0
0
Author: Abhishek Guru, a LL.M. (Cyber Law & Cyber Security) at Amity University
Abstract
Telecommunications in India has been developing with an impressive rate and along with this development; the rate of telecom related crime has also increased at a frightening rate. The article provides a technological legal discussion on the aspects of changes in the telecommunication crimes in India, in the form of the interactions between the high rate of technological change and the sufficiency of the laws that exist to regulate the same. The article traces the most important types of telecom crime in India, nowadays, phishing and SIM cloning are in the list along with call spoofing, illegal interception and misuse of Over-The-Top (OTT) communication platforms. It scrutinizes, on the basis of the
Telecommunication Act, 2023, the Information Technology Act, 2000 and other related laws, whether the legal actions of India have been keeping pace with the criminal innovative tempo or not, and there are gaps in enforcement, jurisdiction, and redress of victims. The article also discusses the efforts that the Department of Telecommunications (DoT), the Telecom Regulatory Authority of India (TRAI), and law enforcement agencies are making to address these crimes, and evaluates the effectiveness of such projects as the Sanchar Saathi portal and the Digital Intelligence Platform (DIP). Similar regulatory models in other jurisdictions are consulted to provide some insight. The article finds that the legal framework that India has established to fight telecom crime must be more responsive and more multi-agencies and must also be founded on good consumer consciousness – otherwise it will be unable to keep abreast with a threat landscape that is never standing still.
Keywords: Telecommunication Crimes, Cyber Fraud, Telecom Act 2023, IT Act, SIM Cloning, TRAI, Techno-Legal Framework, Digital Intelligence Platform
Introduction
The telecom case in India is phenomenal by all standards. Owning a telephone was a luxury and not long ago the preserve of the few, a luxury and not a necessity. The number of wireless connections traversing the country today is more than 1.2 billion and they include cities, towns as well as the remote villages. This digital revolution has created opportunities to millions: It has democratized access to information, opened up financial accessibility, and integrated communities with a common band of life in the modern times. However, it has also opened new vulnerabilities, just like all important technological advances, and criminals have taken advantage of them
Telecommunication crimes are in a special position in the criminal world. These crimes are also cross- border, swift in nature and highly technical unlike traditional crimes that leave a physical trail, and which occur within known boundaries. They require investigative capabilities and legal instruments that most systems were not designed to have. The dilemma of tough yet easy to understand answers is how to construct answers that discourage the advanced offenders and give an answer that is easy to understand and implement by ordinary citizens falling victims to the situation.
The exposure to these crimes is especially acute in India. An early and fast-digitising population, mass uptake of smartphones, the rocketing development of digital payments, and uneven degrees of digital literacy have all combined to provide telecom crime with a favourable environment. The data provided by the National Crime Records Bureau demonstrates that the number of cybercrime incidents has been rising steadily and worryingly over the years with telecom offenses comprising an important proportion. However, the actual size of the problem is almost definitely greater due to the official statistics which often under-report the real number of victims due to their shame, lack of knowledge or plain doubt of nothing being done.
This paper proposes that understanding of telecommunication crimes cannot be done by mere technical check list or statutory catalogue. It requires one to appreciate the dynamic nature of technology, law and human behaviour. The legal structure can not be interpreted alone, it can only be understood within a wider system that encompasses the law enforcing ability, judiciary, corporate responsibility and awareness of the people. It is only through seeing the big picture that we can come up with meaningful reforms.
Historical Background & Evolution
Telecom crime in India has a rich history following the history of the industry. Even in the post- independent years, telecommunications were strictly regulated by the state and criminal misuse was restricted to comparatively insignificant offenses such as billing system frauds, unauthorised telephone line usage, and so on. These were crimes that the traditional criminal law could deal with without significant challenges.
