Voyeurism

The arrest of famous store room owner at Ghaziabad for allegedly planting secret camera to
make clippings of the female customer while using the trial room has shown adverse impact
upon our concept of privacy. The peeping cameras are becoming technologically advanced,
tiny and easily available at cheaper prices. They can be planted secretly with ease and its
pervasive application has contributed to the growing fascination for younger generation
obsession with voyeurism. The Ghaziabad incident is not an unprecedented act and various
newspapers have reported similar incidents of surreptitiously concealed peeping toms prying
into locker rooms, changing rooms of malls, swimming pools in prurient attempts to film
unsuspecting victims while in various state of undress. The said newspaper reports are
alarming being a very invasive and intimidating crime which also poses a fundamental
challenge to individual privacy.

What is Video Voyeurism?

A new phenomenon of video voyeurism also known as “cyber peeping” has emerged in
recent times where images of private area of subject mostly females are captured without her
knowledge and then transmitted widely without her consent thus violating privacy rights.
Video Voyeurism is the act of secretly or discreetly photographing certain parts of the body
mostly unclothed without the person’s consent. Video voyeurism typically refers to “up-skirt”
or “down-blouse” images taken of women without their consent. We have seen the rise in the
cases of video voyeurism, where the victims have been clicked without ever knowing that
they have been clicked revealing their private parts. The phenomenal growth of the internet
and its user, mostly of the younger age has given rise to this “up-skirt and down-blouse
photography” which one can view easily at host of video voyeurism websites. The voyeurs
who are psychopath to satisfy their lust see surreptitious video surveillance as a form of high-
tech hunting and take pride in showcasing their talent in various video voyeurism Web sites
which has mushroomed at the World Wide Web and mostly go free taking shelter under the
current gap in the law. The Acts of video voyeurism are not only an invasion of a person’s
privacy, but are also a serious threat to the liberties of a free society as we know and also
against our high moral & cultural values or ethos. These criminal activities undermine the
most basic levels of privacy to which every citizen is entitled.

1
Do we have law to deal with menace of Video Voyeurism?

Realizing the ever growing menace of the Video Voyeurism, the USA, passed federal
legislation known as the Video Voyeurism Prevention Act of 2004, which prohibits
knowingly capturing an image of private area of an individual by video tape, photograph,
film, or any means or broadcast without that individual’s consent and under circumstances in
which the individual has a reasonable expectation of privacy. (See relevant Section 1801 of
Video Voyeurism Prevention Act of 2004) Thus the said law, make it a crime to secretly
record or distribute images of people in places where they have a reasonable expectation of
privacy, such as bathrooms, dressing rooms, locker rooms, hotel rooms and mall etc. The law
defines a “private area” as the naked or undergarment clad genitals, pubic area, buttocks, or
female breast of an individual. The law however makes an exception and does not apply to
people engaged in lawful law enforcement or intelligence activities.

In India also, we have seen increasing incidents of video voyeurism due to advance
technology that has made today’s hidden cameras tiny, sleek and adapted for WiFi
connections to make transfer of the captured film or movie clip to the web easier and faster.
Internet is a product of US Technology, so issues relating to Internet are heavily flavoured by
US Constitutional and Legal doctrines. The legislature was aware of this problem and there
was no stringent law to specifically deal with the menace of video voyeurism which was
rampant due to modern technology. The amendment proposed to the IT Act, inserted a new
Section 66E which specifically addresses video voyeurism which is inspired by the Video
Voyeurism Prevention Act of 2004 of US. The wordings of proposed Section 66E which
makes this sort of “cyber peeping” a felony is as under:

“66E Punishment for violation of privacy”

Whoever, intentionally or knowingly captures, publishes or transmits the image of a private

area of any person without his or her consent, under circumstances violating the privacy of
that person, shall be punished with imprisonment which may extend to three years or with
fine not exceeding two lakh rupees, or with both

