Authors: Piyali Sengupta & Mona Pattanaik, HNLU, Raipur
In 49th year of Indian independence, internet was commercially introduced in India. Slowly and gradually grew the role of internet in every sphere and e-commerce emerged. E-commerce is defined as, “the use of electronic transmission medium to engage in exchange, including buying and selling of products and services requiring transportation, either physically or digitally, from location to location ((Greenstein, Marilyn And Todd M. Feinman, Electronic Commerce: Security, Risk Management And Control. Usa, Mcgraw-Hill Companies Inc 20(2000).)).” The different activities that could be carried electronically include electronic presentation of goods and services, online order taking and bill presentation, automated customer account enquiries and online payment and transaction handling. India has an extremely detailed and well-defined legal system in place. The increasing role of internet grew the need to enact the relevant Cyber laws, which were necessary to regulate Internet in India.
The coming of Internet led to the emergence of numerous ticklish legal issues and problems, which necessitated the enactment of Cyber laws ((Pavan Duggal, Cyber Law: The Indian Perspective, 5 (2 D. Ed. 2004).)). None of the existing laws gave any legal validity or sanction to the activities in Cyber space.
Meanwhile, the General Assembly of United Nations adopted the United Nations Commission on International Trade Laws (UNCITRAL) Model Law on Electronic Commerce on January 30, 1997. This resolution recommended to the member nations of the United Nations to enact and modify the laws according to the Model Law.
Inspired by the UNCITRAL law on E- Commerce, the Government of India decided to enact a law that would make e-contracts legal, electronic records admissible in evidence and which would make cosmetic changes to some other existing laws. Consequently three key areas were identified – Contract, Indian Penal Code and Evidence.
The Parliament under Article 253 ((Article 253: “Notwithstanding anything in the foregoing provisions of this Chapter, Parliament has power to make any law for the whole or any part of India for implementing any treaty, agreement or convention with any other country or countries or any decision made at any international conference, association or other body.”))of the Constitution of India relying on the Resolution of General Assembly of the United Nations passed India’s first Cyber Law. The purpose of IT Bill, 1999 was to provide the necessary legal and business infrastructure required for enabling e-commerce in India. The bill purported to facilitate the coming together of trade and commerce, besides eliminating barriers coming in the way of electronic commerce resulting from the glorious uncertainties relating to writing and signature requirements over the Internet ((Supra note 1, at 6)).
On 17th May, Parliament created history when it passed India’s first Cyber law aimed at regulating cyberspace, namely , The Information Technology Act, 2000 (IT Act,2000). It received Precedent’s assent on June 9, 2000 and was implemented on October 17, 2000.
In the Internet era, Cyber law awareness is essential for each and every citizen with thriving opportunities in e-commerce throughout the world. The information and communications revolutions has taken the world by storm, breaking economic, political and territorial barriers, challenging the ages old established laws in industrialized world. Studies reveal that acceptance of the Internet as a trading platform is growing. To meet the challenges of the Internet, Information Super Highway and Cyberspace, our country’s administrators successfully passed the IT Act 2000.
India’s Cyber law redefines the business and legal process in the country by bringing electronic documentation as a legally accepted replacement of written documentation. This law won’t apply to Internet transaction, but also to transactions in other areas-educational institutes, banks, government departments, proprietary networks and so on.
In its simplest form ecommerce is the buying and selling of products and services by businesses and consumers over the Internet. People use the term “ecommerce” to describe encrypted payments on the Internet.
Sometimes these transactions include the real-time transfer of funds from buyer to seller and sometimes this is handled manually through an eft-pos terminal once a secure order is received by the merchant.
One of the main drivers underlying e-commerce growth is the rising number of individuals connected to the Web.
WHY THE PROBLEM
There are several hurdles in the process of conducting trade through internet. This scenario is worse in case of developing countries like India. Even though internet facilities are a boon in itself, the problems are much more dreadful and are transmitted free of cost. Most of the internet users fall prey to the hacking process. When networks that have not been secured are hacked, e-consumers’ monetary and personal data fall into the hands of cybercriminals. Since internet is a new invention in India, the facilities and awareness among the society about internet security is restricted and limited giving way to the internet germs.
The factors responsible for legislations to protect consumer’s rights are as follows ((S.S.Singh, & Sapna Chadah, Consumer Protection in India: Some Reflections, IIPA, http://consumereducation.in/publications.htm, downloaded on July 2,2012)):
• rapidly increasing variety of goods and services which modern technology has made available;
• growing size and complexity of production and distribution system;
• high level of sophistication in marketing and selling practices, in advertising and other forms of production;
• removal of personal relationship of buyer and seller as a result of mass marketing methods; and
• consumers’ increased mobility.