Everything was transformed following the economic reforms in 1991. When the industry was opened up to the private players, the number of subscribers started increasing at a very high rate. The mobile telephony came in 1990s and enhanced that growth further, and in a span of 10 years, India could be considered as one of the largest telecom markets in the world. This growth was accompanied by new crime opportunities. The SMS frauds also became widespread, and the unsuspecting users received spam emails and SMSs with fake offers of lottery wins, jobs, and quick credit.
It was the 2000s, when the telecommunications and the internet came together, making the distinctions between various types of communication more vague, and creating new types of crime altogether. During this period voice phishing, identity theft as a result of intercepted communications and multi- channel distribution of illegal content all originated. The revolution of smartphones that began in 2010 shifted the game once more the gadgets were now personal data lockers and portals to financial services and were impossible to resist..
The Digital India initiative, though revolutionary intent, also provided criminals with additional attack surfaces. Also, the new vulnerabilities were caused by government pushes towards cashless, Aadhaar- authenticated and online services. During the period of 2016 to 2020 telecom fraud outbreak, as criminals changed their approaches to target the peculiarities of the Indian digital infrastructure development.
Telecommunication Crimes in India
Any serious effort to deal with telecom crime has to start by having a proper understanding of its numerous variants. The following categories are not watertight, i.e. they are bleed over categories, but they provide an effective way to analyze them.
1. Fraud and Financial Offence
The most prevalent and the most economically harmful genre of telecom crime consists of financial fraud. The scope of the schemes is enormous, including both the simple lottery fraud cases and the well-planned banking fraud cases. The use of communication channels, or phone calls, texts, emails, messaging apps, etc., to trick victims into handing over money or sensitive personal information is what binds them together.
Special mention should be made with respect to SIM swap fraud. Criminals procure duplicate SIM cards carrying the number of a victim- in most cases through bribing employees in the retail stores who are in collusion with them or via fraudulent identity documents. Having access to the SIM, they will be able to intercept one-time passwords, empty bank accounts without the victim even suspecting that something has gone wrong. When most of the victims actually realize the fraud, the damage is already done when their phones suddenly lose network connectivity.
The emergence of UPI and other digital payment platforms has given this threat a new twist. Sophisticated social engineering methods are now created to fool the user into approving fraud or divulging their PINs. Such fake calls by bank officials, tax officers and law enforcement officials have become a more than worrisome, and more than effective, aspect of phone calls.
2. Identity-Related Crimes
The theft and abuse of identity over the telecom channels has increased in tandem with the increased presence of the Indian life online. Fraud in Aadhaar is an issue that worries especially considering the fact that this unique identification number has taken centre stage in the provision of government services, banking, and telecoms. There are various plans criminals have come up with in order to extract Aadhaar records including fake enrolment camps and phishing attacks that are designed in such a way that they appear to be official messages by the UIDAI.
The cloning of device identifiers such as IMEI numbers also creates another layer to this problem. Criminals can use the manipulation of IMEI codes to clone the identities of legitimate devices to enable stolen phones to continue using the device despite being blacklisted by the carriers. The fact that this practice has been continuing despite attempts by the regulation to compel the use of the IMEI registration is an indication of how hard it is to establish a complex and sprawling infrastructure.
3. Content-Related Offenses
The distribution of illegal content has been done through telecom networks long enough. Messaging platform end-to-end encryption, although a truly important concept to the privacy protection, has also posed a major challenge on the investigative efforts of law enforcement to intercept and prosecute the distribution of child sexual abuse content, hate speech, and violence incitement. The privacy or the public safety in this space has not been decided made out completely.
Unsolicited commercial communication, also known as spam, is not so bad but much more ubiquitous. Indian customers are still subjected to unwanted messages especially those by the operators who are not covered by the regulatory framework of the Commercial Communications Customer Preference Regulations, though the TRAI has implemented this regulation. It is not just an individual inconvenience on the economic front: network overloading and lost man hours are real costs.