Explanation.- For the purposes of this section–

2
(a) “transmit” means to electronically send a visual image with the intent that it be viewed
by a person or persons;

(b) “capture”, with respect to an image, means to videotape, photograph, film or record by
any means;

(c) “private area” means the naked or undergarment clad genitals, pubic area, buttocks or
female breast;

(d) “publishes” means reproduction in the printed or electronic form and making it available
for public;

(e) “under circumstances violating privacy” means circumstances in which a person can
have a reasonable expectation that–

(i) he or she could disrobe in privacy, without being concerned that an image of his private
area was being captured; or

(ii) any part of his or her private area would not be visible to the public, regardless of
whether that person is in a public or private place.

Why the Ghaziabad Police have invoked the Indian Penal Code and not the aforesaid
provision of IT Amendment Act?

In the reported cases of similar nature the police have invoked Section 294 IPC (obscene
acts) and Section 509 IPC (insult to modesty of Women) both of which are bailable as per the
1st Schedule to the Code of Criminal Procedure, 1973. The 1 st Schedule to the Cr.P.C.
categorizes the offences as Cognizable/non cognizable or Bailable/non-bailable. The IT
Amendment Act has yet not been notified by the Government and therefore, the offender
cannot be booked under newly inserted Section 66E of the IT Amendment, in view of the
clear mandate of Article20 (1) of the Constitution of India which says that, “No person shall
be convicted of any offence except for violation of the law in force at the time of the
commission of the act charged as an offence….”. However, it would be pertinent to mention
here that aforesaid Section 66E is bailable offence as per the scheme of the yet to be notified
Act and if it would have been invoked had the amendment act been notified, would not have

3
much difference for it would not have any deterrent effect on the offender as he can walk out
freely, the offence being bailable.

Nevertheless, the police should have invoked the provisions of Section 67 IT Act, 2000
(which deals with publication or transmission of obscene information in electronic form)
which is stringent penal provision of the IT Act, 2000 as the same is cognizable and non-
bailable offence and attracts imprisonment of upto five years and fine upto one lakh rupees in
case of first conviction. However, it has been seen that the police in similar cases including
the present one have not resorted to Section 67 IT Act, 2000 for the reasons best known to
them only. The provisions of Section 67 IT Act, 2000 is clearly attracted as there has been
publication or transmission of clippings of female client in various state of undress and same
has been transmitted, generated or received stored in electronic/computer equipment which is
magnetic, optical or similar device. Thus, the offence is complete in view of Section 67 IT
Act read with Section 2 (r) IT Act(defines “Electronic Form”). The provision of Section 67
IT Act, 2000 and Section 2 (r) IT Act is reproduced below:

“67. Publishing of information which is obscene in electronic form.

Whoever publishes or transmits or causes to be published in the electronic form, any

material which is lascivious or appeals to the prurient interest or if its effect is such as to
tend to deprave and corrupt persons who are likely, having regard to all relevant
circumstances, to read, see or hear the matter contained or embodied in it, shall be punished
on first conviction with imprisonment of either description for a term which may extend to
five years and with fine which may extend to one lakh rupees and in the event of a second or
subsequent conviction with imprisonment of either description for a term which may extend
to ten years and also with fine which may extend to two lakh rupees.”

“Section 2 (r) “electronic form” with reference to information means any information
generated, sent, received or stored in media, magnetic, optical, computer memory, micro
film, computer generated micro fiche or similar device.”

Thus, not invoking the provisions of Section 67 IT Act, 2000 which has a deterrent effect on
the offenders as well as which would deter the prospective offenders to commit the crime, in
a way amounts to shielding the criminal from the criminal process of law and would

4
encourage them to commit the crime with impunity without any fear of law as they know that
they can walk out freely, in view of bailable sections slapped on them by the police.

