy in the Committee.

5. Removal of a Member of the Commission

(1) Subject to the provisions of sub-section (2), the Chairperson or any other Member of the Commission shall only be removed from his office by order of the President on the ground of proved misbehavior or incapacity after the Supreme Court, on reference being made to it by the President, has, on inquiry held in accordance with the procedure prescribed in that behalf by the Supreme Court, reported that the Chairperson or such other Member, as the case may be, ought on any such ground to be removed.

(2) Notwithstanding anything in sub-section (1), the President may by order remove from office the Chairperson or any other Member if the Chairperson or such other Member, as the case may be

(a) is adjudged an insolvent; or
(b) engages during his term of office in any paid employment out side the duties of his office: or
(c) is unfit to continue in office by reason of infirmity of mind or body; or
(d) is of unsound mind and stands so declared by a competent court; or
(e) is convicted and sentenced to imprisonment for an offence which in the opinion of the President involves moral turpitude.

6. Term of office of Members

(1 ) A person appointed as Chairperson shall hold office for a term of five years from the date on which he enters upon his office or until he attains the age of seventy years, whichever is earlier.

(2) A person appointed as a Member shall hold office for a term of five years from the date on which he enters upon his office and shall be eligible for re-appointment for another term of five years. Provided that no Member shall hold office after he has attained the age of seventy years.

(3) On ceasing to hold office, a Chairperson or a Member shall be ineligible for further employment under the Government of India or under the Government of any State.

7. Member to act as Chairperson or to discharge his functions in certain circumstances

(1 ) In the event of the occurrence of any vacancy in the office of the Chairperson by reason of his death, resignation or otherwise, the President may, by notification, authorise one of the Members to act as the Chairperson until the appointment of a new Chairperson to fill such vacancy.

(2) When the Chairperson is unable to discharge his functions owing to absence on leave or otherwise, such one of the Members as the President may, by notification, authorise in this behalf, shall discharge the functions of the Chairperson until the date on which the Chairperson resumes his duties.

8. Terms and conditions of service of Members

The salaries and allowances payable to, and other terms and conditions of service of, the Members shall be such as may be prescribed. Provided that neither the salary and allowances nor the other terms and conditions of service of a Member shall be varied to his disadvantage after his appointment.

9. Vacancies, etc., not to invalidate the proceedings of the Commission.

No act or proceedings of the Commission shall be questioned or shall be invalidated merely on the ground of existence of any vacancy or defect in the constitution of the Commission.

10. Procedure to be regulated by the Commission

(1) The Commission shall meet at such time and place as the Chairperson may think fit.

(2) The Commission shall regulate its own procedure.

(3) All orders and decisions of the Commission shall be audited by the Secretary-General or any other officer of the Commission duly authorised by the Chairperson in this behalf.

11. Officers and other staff of the Commission

(1 ) The Central Government shall make available to the Commission :

(a) an officer of the rank of the Secretary to the Government of India who shall be the Secretary-General of the Commission; and
(b) such police and investigative staff under an officer not below the rank of a Director General of Police and such other officers and staff as may be necessary for the efficient performance of the functions of the Commission.

(2) Subject to such rules as may be made by the Central Government in this behalf, the Commission may appoint such other administrative, technical and scientific staff as it may consider necessary.

(3) The salaries, allowances and conditions of service of the officers and other staff appointed under sub-section (2) shall be such as may be prescribed.


Chapter III

FUNCTIONS AND POWERS OF THE COMMISSION

12. Functions of the Commission

The Commission shall perform all or any of the following functions, namely :
(a) inquire, suo motu or on a petition presented to it by a victim or any person on his behalf, into complaint of

(i) violation of human rights or abetment thereof or
(ii) negligence in the prevention of such violation,

by a public servant;

(b) intervene in any proceeding involving any allegation of violation of human rights pending before a court with the approval of such court;
(c) visit, under intimation to the State Government, any jail or any other institution under the control of the State Government, where persons are detained or lodged for purposes of treatment, reformation or protection to study the living conditions of the inmates and make recommendations thereon;
(d) review the safeguards provided by or under the Constitution or any law for the time being in force for the protection of human rights and recommend measures for their effective implementation;
(e) review the factors, including acts of terrorism that inhibit the enjoyment of human rights and recommend appropriate remedial measures;
(f) study treaties and other international instruments on human rights and make recommendations for their effective implementation;
(g) undertake and promote research in the field of human rights;
(h) spread human rights literacy among various sections of society and promote awareness of the safeguards available for the protection of these rights through publications, the media, seminars and other available means;
(i) encourage the efforts of non-governmental organisations and institutions working in the field of human rights;
(j) such other functions as it may consider necessary for the protection of human rights.