The Internet is harmonizing the general environment in which electronic communications of all kinds take place. Thus, the electronic transaction environment is moving closer and closer to the individual. As more and more kinds of consumer transactions migrate to the Internet, a number of issues become magnified that are fundamental to the creation of trust in electronic commerce as a way of doing business ((S.B Verma,R.K.Shrivastava, S.K.Singh Dynamics Of Electronic Commerce, , Deep & Deep Publications Pvt Ltd 80 (2007).)).
Most transactions in e-commerce may broadly be classified into two categories:
• Business to consumer- Transaction involving business or corporations who sell the products and individuals who buy them. These are usually large in number, each transaction being of small volume and taking place every day.
• Business to business- Transaction involving two or more businesses or corporations where the product is for business use.
The different activities that could be carried electronically include:
1. Electronic presentation of goods and services- This will include making available e-catalogue on the site, through which the consumer could browse to select his purchase. It could also include search facilities , where the user could for items based on its attributes ((Ibid. at 67)).
2. Online order taking and bill presentation- This would include provision for the user to specify the items he wishes to order, defining the terms of payment and delivery and an automated billing system for the users ((Ibid)).
3. Automated customer account enquiries- This could function independent of how the other activities were finalized, online or offline. This would be an integral part of customer support ((Ibid)).
4. Online payment and transaction handling- The merchant may provide or tie-up with some third party for the payment verification and special payment methods must be defined and the back end connectivity for these established.
The vast majority of the activity to date has been taking place in countries with advanced economies and infrastructure. The problems that are faced by the Internet users’ are-
FRAUD – Internet fraud is defined as any fraud committed through or with the aid of computer programming or Internet related communications like websites, spams and e-mails. It is a form of white collar crimes. Almost ninety percent of the malicious acts committed online are covered under this category.
The increasing rate of fraud globally is due to the communication of the individuals and companies with a whole lot of people either by building a website or chat or mail. The problem becomes severe when such persons have malafide intention. For fraud, to be a crime, it should have two essentials:-
a. Deceit or intention to deceive
b. Any kind of injury to person or property.
So, under this electronic frauds on e-consumers can be broadly classified under three categories:
a. To deprive a man of his right, either by obtaining something by deception or by taking something wrongfully without the knowledge or consent of the owner
b. To withhold wrongfully from another what is due to him, or to wrongfully prevent one from obtaining what he may justly claim;
c. To defeat or frustrate wrongfully another’s right to property ((Nandan Kamath, Law Relating to Computers Internet And E-Commerce, Universal Law Publishing Co. Pvt Ltd. 282 (2d Ed.2005).)).
The following are the types of fraud committed on e-consumers:-
1.1Online Identity Theft – Online identity theft of the consumer has long been an epidemic. It can be defined as the practice of pretending to be someone else on the internet. Although it appears to be harmless but mostly it is related to the crime of stealing someone’s personal information for his or her own financial gain
1.1.1 Phishing- Phishing means stealing a person’s banking information and using that to order goods or transfer money to another bank account. There is a framework of legal regulations designed to provide protection as a consumer in physical or traditional modes means when shopping from a local shop. But, at present there is no similar framework that covers all situations where one purchase goods on Internet by electronic transactions. In India though the Government has promoted e-commerce aggressively resulting in increase of e-consumers activities but has failed to catch up with the frauds that have come up.
Debasheesh Chakravartee Case
In this case, a 30 year old former employee of a bank’s direct selling associate, misused the credit card information of various credit card holders by booking a total of 21 tickets in five months through IRCTC’s internet booking facility He also allegedly opened up various bank accounts, using photocopies of credit cards as proof of residence.
State Vs Manohar and Moses
In this case Moses, being a steward in the hotel, noted down the various details of the credit cards, which were handed by clients of the hotel for paying their meal bills. Moses passed all the details of the various credit cards to his computer operator friend, Manohar who used the details to make online purchase on various websites such as sify.com and rediff.com.
In April 2001, the Hyderabad police arrested two persons, namely, Manohar and Moses, an unemployed computer operator and his friend were arrested and charged under various sections of IPC and the IT Act for stealing and misusing credit card numbers belonging to others.
1.1.2.Digital Signatures- Digital Signature is a small amount of data that was created using some secret key and there is a public key that can be used to verify that the signature is really generated using the corresponding private key. These are helpful to verify that a message really comes from the claimed sender. Due to the advanced technology these can be easily forged resulting in a large number of frauds ((Dr. R.C. Mishra, Cyber Crime Impacts In The New Millennium, Author’s Press 76 (1 St Ed.2005).)). This has been a major problem for the subscribers.