Identity Theft or Identity Fraud

NEERAJ AARORA, AICWA, LLB, PGD (Cyber Law), ACFE (USA)
A major growing problem world over due to IT revolution is identity theft which has been referred
to as the crime of the new millennium. Identity theft is the stealing and use of someone personal
information used primarily for financial or monetary gain. Unlike your fingerprints, which are
unique to you and cannot be taken by someone else for their use, your personal data like your
bank account or credit card number, passwords, login Ids and other valuable identifying data can
of course be used, if they fall into the hands of fraudster which can be used to make money at
your expense & liability. On the internet, fraudulent transactions are the most prevalent crime
committed by fraudster with the stolen identity like take over of the credit card account, use of
stolen identity to create a new credit account, execution of fraudulent online share transactions
etc. Sometimes, however, it may not be made for financial gain but as an act of vindictiveness or
revenge or obscenity. A classic example of this may be this. Suppose you have an account with
Rediff and also posted your profile with your photos and very personal details. Now one day you
are informed by your friend that while surfing ORKUT he found your profile with your name &
personal details with a lot of pornographic content with obscene language. Thus, the thief has
committed the theft of your profile with photos & personal details and by using the stolen profile
created an obscene profile posing as you.
In the internet age, the data are maintained online. Government and private institutions store
sensitive information in their data bases which is very valuable to them. This data is very
vulnerable too. The data is not only valuable to those who should have it but also to the criminals
who always look to get a chance to steal the data, so that it can be used for committing fraud
themselves or can be sold to others for committing the fraud. This is identity theft.

Definition
Although there is no universally accepted definition, however, some definitions of
Identity theft is given below:-
Identity theft and identity fraud are terms used to refer to all types of crime in which someone
wrongfully obtains and uses another person’s personal data in some way that involves fraud or
deception, typically for economic gain .
Identity Theft is a crime in which an impostor obtains key pieces of personal identifying
information (PII) such as Social Security numbers and driver’s license numbers and uses them for
their own personal gain. This is called ID Theft. It can start with lost or stolen wallets, pilfered
mail, a data breach, computer virus, phishing, a scam, or paper documents thrown out by you or a
business (dumpster diving). This crime varies widely, and can include check fraud, credit card
fraud, financial identity theft, criminal identity theft, governmental identity theft, and identity
fraud.

5
Stages of Identity Theft
There are three stages of identity theft. Any identity theft case may include one or all of these
stages:
Acquisition of the identity: It involves the acquisition of the identity through theft, hacking,
redirecting or intercepting mail or by purchasing identifying information on the internet.
Υ se of the identity: After the acquisition of the identity, the fraudster may use the identity
to commit another crime resulting in financial gain to him like misuse of the credit card
information to make online purchase, opening new accounts, sell the identities to others
who commit fraud. Sometime the stolen information may be used to harass the victim, like
posting of pornography or obscene material by fraudster posing himself as the victim.
Discovery of the theft: Many cases of misuse of credit cards are discovered quickly, however
in some cases the victim of an identity theft may not even know how or when their identity
was stolen and theft may take 6 months to several years to come to the notice of the
victim. Study reveals that the longer it takes to discover the theft, the greater the loss
incurred by the victim.

What Are The Common Ways To Commit Identity Theft Crime

The various ways prevalent to commit the identity theft crime which makes use of internet or the
virtual world and other which does not, known as traditional methods. Some of the ways to
commit the identity theft crime which is not exhaustive are as follows:
Theft: There may be a theft of your wallet or bag containing bank credit cards, passport other
identifying documents containing your vital personal information.
Hacking, unauthorized access to systems, and database theft : The fraudsters frequently
compromise systems, diverting information directly or indirectly with the help of gadgets on the
network. Hackers gain access to a huge base of confidential data, decrypt it and misuse the same
elsewhere for financial gain or commit fraud.
Phishing: Phishing is the most prevalent method to steal the personal identifying information. The
fraudster sends a fraudulent email with a link to a fake website that is exact replica of the original
bank sites which are so designed to fool the users so that they reveal their personal information.
Vishing: It is the act of calling a victim on the phone by the fraudster posing as the bank
representative in an attempt to scam victim users into disclosing personal information.
Pharming: It is a technique used by fraudster to by setting up a phony web server and
intercepting user names and PIN numbers.
Nigerian 419 Scam: This is the most prevalent method still conning many persons around the
globe wherein the fraudster sends the email to target persons in guise of some rich family member
of a dead African Millionaire who is in distress due to political turbulence in his country. The
fraudster seeks your help to get the large some of money in your account with a commission of
huge money to you for your services of offering your account to receive the money. This scam is
called as “Nigerian 419 fraud” (for the relevant section of the Nigerian Criminal Code). There
is another category of Nigerian fraud of similar nature where the victim receives unsolicited email
declaring that he has won the lottery after his email being selected from thousand of other emails.
These scams qualify as identity crimes because they involve collecting personal and bank