13. Powers relating to inquiries

(1 ) The Commission shall, while inquiring into complaints under this Act, have all the powers of a civil court trying a suit under the Code of Civil Procedure, 1908, and in particular in respect of the following matters, namely :

(a) summoning and enforcing the attendance of witnesses and examine them on oath;
(b) discovery and production of any document;
(c) receiving evidence on affidavits;
(d) requisitioning any public record or copy thereof from any court or office;
(e) issuing commissions for the examination of witnesses or documents;
(f) any other matter which may be prescribed.

(2) The Commission shall have power to require any person, subject to any privilege which may be claimed by that person under any law for the time being in force, to furnish information on such points or matters as, in the opinion of the Commission, may be useful for, or relevant to, the subject matter of the inquiry and any person so required shall be deemed to be legally bound to furnish such information within the meaning of section 176 and section 177 of the Indian Penal Code.

(3) The Commission or any other officer, not below the rank of a Gazetted Officer, specially authorised in this behalf by the Commission may enter any building or place where the Commission has reason to believe that any document relating to the subject matter of the inquiry may be found, and may seize any such document or take extracts or copies therefrom subject to the provisions of section 100 of the Code of Criminal Procedure, 1973, in so far as it may be applicable.

(4) The Commission shall be deemed to be a civil court and when any offence as is described in section 175, section 178, section 179, section 180 or section 228 of the Indian Penal Code is committed in the view or presence of the Commission, the Commission may, after recording the facts constituting the offence and the statement of the accused as provided for in the Code of Criminal Procedure, 1973, forward the case to a Magistrate having jurisdiction to try the same and the Magistrate to whom any such case is forwarded shall proceed to hear the complaint against the accused as if the case has been forwarded to him under section 346 of the Code of Criminal Procedure, 1973.

(5) Every proceeding before the Commission shall be deemed to be a judicial proceeding within the meaning of sections 193 and 228, and for the purposes of section 196, of the Indian Penal Code, and the Commission shall be deemed to be a civil court for all the purposes of section 195 and Chapter XXVI of the Code of Criminal Procedure, 1973.

14. Investigation

(1) The Commission may, for the purpose of conducting any investigation pertaining to the inquiry, utilise the services of any officer or investigation agency of the Central Government or any State Government with the concurrence of the Central Government or the State Government, as the case may be.

(2) For the purpose of investigating into any matter pertaining to the inquiry, any officer or agency whose services are utilised under sub-section (1 ) may, subject to the direction and control of the Commission.

(a) summon and enforce the attendance of any person and examine him;
(b) require the discovery and production of any document; and
(c) requisition any public record or copy thereof from any office.

(3) The provisions of section 15 shall apply in relation to any statement made by a person before any officer or agency whose services are utilised under sub-section (1 ) as they apply in relation to any statement made by a person in the course of giving evidence before the Commission.

(4) The officer or agency whose services are utilised under sub-section (1 ) shall investigate into any matter pertaining to the inquiry and submit a report thereon to the Commission within such period as may be specified by the Commission in this behalf.

(5) The Commission shall satisfy itself about the correctness of the facts stated and the conclusion, if any, arrived at in the report subbed to it under sub-section (4) and for this purpose the Commission may make such inquiry (including the examination of the person or persons who conducted or assisted in the investigation) as it thinks fit.

15. Statement made by persons to the Commission

No statement made by a person in the course of giving evidence before the Commission shall subject him to, or be used against him in, any civil or criminal proceeding except a prosecution for giving false evidence by such statement:

Provided that the statement —
(a) is made in reply to the question which he is required by the Commission to answer; or
(b) is relevant to the subject matter of the inquiry.

16. Persons likely to be prejudicially affected to be heard

If, at any stage of the inquiry, the Commission-
(a) considers it necessary to inquire into the conduct of any person; or
(b) is of the opinion that the reputation of any person is likely to be prejudicially affected by the inquiry;

it shall give to that person a reasonable opportunity of being heard in the inquiry and to produce evidence in his defence:
Provided that nothing in this section shall apply where the credit of a witness is being impeached.