Sec 40-42 of the IT Act, 2000 deals with the duties of the subscribers. In order to have a safe e-transaction the subscribers must be vigilant. A subscriber is a person in whose name the digital signature is issued by the certifying authority. Such a certificate can be granted only when the certifying authority is satisfied that the subscriber holds the private key corresponding to the public key and he communicates the acceptance through proper means.
Sec 73 provides for punishment for publishing digital signature certificate false in certain particulars. If any person has a knowledge that the Certifying Authority has not issued the digital Signature Certificate or the Subscriber has not accepted it or that the Digital Signature Certificate has been revoked or suspended, even then he publishes the Digital Signature Certificate with false particulars, he shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to One Lakh, or with both unless such publication is for the purpose of verifying a digital signature created prior to such suspension or revocation.
1.2 Online Investment- Hundreds of online investment newsletters and schemes have appeared on the internet in recent years. Many offer investors, seemingly unbiased information, free of charge about featured companies or recommending stock picks of the month”. While legitimate online newsletters can help investors gather valuable information mast of them are tools for fraud ((Supra note 10, at 281)).
1.3 Spam mails- Spam is a term that is commonly used to describe unsolicited, mass e-mails that are often advertisements or solicitations sent via e-mail or other online means to Internet users where the e-mail address of the recipients are often procured from the internet without their consent. Because these are so cheap and easy to create fraudsters increasingly use it to find investors for bogus investment schemes or spread false information about a company.
Spam also puts a strain on the productivity, time and resources of Internet Service Provider and corporate networks ((Supra note 2, at 614)).
This case , as reported , emanates out of the complaint of one Mr.Madhukar Jhingan who hosts the site www.stampsofindia.com .It seems that this person was involved in a litigation concerned with the making the working and operations of Philatelic congress of India, more transparent. In retaliation it appears that there were threats and misuse of e-mail identities, hacking and illegal attempts of e-mail accounts, and denial of service attacks by filling e-mail boxes and spamming which caused loss and damage of data through introduction of malicious programmes.
In this case, an e-mail stating “I am facing tough time please send dollar one for my sustenance” was sent to his acquaintances by stealing his e-mail address and mailing book.
1.4 Business and job opportunities- There are a variety of internet job scams, ranging from fake jobs, to scams that try and collect your personal information, or ask us to send money or make purchases for them.
Fraudulent Job Website Case
In this case, the CBI was successful in nabbing a person who put up a job website promising the applicants to give them lucrative jobs in the IT industry in different countries. In this manner, he collected huge amount of money from unsuspecting citizens promising to send them abroad. Further he used forged letters from High Commissions to convince the unsuspecting citizens and for his fraudulent endeavours.
In June2001 the Delhi police booked a Delhi based software company for projecting its website as the official website of a Union Government Ministry. The company had allegedly misused the official emblem on its site www.surfacetransportofindia.com. Apart from misusing the emblem, the software company collected the money from unsuspecting netizens ((Any person who lives in Cyber space who is interacting with the internet can be defined as a ‘netizen’.))on the pretext of hiring them for opening traffic control centres through the country. The company started allegedly publishing its plans to open cyber booths throughout the country. It collected Rs.7,500 from individuals for recruiting them as district managers, by masquerading as a Government agency on the Internet and in the first six weeks of its operations, collected Rs 58 lakhs from netizens.
CBI V Mohammed Feroz Case
Mohammed Feroz used to place advertisements on the internet that offered jobs in Germany. He interacted with the various applicants by e-mail and asked them to deposit money for processing charges in his bank account in Delhi. This racket continued for sometime and Mohammed Feroz duped numerous people of their money before the CBI finally arrested him.
1.5 Inter-country transaction frauds- Internet is a communications medium without geographical or national boundaries. A majority of frauds are covered under this head. Whenever a product is bought from another country having different legislations for electronic commerce, the discrepancy arises as to which jurisdiction to follow. To be protected by consumer protection act in India at the time of electronic shopping, the first thing an e-consumer need to be ensured is that all the parties involved in the transactions are based within national boundaries where his municipal consumer protection laws apply.
Nigerians Hacking Case
In January, 2002, four Nigerians Ageleke Simpson, Abdul Aziz Kehinde, Dafe Mathew Etarighobe and Larry Adigun were arrested by CBI on the charge of hacking credit card numbers from the Net and using the same to buy air tickets. All of them operated from Delhi and allegedly duped Indian and Foreign travel agents, especially Net-based travel companies, by impersonating as tour mangers for UK’s Edinburgh University.