6
information from unsuspecting Internet users who are gullible enough to respond to these
solicitations.
Theft by past & present employees: Perpetrators can also obtain personal information by
bribing employees who have access to personal records, data bases or confidential information.
Skimming: Skimming can occur when a criminal attaches a small skimmer gadget to an ATM
which records the magnetic stripe details of the ATM card and the camera films the personal
identification number filed by the user.
Shoulder Surfing: The fraudster can also obtain your personal data without breaking into your
homes. In public places, some people loiter around ATM & Telephone Booths who watch your enter
your secret PIN Number or simply looking over your shoulder on a public telephone or just by
eavesdropping if you are giving your credit card information over the phone.
Dumpster Diving: It is a method perpetrators use by going through a victims garbage, dustbins
or trash bins. They obtain copies of cheques, credit card statements, bank statements, receipts,
and carbons and search for anything bearing your name, address, telephone number, and credit
card number.

Identity Theft In India

Identity theft has become an epidemic in US, while in India the cases of identity theft are relatively
low given the less number of online transactions and use of internet. While in India there is no
reliable statistics available on the extent of identity theft, however it would be safe to assume a
rapid escalation in identity theft cases with increase in the number of online banking and
ecommerce transactions like online share transactions and owing to the fact that the customers
are not technically adept with virtual world.
Online fraudulent share & commodity transactions
Now a day the shares are sold and purchased online. There has been spurt in the cases in which
the complainant report that there online share/commodity account has been compromised and
fraudulent transactions has been executed by unknown fraudster which resulted in huge loss to
him. In the online transaction, the client is allotted an online account with client id & password
through which he executes the sale & purchase transactions through the server based in the
broker office. The fraudster who are generally software experts or the executives (core dealers) at
the broker office try to acquire the client id & password from the broker office itself, hit & trial
methods or social engineering. After acquiring the client Id & password, the fraudster makes
unauthorized access to the client account and also accesses their own account in which the profits
are to be transferred from the victim client account. The fraudster executes the transactions into
the client accounts at unrealistic prices and match these transactions into their own account
simultaneously. In this way, he shifts the profit to his own account and losses to the account of the
unsuspecting clients.
Bank Phishing scams
Phishing is the Internet’s biggest identity theft scam and is widely prevalent in India. In some
recent cases of phishing (offence which involves identity theft) reported in India, the MO was same
i.e. a fake target Bank Web site was created and the bank customers received an e-mail message
asking them to renew certain services claiming that failure to do so would result in the suspension

7
or deletion of their accounts. The e-mail provided a link to a phishing site, in an illegal attempt to
collect personal and account information
Nigerian 419 Scam or Advance Fee Fraud:
There has been number of cases reported where the perpetrators of the fraud send mail to the
victim e-mail id, requesting the help of the victim for retrieving blocked funds and offer a healthy
percentage of these funds as commission. The victim believing the fraudster in lure of receiving
huge funds pass on his credit card information, bank account details to fraudster.
Defamation or posting of porn or obscene material on social networking sites
There has been also spurt of cases in which the victim have reported that their profile and
personal information has been stolen and a fake & vulgar profile in his or her name containing
pornography & obscene material along with the victims contact details like phone numbers &
address has been posted on the social networking site like ORKUT.