Chapter IV

PROCEDURE

17. Inquiry into complaints

The Commission while inquiring into the complaints of violations of human rights may-
(i) call for information or report from the Central Government or any State Government or any other authority or organisation subordinate thereto within such time as may be specified by it;

Provided that-
(a) if the information or report is not received within the time stipulated by the Commission, it may proceed to inquire into the complaint on its own;
(b) if, on receipt of information or report, the Commission is satisfied either that no further inquiry is required or that the required action has been initiated or taken by the concerned Government or authority, it may not proceed with the complaint and inform the complainant accordingly;

(ii) without prejudice to anything contained in clause (i), if it considers necessary, having regard to the nature of the complaint, initiate an inquiry.

18. Steps after inquiry

The Commission may take any of the following steps upon the completion of an inquiry held under this Act namely :

(1) where the inquiry discloses, the commission of violation of human rights or negligence in the prevention of violation of human rights by a public servant, it may recommend to the concerned Government or authority the initiation of proceedings for prosecution or such other action as the Commission may deem fit against the concerned person or persons;

(2) approach the Supreme Court or the High Court concerned for such directions, orders or writs as that Court may deem necessary;

(3) recommend to the concerned Government or authority for the grant of such immediate interim relief to the victim or the members of his family as the Commission may consider necessary;

(4) subject to the provisions of clause (5), provide a copy of the inquiry report to the petitioner or his representative;

(5) the Commission shall send a copy of its inquiry report together with its recommendations to the concerned Government or authority and the concerned Government or authority shall, within a period of one month, or such further time as the Commission may allow, forward its comments on the report, including the action taken or proposed to be taken thereon, to the Commission;

(6) the Commission shall publish its inquiry report together with the comments of the concerned Government or authority, if any, and the action taken or proposed to be taken by the concerned Government or authority on the recommendations of the Commission.

19. Procedure with respect to armed forces

(1 ) Notwithstanding anything contained in this Act, while dealing with complaints of violation of human rights by members of the armed forces, the Commission shall adopt the following procedure, namely :

(a) it may, either on its own motion or on receipt of a petition, seek a report from the Central Government;
(b) after the receipt of the report, it may, either not proceed with the complaint or, as the case may be, make its recommendations to that Government.

(2) The Central Government shall inform the Commission of the action taken on the recommendations within three months or such further time as the Commission may allow.

(3) The Commission shall publish its report together with its recommendations made to the Central Government and the action taken by that Government on such recommendations.

(4) The Commission shall provide a copy of the report published under sub-section (3) to the petitioner or his representative.

20. Annual and special reports of the Commission

(1) The Commission shall submit an annual report to the Central Government and to the State Government concerned and may at any time submit special reports on any matter which, in its opinion, is of such urgency or importance that it should not be deferred till submission of the annual report.

(2) The Central Government and the State Government, as the case may be, shall cause the annual and special reports of the Commission to be laid before each House of Parliament or the State Legislature respectively, as the case may be, along with a memorandum of action taken or proposed to be taken on the recommendations of the Commission and the reasons for non-acceptance of the recommendations, if any.


Chapter V

STATE HUMAN RIGHTS COMMISSIONS

21. Constitution of State Human Rights Commissions

(1) A State Government may constitute a body to be known as the ....................... (name of the State) Human Rights Commission to exercise the powers conferred upon, and to perform the functions assigned to, a State Commission under this chapter.

(2) The State Commission shall consist of

(a) a Chairperson who has been a Chief Justice of a High Court;
(b) one Member who is, or has been, a Judge of a High Court;
(c) one Member who is, or has been, a district judge in that State;
(d) two Members to be appointed from amongst persons having knowledge of, or practical experience in, matters relating to human rights.

(3) There shall be a Secretary who shall be the Chief Executive Officer of the State Commission and shall exercise such powers and discharge such functions of the State Commission as it may delegate to him.

(4) The headquarters of the State Commission shall be at such place as the State Government may, by notification, specify.