They credited false identities and e-mail addresses for the same. According to the CBI, they had hacked websites and obtained 1,500 credit card numbers, which they used to buy air tickets. They operated through cyber cafes and often gave fictitious names and also gave credit card numbers for payment of tickets. The four Nigerians would be prosecuted under law of the land.
Nigerian 419 Scam West Bengal case
India saw the registration of its first Nigerian 419 case in the year 2003. 419 stands for the provision of cheating under the Nigerian Penal Code. This case was registered by CID in West Bengal. The 419 Nigerain scam claimed numerous victims from various age groups and different strata of society and have included mature and well educated people apart from youngsters.
INSECURITY– Another important factor is lack of guidelines for buying online with a degree of safety. It is important to realize that all computer systems cannot be one hundred percent secure, there is always a degree of risk involved in using the Internet for buying goods. Thus, it requires a strict and user-friendly law which should not only provides the security at the time of shopping but also protect the interest of the e-consumer for post transactional consequences ((Shashi Nath Mandal, Protection Of E-Consumers’ Rights In Electronic Transaction, WBES, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1880958 (last updated April 7,2011).)). Most people are reluctant to buy products on the net because they fear that their personal information will be stolen.
Sec 43(b) of the IT Act,2000 make a person liable for compensation not exceeding one crore rupees, if any person, without permission of the owner or any other person who is incharge of the computer, computer system or computer network downloads, extracts or copies any data, computer data base or information from such computer, computer system or computer network. If any information is stored in any removable medium, then the person will be similarly liable.
According to Sec 72 any person who has a power to make access to any electronic records etc. without the consent of the person concerned, will have to keep the confidentiality of electronic record etc. and if discloses such electronic record etc. to any other person, he is liable for the breach of confidentiality and privacy ((S. R. Bhansali, Information Technology Act 207-08(2000).)). In Kharak Singh vs. State of U.P. (([(1964] 1 SCR 332))the Supreme Court recognized that there is right of privacy implicit in the Constitution under Article 21 of the Constitution. The person who committed the breach shall be punished with imprisonment for a term which may extend to two years or with fine which may extend to one lakh rupees, or with both. In Peoples Union for Civil Liberties v. Union of India ((AIR 1997 SC 568)), the supreme court has held: “Right to privacy is a part of the right to ‘life and personal liberty’ enshrined under Art 21 of the Constitution. Once the facts in the given case constitute a right to privacy, Art 21 is attracted. ”
The protection of consumers who purchase goods, services or information products via the Internet has given rise to much discussion. In most jurisdictions, consumers have already received the benefit of wide range of consumer protection laws. But the main problem is with the effective enforcement of the rights developed through them.
1. Enforcement – Enforcement is a key element to build public trust in a legal system that intent to provide protection to e-consumers. This requires both speedy and visible enforcement – to create trust, it is not sufficient that individual cases of grievances are addressed, but that the wider public sees this to be done. All efforts developed for empowering consumers, and promoting business compliance are likely to fail if the administrative system is unable to guarantee an effective protection whenever e-consumers are affected in their rights. Mainly through enforcement e-consumers will be stimulated to participate in the ecommerce, satisfying Government and businesses expectations.
The most effective method of providing some effective enforcement is the establishment of self-regulatory schemes. The advantage of such schemes is that
• Membership is voluntary which increases its effectiveness
• Rules are made by the members themselves hence more participation of the members and their maximum abidement
• The rules are devised by the members of the industry sector so there is more applicability and compatibility with the practical problems
2. Mediation and Arbitration- Ensuring a fair resolution to a dispute between an e-retailer and an e-consumer requires a multi-facetted approach. The starting point must be a realisation of two fundamental considerations: (1) the combination of the small values typical of consumer e-commerce transactions and the complexities of, and costs associated with, litigation means that few consumer disputes are suitably handled by the legal system; and (2) a consumer’s right to seek redress is an important incentive to businesses to not try to avoid their responsibilities ((Supra note 15)). There are on-line mediation service that had been introduced in the past few years. But the problem with this was that the participation by the defendant is entirely voluntary ((Chris Reed, Internet Law, Universal Law Publishing Co 305 (2 D Ed.).)). These did not bring much relief to the e-consumers due to the payment of an up-front fee.
3. Cryptography- This technique provides security of data and the reliability of transactions by safeguarding both the confidentiality and the integrity of the data. The algorithm used, which makes it unintelligible to anyone who does not have the ‘cryptographic’ key necessary for decryption of the data, helps in by-passing the problem repudiability and lack of security in payment system ((S.B. Verma, R. K. Shrivastawa & S. K. Singh, Dynamics Of Electronic Media, Deep & Deep Publications Pvt Ltd 52 (2007).)).