Then misinformation – and maybe the most socially corrosive of the content-related offenses. A number of cases of mob violence in India have been linked to fake news that has been propagated via messaging apps, which demonstrates the implications of malicious digital disinformation on the real world. The question of how to reconcile the freedom of expression and the avoidance of harmful content is one of the most controversial issues in Indian telecom policy.
4. Network Disruption & Infrastructure Attacks
Even the infrastructure has not been spared. Although big-scale attacks on critical national network resources are not that widespread in India, the possibility exists and has been recognized in the national systems of cybersecurity. More commonly, attacks on individual elements in a network have been carried out, or vulnerabilities in signalling protocols have been taken advantage of to commit fraud or avoid detection.
One of the gravest of such threats is unauthorised interception of communications. Even though legal means of interception are now limited by law, a black market in surveillance technology has now developed – and there are reputable claims that such abilities have been exploited not just by security agencies but by individuals, the identity of whom is at best dubious. The sufficiency of control mechanisms in this field is worth giving a serious rethink.
The Legal Framework
The Indian response to telecom crime is a patch work of legislations put together on a case by case basis as new threats arise. It is important that we examine both the general criminal law provisions that may be applied and the particular statutes and regulations that directly pertain to telecom offenses in order to comprehend it.
1. The Information Technology Act, 2000
The major tool of legislation to fight cybercrime in India is the IT Act, and it has a number of provisions that are directly applicable to telecom crimes. The Act was enacted in 2000 and amended greatly in 2008 because the legislature is conscious of the fact that the technological environment it is attempting to regulate continues to move with the times. The section 66, which deals with computer- related crimes, has been construed to extend into different types of telecom fraud and unauthorised entry to communications network.
Amendments of 2008 proposed new powerful instruments. The still-communicable sending of offensive message was criminalised in section 66A, a move that appeared at the time to be decisive, but it in fact came up against constitutional challenges. This was overturned by a Supreme Court case in the Shreya Singhal case where the criminal restrictions placed on speech were deemed to be narrow and very specific. The impact of such a decision in defining the possibilities and impossibility of the regulation of online communication has been far-reaching.
Section 69, which gives the powers to the authorities to request interception, monitoring and decryption of the communications to be broad has been not less controversial. Critics claim that there is no sufficient protection against abuse of these powers. The still unresolved conflict between the needs of law enforcement and the privacy right continues to be the main topic of the discussion regarding the extent to which these measures should be applied.
2. The Indian Penal Code and Criminal Procedure Code
In addition to the Indian Penal Code provisions, general provisions of the Indian Penal Code were pressed into service to combat telecom offences in addition to the IT Act. Cheating, criminal intimidation, forgery, trespass, all have been referred to in cases of telecom fraud and unauthorised access. The Criminal Procedure Code has offered the procedural framework such as the provisions of electronic evidence and search and seizure of digital evidence.
The benefits of this strategy are as follows: by introducing highly established principles of law to telecom crimes, strong procedural safeguards will not be removed. Yet, it comes at a price as well, as the costs of general provisions were not tailored to the needs of technologically advanced crimes, and the outcome may be unreliable charges and lack of evidence that complicates prosecution more than it should be.
The Bharatiya Nagarik Suraksha Sanhita, 2023, which replaced the Criminal Procedure Code and introduces new provisions for electronic evidence and cybercrime investigation. At this point, it is too soon to evaluate the effects of these changes in practice, but at least they are an indication that the legislative sphere has realized that now digital evidence is the cornerstone of the criminal process.
3. The Telecommunication Act, 2023
Replacing the Indian Telegraph Act, 1885 and Indian Wireless Telegraphy Act, 1933, the Telecommunication Act, 2023 is a unified and modernised act that is the most important law regulating telecommunication in India. Some of its provisions are directly applicable to the crime situation:
Section 4 — Authorisation Requirement
Prohibition Requirement No telecommunication network shall be established, operated, maintained or expanded, or telecommunication services be provided by any individual without the federal permission of the Central Government. This is because violations are the basis on which illegal telecom infrastructure is prosecuted.