The Legal Angle

Though in India Identity Theft has still not been made a standalone crime unlike USA which passed
the Identity Theft and Assumption Deterrence Act of 1998 (ID Theft Act for short) which codified in
USA for the first time the definition of identity theft which made identity theft a standalone crime.
Though the present IT Act 2000 does not have any specific provision to deal with identity theft the
Expert Committee on Amendments to the IT Act 2000 (whose report is presently under
consideration by the government for adoption) has recommended amending the Indian Penal Code
(IPC) by inserting in it two new sections:
Section 417A which punish cheating by using any unique identification feature of any other person
with up to three years imprisonment and a fine; and Section 419A which punish cheating by
impersonating using a network or computer resource with up to five years imprisonment and a
fine.
Sections 417A and 419A comprehensively cover identity theft and their incorporation into the IPC
would place India amongst few countries to have specific provisions to counter the menace of
identity theft.
However, the offence of identity theft is committed by a series of act which attracts many penal
provisions of present IPC & IT Act, 2000 which are as follows.
Section 419 IPC: When the fraudster by stolen identifying information impersonates the victim to
commit fraud or cheating.
Section 420 IPC: When the fraudster deceive people into disclosing valuable personal data in the
nature of identifiable information which is used later to swindle money from
victim account.
Section 468 IPC: When the fraudster commits forgery of website which is in the nature of
electronic record to lure the victims to pass their identifiable information in order
to cheat them.
Section 471 IPC: When fraudster fraudulently or dishonestly uses as genuine, the aforesaid fake
website in the nature of electronic record .
Section 66 IT Act: When the fraudster by the stolen identifying information say login id &
password, deletes or alter the information or data in the account of the victim
in the server which is a computer resource.

8
Section 67 IT Act: When the fraudster uses the stolen information like profile, personal details &
contact details of the victim to create & post obscene profile in the name of the
victim on the social networking site.

What is SMS Spoofing?

SMS spoofing is a relatively new technology which uses the short message service (SMS),
available on most mobile phones and personal digital assistants, to set who the message appears
to come from by replacing the originating mobile number (Sender ID) with alphanumeric text.
Spoofing has both legitimate uses (setting the company name from which the message is being
sent, setting your own mobile number, or a product name) and illegitimate uses (such as
impersonating another person, company, product).

How SMS Spoofing Works for Cyber Criminals

SMS Spoofing occurs when a fraudster manipulates address information in order to impersonate a
user that has roamed onto a foreign network and is submitting messages to the home network.
Frequently, these messages are addressed to destinations outside the home network – with the
home SMSC essentially being “hijacked” to send messages into other networks.

The impact of this fraud is threefold:

1. The home network can incur termination charges caused by the delivery of these messages to
interconnect partners. This is a quantifiable revenue leakage.

2. These messages can be of concern to interconnect partners. Their customers may complain
about being spammed, or the content of the messages may be politically sensitive. Interconnect
partners may threaten to cut off the home network unless a remedy is implemented. Home
subscribers will be unable to send messages into these networks.

3. While fraudsters normally used spoofed-identities to send messages, there is a risk that these
identities may match those of real home subscribers. The risk therefore emerges, that genuine
subscribers may be billed for roaming messages they did not send. If this situation occurs, the
integrity of the home operator’s billing process may be compromised, with potentially huge
impact on the brand. This is a major churn risk.

An SMS Spoofing attack is often first detected by an increase in the number of SMS errors
encountered during a bill-run. These errors are caused by the spoofed subscriber identities.
Operators can respond by blocking different source addresses in their Gateway-MSCs, but
fraudsters can change addresses easily to by-pass these measures. If fraudsters move to using
source addresses at a major interconnect partner, it may become unfeasible to block these
addresses, due to the potential impact on normal interconnect services.