(5) A State Commission may inquire into violation of human rights only in respect of matters relatable to any of the entries enumerated in List II and List lll in the Seventh Schedule to the Constitution:

Provided that if any such matter is already being inquired into by the Commission or any other Commission duly constituted under any law for the time being in force, the State Commission shall not inquire into the said matter:

Provided further that in relation to the Jammu and Kashmir Human Rights Commission, this sub-section shall have effect as if for the words and figures "List ll and List lll in the Seventh Schedule to the Constitution", the words and figures "List lll in the Seventh Schedule to the Constitution as applicable to the State of Jammu and Kashmir and in respect of matters in relation to which the Legislature of that State has power to make laws" had been substituted.

22. Appointment of Chairperson and other Members of State Commission

(1) The Chairperson and other Members shall be appointed by the Governor by warrant under his hand and seal:

Provided that every appointment under this sub-section shall be made after obtaining the recommendation of a Committee consisting of

(a) the Chief Minister — Chairperson
(b) Speaker of the Legislative Assembly — Member
(c) Minister in-charge of the Department of Home, in that State — Member
(d) Leader of the Opposition in the Legislative Assembly — Member

Provided further that where there is a Legislative Council in a State, the Chairman of that Council and the Leader of the Opposition in that Council shall also be members of the Committee.

Provided also that no sitting Judge of a High Court or a sitting District Judge shall be appointed except after consultation with the Chief Justice of the High Court of the concerned State.

(2) No appointment of a Chairperson or a Member of the State Commission shall be invalid merely by reason of any vacancy in the Committee.

23. Removal of a Member of the State Commission

(1) Subject to the provisions of sub-section (2), the Chairperson or any other member of the State Commission shall only be removed from his office by order of the President on the ground of proved misbehaviour or incapacity after the Supreme Court, on a reference being made to it by the President, has, on inquiry held in accordance with the procedure prescribed in that behalf by the Supreme Court, reported that the Chairperson or such other Member, as the case may be, ought on any such ground to be removed.

(2) Notwithstanding anything in sub-section (1), the President may by order remove from office the Chairperson or any other Member if the Chairperson or such other Member, as the case may be –

(a) is adjudged an insolvent; OR
(b) engages during his term of office in any paid employment outside the duties of his office; OR
(c) is unfit to continue in office by reason of infirmity of mind or body; OR
(d) is of unsound mind and stands so declared by a competent court; OR
(e) is convicted and sentenced to imprisonment for an offence which in the opinion of the President involves moral turpitude.

24. Term of office of Members of the State Commission

(1 ) A person appointed as Chairperson shall hold office for a term of five years from the date on which he enters upon his office or until he attains the age of seventy years, whichever is earlier;

(2) A person appointed as a Member shall hold office for a term of five years from the date on which he enters upon his office and shall be eligible for re-appointment for another term of five years;

Provided that no Member shall hold office after he has attained the age of seventy years.

(3) On ceasing to hold office, a Chairperson or a Member shall be ineligible for further employment under the Government of a State or under the Government of India.

25. Member to act as Chairperson or to discharge his func tions in certain circumstances

(1) In the event of the occurrence of any vacancy in the office of the Chairperson by reason of his death, resignation or otherwise, the Governor may, by notification, authorise one of the Members to act as the Chairperson until the appointment of a new Chairperson to fill such vacancy.

(2) When the Chairperson is unable to discharge his functions owing to absence on leave or otherwise, such one of the Members as the Governor may, by notification, authorise in this behalf, shall discharge the functions of the Chairperson until the date on which the Chairperson resumes his duties.

26. Terms and conditions of service of Members of the State Commission

The salaries and allowances payable to, and other terms and conditions of service of, the Members shall be such as may be prescribed by the State Government.

Provided that neither the salary and allowances nor the other terms and conditions of service of a Member shall be varied to his disadvantage after his appointment.

27. Officers and other staff of the State Commission

(1) The State Government shall make available to the Commission

(a) an officer not below the rank of a Secretary to the State Government who shall be the Secretary of the State Commission; and
(b) such police and investigative staff under an officer not below the rank of an Inspector General of Police and such other officers and staff as may be necessary for the efficient performance of the functions of the State Commission.

(2) subject to such rules as may be made by the State Government in this behalf, the State Commission may appoint such other addministrative, technical and scientific staff as it may consider necessary.

(3) The salaries, allowances and conditions of service of the officers and other staff appointed under sub-section (2) shall be such as may be prescribed by the State Government.

28. Annual and special reports of State Commission

(1 ) The State Commission shall submit an annual report to the State Government and may at any time submit special reports on any matter which, in its opinion, is of such urgency or importance that it should not be deferred till submission of the annual report.