Section 20 — Interception and Monitoring
Extends and modernises the authority of the Government to make temporary seizure of telecom networks and intercept communications in the name of national security or the maintenance of order. Procedural safeguards presuppose the approval of procedures by the ministers and the control of the independent review committees.
Section 24 — Protection of Users
Provides a legal framework protecting the user against unsolicited commercial communication, fraudulent calls, and harm carried out by telecommunication providers – the Central Government is given the power to prescribe the use of mandatory security measures by service providers
4. The Bharatiya Nyaya Sanhita, 2023 (BNS)
The substitute to the Indian Penal Code, 1860, the BNS, preserves and increases the number of provisions concerning telecom crime:
Section 318 — Cheating
Reflects the former Section 420 IPC. Anybody found cheating and thus deceiving the cheated to deliver any property shall be sentenced to imprisonment of up to 7 years and fine. The provision has been widely utilized in UPI fraud, call-centre frauds and vishing.
Section 319 — Cheating by Personation
Punishes fraudulent impersonation – the rule directly applies to any criminals who impersonate bank officers or law enforcement officers via spoofed calls. Fine and imprisonment to 5 years.
Section 308 — Extortion
Used in cases where telecom networks are exploited against victims to provide property or valuable security. Applicable in the sextortion and cyber-blackmail, which are held via OTT platforms. Penalized with the imprisonment of 3-10 years based on the character of the threat.
5. TRAI Regulatory Framework
In addition to statue, TRAI regulative instruments compose a significant component of the legal structure:
Telecom Commercial Communications Customer Preference Regulations, 2018 (TCCCPR)
Elaborates the Distributed Ledger Technology (DLT) system of registering all commercial communicators, scrubbing messages against the list of Do Not Disturb (DND), and tracing spam messages to their origin. Failure by telemarketers to comply will invite fines and being blacklisted against the sending entity.
Unified Licence Conditions (2013, as amended)
Imposition of binding liability on licensed telecom operators to provide anti-fraud measures, report security incidents to CERT-In, provide lawful interception capabilities, and support government agencies in investigation. Non compliances may lead to suspension or revocation of the licenses.
Major Case Laws
The courts have been pivotal in the practical operation of the telecom crime laws in India, not only in establishing the state power, but also in establishing strict constitutional boundaries to the power of the state.
1. Free Speech and the Limits of Criminal Regulation Shreya Singhal v. Union of India, (2015) 5 SCC 1
Section 66A of the IT Act, which made it a criminal offense to send communication services
messages that were offensive or threatening, was unanimously declared invalid by the Supreme Court. According to the Court, the provision was unconstitutionally vague, the terms of the provision were not sufficiently precise to constitute criminality, namely, grossly offensive, menacing, and causing annoyance. The ruling has continued to form the basis of precedence regarding the extent to which criminal regulation of online and telecom communication can be done. It has also affirmed that Sections 69A and 79 of IT Act (content blocking and intermediary safe harbour) are constitutional.
The real implication of Shreya Singhal is that prosecution on the grounds of harmful online communication can no longer be based on a more imprecisely formulated provision, whether under the BNS, the remaining provisions of the IT Act, or certain telecom provisions. One of the constitutional vices that the courts cannot ignore is vagueness.
2. Privacy, Surveillance, and Interception
People’s Union for Civil Liberties v. Union of India, (1997) 1 SCC 301
The Supreme Court decided that telephone tapping was a grave infringement of the right to privacy – a rights which was implicit in Article 21 prior to its recognition as fundamental. The Court laid down procedural protection under Section 5(2) of the Indian Telegraph Act, requiring that interception orders be issued only by the designated senior officers and be subject to review. This ruling established the standard of legal interception that was subsequently accommodated by law, especially in Section 69 of the IT Act, and the Telecom Act 2023 in Section 20.
Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1
The decision by a 9-judge constitution bench was unanimous in its judgment that the right to privacy was one of the fundamental right under Articles 14, 19 and 21 of the Constitution. The decision has a direct bearing on telecom crime law: state authority to intercept, monitor or surveil communications must meet the test of legality (based on law), necessity (furthering a legitimate purpose) and proportionality (least restrictive means). It has since been applied to question general interception orders and the act of warrantless access to data by the law enforcement agencies.
3. Fraud, Conspiracy, and Organised Telecom Crime
Sonu @ Amar v. State of Haryana, (2017) SCC Online P&H 3944
The Punjab & Haryana High Court regarded the application of criminal conspiracy section (Section 120B IPC (now 61BNS) to SIM card fraud networks where involvement in the procurement of fraudulently acquired SIM cards (although not the actual fraud itself) constituted sufficient involvement to be liable to conspiracy. The case was an indication that the judiciary was ready to ensure the use of the conspiracy doctrine to cover the distributed criminal telecom networks.
Modus Operandi Call Centre Fraud — Enforcement Directorate Operations (2018–2022)
Through a series of Enforcement Directorate inquiries and the consequent criminal prosecution before the Delhi and Mumbai Sessions Courts, the call centre business operations of large scale fraud of foreign nationals under the guise of implied IRS and technical support scams were unearhed. Courts upheld that money transfers flowed by such fraud are cash proceeds of crime under the Prevention of Money laundering Act, 2002 (PMLA) and that wire transfers using hawala channel in connection to such fraud incur charges relating to money laundering regardless of the underlying telecom fraud.
4. Misinformation and Mob Violence
Amish Devgan v. Union of India, (2021) 1 SCC 1
The Supreme Court dealt with hate speech broadcast and transmitted via the telecom and broadcast mediums and declared that the constitutional guarantee under Article 19(1)(a) will not protect any speech that incite violence or propagate hatred between communities. The Court underlined that reasonable restrictions in Article 19(2) need to be defined with precision – and that prior restraint of telecom-distributed contents needs to be highly justified. The ruling has been applied in other cases that came up later involving misinformation on messaging-app.
Suo Motu Writ Petition (C) No. 1 of 2020 — COVID-19 Misinformation
Suo motu considering the pandemic, the Supreme Court blocked the circulation of unverified information over electronic and telecom channels potentially resulting in panic in governments and individual personalities, and at the same time decided that the legitimate journalism and reporting of public interest could not be censored under the guise of fighting misinformation. The order served as an efficient illustration of a constitutional boundary between harmful disinformation on the one hand and a safeguarded speech on the other, which regulatory bodies and service providers have to work with.
5. Banking Fraud and Liability Allocation
Shashidhar v. ICICI Bank Ltd., Consumer Disputes Redressal Commission, (2019)
The National Consumer Disputes Redressal Commission took the view that banks cannot avoid the liability in cases of SIM swap fraud by merely claiming that the trial of the customer occurred using authentic OTP credentials. In cases where the authentication system of the bank was successfully breached due to a flaw in the telecom infrastructure, the bank is also liable to loss. The case was a significant milestone in consumer protection of victims of SIM-swap-enabled banking fraud.
RBI Master Direction on Customer Protection (2017, as updated 2023)
Although not a judicial ruling, the binding direction of the Reserve Bank of India on unauthorised electronic banking transactions has been considered by the courts and consumer commissions as an indication of the standard of care. In case a customer notifies a bank about an un Authorised transaction within three working days, the bank is liable to the maximum. In cases where the breach can be traced to the negligence of the bank (e.g. not being aware of SIM swap defrauding), the liability of the customer value is none in spite of the time taken to report the issue.
Challenges in Enforcement
On paper a legal system may seem strong, but on the ground it may be a failure. This tension is very acute in the case of the telecom crime enforcement in India.