4. Awareness- There is necessity for continuing consumer awareness campaigns on a large scale to sensitize the population on basic aspects such as Maximum Retail Price (MRP), Gold Hall Marking, Indian Standard Institute (ISI) mark on products, and expiry dates. As and when voluntary standards are extended into the services sector or regulations are imposed for mandatory compliance with standards for reasons of health, safety or environment, the content of awareness campaigns would need to be expanded ((Consumer Protection and Competition Policy, planningcommission.nic.in/plans/planrel/fiveyr/…/11v1_ch11.pdf, downloaded on July 4,2012)).
National Commission opened new doors in Bhupesh Khurana and others V Vishwa Budha Parishad and others ((2001 (2) CPJ 72))that imparting education falls within the ambit of service as defined under CPA. It was held that fees are paid for services to be rendered by way of imparting education by educational institutions.
5. Private practice by the lawyers – One of the most efficient methods to resolve these problems is the activities of private practice by the lawyers. Electronic commerce activity is growing at a rapid rate and on a daily basis specialist commercial lawyers are writing contracts which define the legal relationships between communicating parties. As these contracts are negotiated, the lawyers involved draw on their experience of equivalent terms in other contracts with which they have been involved, and eventually a consensus begins to emerge as to the appropriate relationships and their incidents. From these contracts, the custom and practice of electronic commerce merchants is starting to develop ((Chris Reed, Internet Law, Universal Law Publishing CO 309 (2 d Ed.).)). Given the magnitude of challenges and the continually changing technology and the complexity of these investigations, these are necessarily resource intensive programmes.
6. Auripay’s Technology- It allows consumers to shop online without fear of fraud, by allowing them to make purchases without giving out information about their credit card or their checking accounting to the online vendor. Their core technology is to use an Auripay number, which is formatted like a credit card number and which can be deactivated after a single use. An unauthorized person who obtains one of these numbers will not be able to use it because Auripay will deny authorization. Basically, it retains all the advantages of credit card payments and also provides the same security ((V.D. Dudeja, Cyber Crime And Law Enforcement, Commonwealth Publishers 179 (1st Ed 2003).)).
There is a wide agreement among security experts that with the aid of basic security measures such as password authentication, firewalls and data encryption, the risks of computer instructions can be effectively mitigated without excessive costs. Above all, computer related wrongs is not committed by technology but by people and it is reasonable to accept that increased attention to the basic controls could reduce the incidence of computer abuse. High end technology offers fool-proof solutions which are able to ensure the safety of information systems. PIN numbers are to be replaced by biometrics authentication and identification devices ((Id. at 26)).
CONLUSION AND SUGGESTIONS
India is currently in the midst of an e-commerce revolution. The e-commerce trends are in perfect accordance with the sweeping changes in the global market. This has created new opportunities for the benefit of development. But still there is a widespread concern on the inconveniences that have been caused due to its advent. Most of them need to be looked upon immediately.
Due to the rapid development of technology than the legal mechanism, there is a kind of electronic lag between the users and the people with malafide intentions resulting in insecurity and uncertainty. To cope up with the technological advancement we have to take the help of technology as Charles Clark’s renowned remark, the answer to the machine is in the machine ((Supra note 15))is perfectly suited in the modern situation. Indeed, the perfect reply to the technological abuses is the application of technological innovation. The existing consumer laws of India are unable to protect e-consumers right properly so the consumers have to be more cautious and careful about the use of e-market for e-shopping. Therefore the consumers need to be more vigilant and aware when they buy online.
Suggestions that can be added in the present legal frameworks concerning safety of e-consumers:
1. Compulsory course modules for school and college children and Police personals specifically educating them about cyber security
2. All the business firms dealing with consumers’ private data should have more stringent and secured data system and should keep a regular check on their officers
3. The Government should prescribe a security level which every company should strictly adhere to. In the case of non-compliance , the license to deal with e-consumers should be cancelled
4. There is need to deal effectively with deceptive practices, including misleading advertisements. Besides, there would be a gap in legislation to be caused by the proposed winding up of the Monopolies and Restrictive Trade Practice Commission (MRTPC) with respect to unfair trade practices. The gap can be filled in by establishing a National Consumer Protection Authority through enactment of a National Consumer Protection Authority Act ((Supra note 22)).
Moreover, International co-operation and consensus is required in addressing the issues related to electronic commerce and consumer protection. For the achievement of a more tenable electronic trading system, alertness about their rights by the consumers and widespread support of the business community is an essential requirement in terms of voluntary compliance, greater openness and timely and valuable input.