(2) The State Government shall cause the annual and special reports of the State Commission to be laid before each House of State Legislature where it consists of two Houses, or where such Legislature consists of one House, before that House along with a memorandum of action taken or proposed to be taken on the recommendations of the State Commission and the reasons for non-acceptance of the rections, if any.

29. Application of certain provisions relating to National Hu man Rights Commission to State Commissions

The provisions of sections 9, 10, 12, 13, 14, 15, 16, 17 and 18 shall apply to a State Commission and shall have effect, subject to the following modifications, namely :-

(a) references to "Commission" shall be construed as refer ences to "State Commission";
(b) in section 10, in sub-section (3), for the word "Secretary General", the word "Secretary" shall be substituted;
(c) in section 12, clause (f) shall be omitted;
(d) in section 17, in clause (i), the words "Central Government or any" shall be omitted;


Chapter VI

HUMAN RIGHTS COURTS

30. For the purpose of providing speedy trial of offences arising out of violation of human rights, the State

Government may, with the concurrence of the Chief Justice of the High Court, by notification, specify for each district a Court of Session to be a Human Rights Court to try the said offences.

Provided that nothing in this section shall apply if
(a) a Court of Session is already specified as a special court; or
(b) a special court is already constituted, for such offences under any other law for the time being in force.

31. Special Public Prosecutor

For every Human Rights Court, the State Government shall, by notification, specify a Public Prosecutor or appoint an advocate who has been in practice as an advocate for not less than seven years, as a Special Public Prosecutor for the purpose of conducting cases in that Court.


Chapter VII

FINANCE, ACCOUNTS AND AUDIT

32. Grants by the Central Government

(1) The Central Government shall after due appropriation made by Parliament by law in this behalf, pay to the Commission by way of grants such sums of money as the Central Government may think fit for being utilised for the purposes of this Act.

(2) The Commission may spend such sums as it thinks fit for performing the functions under this Act, and such sums shall be treated as expenditure payable out of the grants referred to in sub-section (1).

33. Grants by the State Government

(1) The State Government shall, after due appropriation made by Legislature by law in this behalf, pay to the State Commission by way of grants such sums of money as the State Government may think fit for being utilised for the purposes of this Act.

(2) The State Commission may spend such sums as it thinks fit for performing the functions under Chapter V, and such sums shall be treated as expenditure payable out of the grants referred to in sub-section (1).

34. Accounts and Audit

(1 ) The Commission shall maintain proper accounts and other relevant records and prepare an annual statement of accounts in such form as may be prescribed by the Central Government in consultation with the Comptrollerand Auditor-General of India.

(2) The Accounts of the Commission shall be audited by the Comptroller and Auditor-General at such intervals as may be specified by him and any expenditure incurred in connection with such audit shall be payable by the Commission to the Comptroller and Auditor-General.

(3) The Comptroller and Auditor-General or any person appointed by him in connection with the audit of the accounts of the Commision under this Act shall have the same rights and privileges and the authority in connection with such audit as the Comptroller and Auditor-General generally has in connection with the audit of Government ac counts and, in particular, shall have the right to demand the production of books, accounts, connected vouchers and other documents and papers and to inspect any of the offices of the Commission.

(4) The accounts of the Commission as certified by the Comptroller and Auditor-General or any other person appointed by him in this behalf, together with the audit report thereon shall be forwarded only to the Central Government by the Commission and the Central Government shall cause the audit report to be laid as soon as may be after it is received before each House of Parliament.

35. Accounts and Audit of State Commission

(1) The State Commission shall maintain proper accounts and other relevant records and prepare an annual statement of accounts in such form as may be prescribed by the State Government in consultation with the Comptroller and Auditor-General of India.

(2) The accounts of the State Commission shall be audited by the Comptroller and Auditor-General at such intervals as may be specified by him and any expenditure incurred in connection with such audit shall be payable by the State Commission to the Comptroller and Auditor-General.

(3) The Comptroller and Auditor-General or any person appointed by him in connection with the audit of the accounts of the State Commission under this Act shall have the same rights and privileges and the authority in connection with such audit as the Comptroller and Auditor-General generally has in connection with the audit of Government accounts and, in particular, shall have the right to demand the production of books, accounts, connected vouchers and other documents and papers and to inspect any of the offices of the State Commission.