1. Technical and Investigative Capacity
The telecom crime investigation demands specialization and technical instruments that are plainly unavailable in most of the law enforcement agencies. Modern networks are superior to intricate; many applications use high-quality encryption; and volumes of data in any significant investigation may be overwhelming. The actual development is introduction of cybercrime cells and Indian Cyber Crime Coordination Centre (I4C) but the potential of these agencies is far less than what is needed in the problem. There has also been an issue of service providers as regards data retention. The Rules that are in effect under the IT Act requires that certain forms of data ought to be stored, though this has not been done equally, and the reality that many services are likely to route traffic through servers outside of India is also designed to complicate investigations of attempting to develop a case even more.
2. Jurisdictional Complexities
The simplest of the difficulties is the fact that most of the telecom crimes are transnational. A criminal who is established in one country and victimizes people in India, through infrastructure which is distributed in many other countries is a legal riddle that cannot be easily answered by an existing legal structure. The mutual legal assistance treaties with various countries have many flaws, which are that the Indian authorities cannot gather foreign evidence and believe the criminals to justice. The cross border frauds, particularly through the application of the facility in Nepal, Cambodia and Myanmar have attracted a lot of attention in the past two years. Majority of these activities involve the participation of Indian nationals who work in duress abroad and it has consequently been a diplomatic, and equally a law enforcing, matter. Past international partnership with the concerned countries has failed.
3. Reporting Gaps and Victim Awareness
The discrepancy in the actual versus reported telecom crimes is quite broad. Victims who are old and rural may not know that they have been defrauded and where to go. Those who report the crime can also keep it to themselves, as they are threatened by embarrassment, particularly in dealings that bet on monetary profits or cases of sexual harassment. Chakshu portal and such like systems of government that have introduced reporting are commendable steps, despite the fact that there is very little awareness on the same. Most crimes remain off the books, as is the overwhelming fear of stigma, and the general view that it is a meaningless step to be the first to report it.
Conclusion
Indian telecommunication crimes do not have a quick and simple solution to the problem. The technology will continue to evolve, the criminals will continue to evolve and any legal system that fails to keep with the times will soon be remembered as a relic before the ink dries. What this article has attempted to demonstrate is that India has developed actual and fairly complete legal architecture- but the architecture is being challenged by the difficulties of implementation day in day out and by the pace of threats flying its way.
The best answers to telecom crime should be not only techno-legal, in the best sense of that term: it has to be based on real technical knowledge, and bolstered by a sound legal opinion. Problems based on human behaviour, institutional design and policy decisions cannot be solved by technical solutions. Similarly, reforms in the law that lack competence to implement them are more symbolic. Finally, the success of India in ensuring the security of its citizens against telecom crime will determine whether the government, industry, and citizens will collaborate in a long- term and organized manner. The law system is the cornerstone; the effectiveness of execution, the strength of the institutions, and the intensity of popular security awareness will determine the extent to which that cornerstone will be effective. The rewards are great–not less than the reliability and safety of the online future of India–and they are worth the long-term and serious investment.
Referances
- The transformation of India’s telecommunications sector is documented extensively in government publications and academic studies. See generally, TRAI, The Indian Telecom Services Performance Indicators (2023), which details the growth of wireless connections to over 1.16 billion as of March 2023.
- The relationship between digital adoption and cybercrime vulnerability is explored in the Norton Cyber Safety Insights Report (2023), which found that India had among the highest rates of cybercrime victimization globally. Early telecommunications offenses in India are discussed in R.K. Singh, Cyber Law in India (2005), which provides historical context for the development of cybercrime legislation.
- The convergence of telecommunications and internet services and its implications for crime are analyzed in Pavan Duggal, Mobile Law (2012). Aadhaar-related fraud concerns have been documented in multiple reports by the Unique Identification Authority of India and the Comptroller and Auditor General of India.
- The Information Technology Act, 2000, as amended, remains the primary legislation governing cybercrime. For judicial interpretation, see Shreya Singhal v. Union of India, (2013) 15 SCC 1.
- The application of general criminal law provisions to telecommunications offenses is discussed in K.N. Chaturvedi, Cyber Law and Cyber Crimes (2016).