(4) The accounts of the State Commission, as certified by the Comptroller and Auditor-General or any other person appointed by him in this behalf, together with the audit report thereon, shall be forwarded annually to the State Government by the State Commission and the State Government shall cause the audit report to be laid, as soon as may be after it is received, before the State Legislature.

Chapter VIII

MISCELLANEOUS

36. Matters not subject to jurisdiction of the Commission

(1 ) The Commission shall not inquire into any matter which is pending before a State Commission or any other Commission duly constituted under any law for the time being in force.

(2) The Commission or the State Commission shall not inquire into any matter after the expiry of one year from the date on which the act constituting violation of human rights is alleged to have been commited.


37. Constitution of special investigation teams

Notwithstanding anything contained in any other law for the time being in force, where the Government considers it necessary so to do, it may constitute one or more special investigation teams, consisting of such police officers as it thinks necessary for purposes of investigation and prosecution of offences arising out of violations of human rights.

38. Protection of action taken in good faith

No suit or other legal proceeding shall lie against the Central Government, State Government, Commission, the State Commission or any Member thereof or any person acting under the direction either of the Central Government, State Government, Commission or the State Commission in respect of anything which is in good faith done or intended to be done in pursuance of this Act or of any rules or any order made thereunder or in respect of the publication by or under the authority of the Central Government, State Government, Commission or the State Commission of any report paper or proceedings.

39. Members and officers to be public servants

Every Member of the Commission, State Commission and every officer appointed or authorised by the Commission or the State Commission to exercise functions under this Act shall be deemed to be a public servant within the meaning of section 21 of the Indian Penal Code.

40. Power of Central Government to make rules

(1 ) The Central Government may, by notification, make rules to carry out the provisions of this Act.

(2) In particular and without prejudice to the generality of the foregoing power, such rules may provide for all or any of the following matters namely :

(a) the salaries and allowances and other terms and conditions of service of the Members under section 8;
(b) the conditions subject to which other administrative, technical and scientific staff may be appointed by the Commission and the salaries and allowances of officers and other staff under sub-section (3) of section 11;
(c) any other power of a civil court required to be prescribed under clause (f) of sub-section (1) of section 13;
(d) the form in which the annual statement of accounts is to be pre pared by the Commission under sub-section (1 ) of section 34; and
(e) any other matter which has to be, or may be, prescribed.

(3) Every rule made under this Act shall be laid, as soon as may be after it is made, before each House of Parliament, while it is in session, for a total period of thirty days which may be comprised in one session or in two or more successive sessions, and if, before the expiry of the session immediately following the session or the successive sessions aforesaid, both Houses agree in making any modification in the rule or both Houses agree that the rule should not be made, the rule shall thereafter have effect only in such modified form or be of no effect, as the case may be; so however, that any such modification or annulment shall be without prejudice to the validity of anything previously done under that rule.

41. Power of State Government to make rules

(1 ) The State Government may, by notification, make rules to carry out the provisions of this Act.

(2) In particular and without prejudice to the generality of the fore ing power, such rules may provide for all or any of the following matters, namely :

(a) the salaries and allowances and other terms and conditions of service of the members under section 26;
(b) the conditions subject to which other administrative, technical and scientific staff may be appointed by the State Commission and the salaries and allowances of officers and other staff under sub-section (3) of section 27;
(c) the form in which the annual statement of accounts is to be prepared under sub-section (1 ) of section 35.

(3) Every rule made by the State Government under this section shall be laid, as soon as may be after it is made, before each House of the State Legislature where it consists of two Houses, or where such Legislature consists of one House, before that House.

42. Power to remove difficulties

(1 ) If any difficulty arises in giving effect to the provisions of this Act, the Central Government, may by order published in the Official Gazette, make such provisions, not inconsistent with the provisions of this Act as appear to it to be necessary or expedient for removing the difficulty.
Provided that no such order shall be made after the ex ry of the period of two years from the date of commencement of this Act.

(2) Every order made under this section shall, as soon as may be after it is made, be laid before each house of Parliament.

43. Repeal and Savings

(1) The Protection of Human Rights Ordinance, 1993 is hereby repealed.

(2) Notwithstanding such repeal, anything done or any action taken under the said Ordinance, shall be deemed to have been done or taken under the corresponding provisions of this Act.